Seriously confused about linux routing - Networking

This is a discussion on Seriously confused about linux routing - Networking ; Ok, so, what I'm trying to do is to route between to 10.0.0.0/16 subnets. There are two computers, connected via VPN, that are involved with the routing. Server 1: IP Address 10.10.0.1 and 192.168.1.1 Server 2: IP Address 10.15.0.2 and ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Seriously confused about linux routing

  1. Seriously confused about linux routing

    Ok, so, what I'm trying to do is to route between to 10.0.0.0/16
    subnets.

    There are two computers, connected via VPN, that are involved with the
    routing.

    Server 1: IP Address 10.10.0.1 and 192.168.1.1
    Server 2: IP Address 10.15.0.2 and 192.168.1.2

    The VPN is connecting the computers via the 192. addresses. I'm
    trying to route traffic originating at 10.10.0.0/16 and direct it to
    the 10.15.0.0/16 subnet and vise versa, also, beyond that, I'm trying
    to route all internet-bound traffic on 10.10.0.0/16 out through the
    10.15.0.0/16 network.

    I have enabled ip_forward on both servers ( echo 1 > /proc/sys/net/
    ipv4/ip_forward and editted /etc/sysctl.conf for future reboots, etc.)


    So far, for the routing tables, on Server 1:

    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    0 eth1
    10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    eth0
    10.15.0.0 192.168.1.2 255.255.0.0 UG 0 0 0
    eth1
    0.0.0.0 192.168.1.2 0.0.0.0 UG 0
    0 0 eth0

    On Server 2:

    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    0 eth1
    10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    eth0
    10.10.0.0 192.168.1.1 255.255.0.0 UG 0 0 0
    eth1
    0.0.0.0 10.15.0.1 0.0.0.0 UG 0 0
    0 eth0

    It appears that these two servers can communicate, and even access
    computers on the other subnets, however, I'm having problems with the
    internet connection from 10.10.0.0/16 routing out through the
    10.15.0.0/16 (10.15.0.1 gateway specifically).

    How can I get this to work?

    Thanks


  2. Re: Seriously confused about linux routing

    melement@gmail.com wrote:
    >Ok, so, what I'm trying to do is to route between to 10.0.0.0/16
    >subnets.
    >
    >There are two computers, connected via VPN, that are involved with the
    >routing.
    >
    >Server 1: IP Address 10.10.0.1 and 192.168.1.1
    >Server 2: IP Address 10.15.0.2 and 192.168.1.2
    >
    >The VPN is connecting the computers via the 192. addresses. I'm
    >trying to route traffic originating at 10.10.0.0/16 and direct it to
    >the 10.15.0.0/16 subnet and vise versa, also, beyond that, I'm trying
    >to route all internet-bound traffic on 10.10.0.0/16 out through the
    >10.15.0.0/16 network.
    >
    >I have enabled ip_forward on both servers ( echo 1 > /proc/sys/net/
    >ipv4/ip_forward and editted /etc/sysctl.conf for future reboots, etc.)
    >
    >So far, for the routing tables, on Server 1:
    >
    >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    >0 eth1
    >10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    >eth0
    >10.15.0.0 192.168.1.2 255.255.0.0 UG 0 0 0
    >eth1
    >0.0.0.0 192.168.1.2 0.0.0.0 UG 0
    >0 0 eth0
    >
    >On Server 2:
    >
    >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    >0 eth1
    >10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    >eth0
    >10.10.0.0 192.168.1.1 255.255.0.0 UG 0 0 0
    >eth1
    >0.0.0.0 10.15.0.1 0.0.0.0 UG 0 0
    >0 eth0
    >
    >It appears that these two servers can communicate, and even access
    >computers on the other subnets, however, I'm having problems with the
    >internet connection from 10.10.0.0/16 routing out through the
    >10.15.0.0/16 (10.15.0.1 gateway specifically).
    >
    >How can I get this to work?


    On Server 1, the default route is now,

    0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth0

    So all Internet traffic is going to be sent to host
    192.168.1.2, but it will be sent on the eth0
    interface... and there is no such IP address on that
    subnet. The 192.168.1.2 host is connected via the eth1
    interface.

