Routing again... - Networking

This is a discussion on Routing again... - Networking ; Hello, I was wondering whether anyone could see where I'm going wrong with my setup. I have the following 172.23.224.0/22 |---------------------------------| 192.168.20.0/22 ------------> | Linux box with 2 nics |------------------> | eth0=192.168.23.123/22 | | eth1=172.23.225.1/22 | ---------------------------------- All I want ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Routing again...

  1. Routing again...

    Hello,
    I was wondering whether anyone could see where I'm going wrong with my
    setup.
    I have the following

    172.23.224.0/22 |---------------------------------|
    192.168.20.0/22
    ------------> | Linux box with 2 nics
    |------------------>
    | eth0=192.168.23.123/22
    |
    | eth1=172.23.225.1/22 |
    ----------------------------------
    All I want to do is contact and connect to my 192 subnet from my 172
    subnet.

    I have checked forwarding with =
    cat /proc/sys/net/ipv4/ip_forward
    1

    The route command outputs like this =
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref
    Use Iface
    172.23.224.0 * 255.255.252.0 U 0 0
    0 eth1
    192.168.20.0 * 255.255.252.0 U 0 0
    0 eth0
    default 192.168.20.1 0.0.0.0 UG 0 0
    0 eth0


    I have a (windows) laptop with the following IP status =
    ip=172.23.225.5 netmask=255.255.252.0 gw=172.23.225.1
    ( I went back after a bank-holiday weekend and now the laptop needs a
    gw of 192.168.20.1 to ping both NICS on the Linux - confusing or
    what?)

    I have a cmd window open (on laptop) and I'm trying to ping ANY
    machine on the 192.168.20.0/22 subnet - all I can ping is eth0 and
    eth1 on the 'Nix box -
    so forwarding/routing is KIND of working, but I'm not sure where to
    go
    from here - I've checked /var/log/messages but no real feedback.

    I then try the following command to ping anything on the 192 subnet =
    route add -net 192.168.20.0 netmask 255.255.252.0 dev eth1
    No difference.....just slow at refreshing 'route' command

    I tried the following commands to ping anything on the 192 subnet =
    route add -net 172.23.224.0 netmask 255.255.252.0 gw 192.168.23.123
    dev eth0
    route add -net 192.168.20.0 netmask 255.255.252.0 gw 172.23.225.1 dev
    eth1
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    iptables -A INPUT -i eth1 -j ACCEPT
    iptables -A OUTPUT -o eth0 -j ACCEPT

    and the output was=

    The route command outputs like this =
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref
    Use Iface
    172.23.224.0 172.23.225.1 255.255.252.0 UG 0 0
    0 eth1
    172.23.224.0 * 255.255.252.0 U 0
    0 0 eth1
    192.168.20.0 192.168.23.123 255.255.252.0 UG 0 0
    0 eth0
    192.168.20.0 * 255.255.252.0 U 0
    0 0 eth0
    default 192.168.20.1 0.0.0.0 UG 0
    0 0 eth0


    The iptables -v -L command outputs this =
    Chain INPUT (policy ACCEPT 24264 packets, 4068K bytes)
    <-----------------somethings going on......
    pkts bytes target prot opt in out source
    destination
    31676 4423K ACCEPT all -- eth1 any anywhere
    anywhere

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source
    destination
    0 0 ACCEPT all -- eth1 eth0 anywhere
    anywhere

    Chain OUTPUT (policy ACCEPT 8738 packets, 524K bytes)
    <-----------------somethings going on......
    pkts bytes target prot opt in out source
    destination
    11 700 ACCEPT all -- any eth0 anywhere
    anywhere

    I get the same results - no difference.

    All I want to do is contact and connect to my 192 subnet from my 172
    subnet - all the 'googling' I've done seems to point to a 'dead easy,
    hands tied behind its back' type, but not here...unless I'm
    misunderstanding routing?
    I've looked at the man pages and here is a list of links I have also
    been to.....

    http://yolinux.com/TUTORIALS/LinuxTu...rkGateway.html
    http://enterprise.linux.com/article....132252&tid=129
    http://www.etoyoc.com/linux/iptables-lockdown.html
    http://hnsg.net/tutorials/routing_firewall.html
    http://www.techworld.com/opsys/featu...?featureid=352
    http://www.debian.org/doc/manuals/se...dge-fw.en.html
    http://www.faqs.org/docs/linux_netwo...s.routing.html
    plus others......

    I am pulling my hair out over this...
    - BTW I am a school (UK) network administrator (windoz) with limited
    time to get involved with Linux, but I feel it has a lot to offer as a
    supplement to the Education departments
    insistence on using Microsoft everywhere and I suppose it is down to
    us administrators to learn, in our own time, all the benefits of Linux
    and integrate it with MS, but it is difficult.
    I have had limited success with basic things like Samba, Apache, FTP
    etc. but this routing has got me puzzled.
    ..

    - could anyone help please?