    Just change the default route, which should be

    0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth1

    --
    Floyd L. Davidson
    Ukpeagvik (Barrow, Alaska) floyd@apaflo.com

  3. Re: Seriously confused about linux routing

    On Jul 27, 10:51 pm, fl...@apaflo.com (Floyd L. Davidson) wrote:
    > melem...@gmail.com wrote:
    > >Ok, so, what I'm trying to do is to route between to 10.0.0.0/16
    > >subnets.

    >
    > >There are two computers, connected via VPN, that are involved with the
    > >routing.

    >
    > >Server 1: IP Address 10.10.0.1 and 192.168.1.1
    > >Server 2: IP Address 10.15.0.2 and 192.168.1.2

    >
    > >The VPN is connecting the computers via the 192. addresses. I'm
    > >trying to route traffic originating at 10.10.0.0/16 and direct it to
    > >the 10.15.0.0/16 subnet and vise versa, also, beyond that, I'm trying
    > >to route all internet-bound traffic on 10.10.0.0/16 out through the
    > >10.15.0.0/16 network.

    >
    > >I have enabled ip_forward on both servers ( echo 1 > /proc/sys/net/
    > >ipv4/ip_forward and editted /etc/sysctl.conf for future reboots, etc.)

    >
    > >So far, for the routing tables, on Server 1:

    >
    > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    > >0 eth1
    > >10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    > >eth0
    > >10.15.0.0 192.168.1.2 255.255.0.0 UG 0 0 0
    > >eth1
    > >0.0.0.0 192.168.1.2 0.0.0.0 UG 0
    > >0 0 eth0

    >
    > >On Server 2:

    >
    > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    > >0 eth1
    > >10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    > >eth0
    > >10.10.0.0 192.168.1.1 255.255.0.0 UG 0 0 0
    > >eth1
    > >0.0.0.0 10.15.0.1 0.0.0.0 UG 0 0
    > >0 eth0

    >
    > >It appears that these two servers can communicate, and even access
    > >computers on the other subnets, however, I'm having problems with the
    > >internet connection from 10.10.0.0/16 routing out through the
    > >10.15.0.0/16 (10.15.0.1 gateway specifically).

    >
    > >How can I get this to work?

    >
    > On Server 1, the default route is now,
    >
    > 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth0
    >
    > So all Internet traffic is going to be sent to host
    > 192.168.1.2, but it will be sent on the eth0
    > interface... and there is no such IP address on that
    > subnet. The 192.168.1.2 host is connected via the eth1
    > interface.
    >
    > Just change the default route, which should be
    >
    > 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth1
    >
    > --
    > Floyd L. Davidson
    > Ukpeagvik (Barrow, Alaska) fl...@apaflo.com



    Thanks Floyd, that worked perfectly.

    Now I'm trying to configure iptables to allow me to use these machines
    as routers.

    Using the same machine setup as I had above (eth0:10.0.0.0 addresses
    eth1: 192.168.0.0 addresses) I'm trying to configure NAT properly on
    the the machines.

    This is what I have tried, and I know I'm getting close, but I'm just
    not quite there with the iptables rules.

    On the 10.15.0.2 machine:

    iptables -t nat -P OUTPUT ACCEPT
    iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.2 --to
    10.15.0.2

    On the 10.10.0.1 machine:

    iptables -t nat -P OUTPUT ACCEPT
    iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.1 --to
    10.10.0.1

    Some generally "funkiness" goes on, that I'm haven't quite been able
    to solve. While I'm on the 10.15.0.2 machine, I will try to ping
    192.168.1.1 but I was unable to.

    What am I doing wrong with my iptables rules now?

    Thanks


  4. Re: Seriously confused about linux routing

    On Jul 30, 1:39 pm, melem...@gmail.com wrote:
    > On Jul 27, 10:51 pm, fl...@apaflo.com (Floyd L. Davidson) wrote:
    >
    >
    >
    > > melem...@gmail.com wrote:
    > > >Ok, so, what I'm trying to do is to route between to 10.0.0.0/16
    > > >subnets.

    >
    > > >There are two computers, connected via VPN, that are involved with the
    > > >routing.

    >
    > > >Server 1: IP Address 10.10.0.1 and 192.168.1.1
    > > >Server 2: IP Address 10.15.0.2 and 192.168.1.2

    >
    > > >The VPN is connecting the computers via the 192. addresses. I'm
    > > >trying to route traffic originating at 10.10.0.0/16 and direct it to
    > > >the 10.15.0.0/16 subnet and vise versa, also, beyond that, I'm trying
    > > >to route all internet-bound traffic on 10.10.0.0/16 out through the
    > > >10.15.0.0/16 network.