  2. Re: Routing again...

    Kernel IP routing table
    Destination Gateway Genmask Flags
    Metric Ref
    Use Iface
    172.23.224.0 172.23.225.1 255.255.252.0 UG 0 0
    0 eth1
    172.23.224.0 * 255.255.252.0 U
    0
    0 0 eth1
    192.168.20.0 192.168.23.123 255.255.252.0 UG 0 0
    0 eth0
    192.168.20.0 * 255.255.252.0 U
    0
    0 0 eth0
    default 192.168.20.1 0.0.0.0 UG 0
    0 0 eth0


    The routing table above can be set up with the following commands.

    route add -net 172.23.224.0 netmask 255.255.252.0 gw 172.23.225.1 dev
    eth1
    route add -net 192.168.20.0 netmask 255.255.252.0 gw 192.168.23.123
    dev eth0

    zaher el siddik
    http://elsiddik.googlepages.com/


  3. Re: Routing again...

    On 9 May, 10:41, elsiddik wrote:
    > Kernel IP routing table
    > Destination Gateway Genmask Flags
    > Metric Ref
    > Use Iface
    > 172.23.224.0 172.23.225.1 255.255.252.0 UG 0 0
    > 0 eth1
    > 172.23.224.0 * 255.255.252.0 U
    > 0
    > 0 0 eth1
    > 192.168.20.0 192.168.23.123 255.255.252.0 UG 0 0
    > 0 eth0
    > 192.168.20.0 * 255.255.252.0 U
    > 0
    > 0 0 eth0
    > default 192.168.20.1 0.0.0.0 UG 0
    > 0 0 eth0
    >
    > The routing table above can be set up with the following commands.
    >
    > route add -net 172.23.224.0 netmask 255.255.252.0 gw 172.23.225.1 dev
    > eth1
    > route add -net 192.168.20.0 netmask 255.255.252.0 gw 192.168.23.123
    > dev eth0
    >
    > zaher el siddikhttp://elsiddik.googlepages.com/


    Hello Elsiddik,
    Thank you for replying - I followed everything to the letter and got
    the same output from 'route' as you mentioned above, but it still does
    not do it. There is no difference to my pings. I've had a couple of
    bad days here at the school, hopefully I will have a little more time
    today (Friday) to investigate further. Would there be any tell-tail
    messages in a log somewhere I could check out?
    For the record I'm running Mandrake 10.1 - kernel 2.6.8.1 - iptables
    1.2.9.7 2 - PCI NICS (rtl8139 + Dlink 530 type)
    Thanks again...


  4. Re: Routing again...

    mike wrote:
    > Hello,
    > I was wondering whether anyone could see where I'm going wrong with my
    > setup.
    > I have the following
    >
    > 172.23.224.0/22 |---------------------------------|
    > 192.168.20.0/22
    > ------------> | Linux box with 2 nics
    > |------------------>
    > | eth0=192.168.23.123/22
    > |
    > | eth1=172.23.225.1/22 |
    > ----------------------------------
    > All I want to do is contact and connect to my 192 subnet from my 172
    > subnet.
    >
    > I have checked forwarding with =
    > cat /proc/sys/net/ipv4/ip_forward
    > 1
    >
    > The route command outputs like this =
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref
    > Use Iface
    > 172.23.224.0 * 255.255.252.0 U 0 0
    > 0 eth1
    > 192.168.20.0 * 255.255.252.0 U 0 0
    > 0 eth0
    > default 192.168.20.1 0.0.0.0 UG 0 0
    > 0 eth0
    >
    >
    > I have a (windows) laptop with the following IP status =
    > ip=172.23.225.5 netmask=255.255.252.0 gw=172.23.225.1
    > ( I went back after a bank-holiday weekend and now the laptop needs a
    > gw of 192.168.20.1 to ping both NICS on the Linux - confusing or
    > what?)


    Your comment about the laptop seems strange. If the gw is on
    192.168.20.0/22, how does it manage to get traffic to it? I suspect
    that if you can answer this question you find a solution.

    I also suspect that your problem is some simple routing glitch that
    you've overlooked.

    Your Linux router shows a gateway of 192.168.20.1. What is that? You
    say the Linux router has IP addr 192.168.23.123/22. Does 192.168.20.1
    see the network the same way (i.e. /22, not /24)? I don't think this is
    the cause of this problem, but if it's not right it will bite you sooner
    or later.

    Your Linux box doesn't need any iptables stuff (if you have any, nuke
    it). It should be able to forward just fine.

    Your laptop has an IP of 172.23.225.5/22. How does it know where to
    send traffic for 192.168.20/22? If 172.23.225.1 is the default gateway,
    then that's sufficient.

    What about machines on 192.168.20/22? Do they have static routing
    entries for 172.23.224.0/22? If not, how do they know to send return
    traffic to 192.168.23.123 and not to 192.168.20.1. (If 192.168.20.1 has
    an entry for 172.23.224.0/22, that will also work.) If you can't add
    routing entries to machines on 192.168.20.0, then you will need to turn
    on IP masquerading on your Linux router for anything on 172.23.224.0.

    To debug this, I'd suggest setting up two windows on the Linux router.
    In one window (as root of course) run "tcpdump -n -i eth0" and in the
    other window run "tcpdump -n -i eth1". You could also run two instances
    of ethereal/wireshark doing the same two captures. Ping something on
    the 192.168.20 network from your laptop and watch what happens. The
    laptop may ARP for the router (172.23.225.1), and then should send the
    ping to it. The router may ARP for the destination (make it something
    other than 192.168.23.123 of course) and should then forward the ping.
    The destination probably will ARP for 192.168.23.123 and should send the
    reply back, etc. If one of these things doesn't happen then you need to
    figure out why. Pay particular attention to the destination MAC address
    on the ping reply. If you want to be sure of catching the ARPs, go have
    a coffee before you start testing so the ARP caches will time out.

+ Reply to Thread