    >
    > > >I have enabled ip_forward on both servers ( echo 1 > /proc/sys/net/
    > > >ipv4/ip_forward and editted /etc/sysctl.conf for future reboots, etc.)

    >
    > > >So far, for the routing tables, on Server 1:

    >
    > > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    > > >0 eth1
    > > >10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    > > >eth0
    > > >10.15.0.0 192.168.1.2 255.255.0.0 UG 0 0 0
    > > >eth1
    > > >0.0.0.0 192.168.1.2 0.0.0.0 UG 0
    > > >0 0 eth0

    >
    > > >On Server 2:

    >
    > > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
    > > >0 eth1
    > > >10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0
    > > >eth0
    > > >10.10.0.0 192.168.1.1 255.255.0.0 UG 0 0 0
    > > >eth1
    > > >0.0.0.0 10.15.0.1 0.0.0.0 UG 0 0
    > > >0 eth0

    >
    > > >It appears that these two servers can communicate, and even access
    > > >computers on the other subnets, however, I'm having problems with the
    > > >internet connection from 10.10.0.0/16 routing out through the
    > > >10.15.0.0/16 (10.15.0.1 gateway specifically).

    >
    > > >How can I get this to work?

    >
    > > On Server 1, the default route is now,

    >
    > > 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth0

    >
    > > So all Internet traffic is going to be sent to host
    > > 192.168.1.2, but it will be sent on the eth0
    > > interface... and there is no such IP address on that
    > > subnet. The 192.168.1.2 host is connected via the eth1
    > > interface.

    >
    > > Just change the default route, which should be

    >
    > > 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth1

    >
    > > --
    > > Floyd L. Davidson
    > > Ukpeagvik (Barrow, Alaska) fl...@apaflo.com

    >
    > Thanks Floyd, that worked perfectly.
    >
    > Now I'm trying to configure iptables to allow me to use these machines
    > as routers.
    >
    > Using the same machine setup as I had above (eth0:10.0.0.0 addresses
    > eth1: 192.168.0.0 addresses) I'm trying to configure NAT properly on
    > the the machines.
    >
    > This is what I have tried, and I know I'm getting close, but I'm just
    > not quite there with the iptables rules.
    >
    > On the 10.15.0.2 machine:
    >
    > iptables -t nat -P OUTPUT ACCEPT
    > iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.2 --to
    > 10.15.0.2
    >
    > On the 10.10.0.1 machine:
    >
    > iptables -t nat -P OUTPUT ACCEPT
    > iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.1 --to
    > 10.10.0.1
    >
    > Some generally "funkiness" goes on, that I'm haven't quite been able
    > to solve. While I'm on the 10.15.0.2 machine, I will try to ping
    > 192.168.1.1 but I was unable to.
    >
    > What am I doing wrong with my iptables rules now?
    >
    > Thanks


    So, looking at a tcpdump, while on the 10.15.0.2 machine, with the
    iptable rules active, I can see the packets leaving a machine,
    10.15.0.10 (set to route all packets through 10.15.0.2) I see the
    packets heading towards their destination of 10.10.0.12, but I don't
    see any packets being returned.


  5. Re: Seriously confused about linux routing

    melement@gmail.com writes:

    > iptables -t nat -P OUTPUT ACCEPT
    > iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.2 --to
    > 10.15.0.2
    >
    > On the 10.10.0.1 machine:
    >
    > iptables -t nat -P OUTPUT ACCEPT
    > iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.1 --to
    > 10.10.0.1
    >
    > Some generally "funkiness" goes on, that I'm haven't quite been able
    > to solve. While I'm on the 10.15.0.2 machine, I will try to ping
    > 192.168.1.1 but I was unable to.
    >
    > What am I doing wrong with my iptables rules now?


    The lines with "-P OUTPUT ACCEPT" shouldn't have "-t nat" in them.

    Scott
    --
    Scott Hemphill hemphill@alumni.caltech.edu
    "This isn't flying. This is falling, with style." -- Buzz Lightyear

+ Reply to Thread