- Posts: 1
- Thank you received: 0
Help with a routing problem?
18 years 1 month ago #17210
by Mattj
Help with a routing problem? was created by Mattj
hey people, pulling my hair out over what stupid thing ive done wrong here, just cant seem to solve it.
I have a linux box with 3 NIC'S, each on a different subnet.
eth0) Internet on 10.0.8.0/255.255.248.0
eth1.1) LAN1 on 192.168.1.0/255.255.255.0
eth1.2) LAN2 on 192.168.2.0/255.255.255.0
The box's ip for eth1.1 is 192.168.1.2 and for eth2.2 192.168.2.2
eth0 is natted (IPtables Masq) for the other two to gain internet access, which works, however, when i want to ping a client on the eth1.2 network from the eth1.1 network, i can do from the routeing box itself, but not from clients on that network.
IE, ping 192.168.2.53 from 192.168.1.2(router)
[code:1]
root@bofh:/home/matt# ping 192.168.2.53
PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.
64 bytes from 192.168.2.53: icmp_seq=1 ttl=128 time=0.352 ms
64 bytes from 192.168.2.53: icmp_seq=2 ttl=128 time=0.316 ms
64 bytes from 192.168.2.53: icmp_seq=3 ttl=128 time=0.318 ms
64 bytes from 192.168.2.53: icmp_seq=4 ttl=128 time=0.308 ms
[/code:1]
However, ping 192.168.2.53 from 192.168.1.40(client)
[code:1]
matt@matt-desktop:~$ ping 192.168.2.53
PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.[/code:1]
Thats it
dosnt work the other way either (ping 192.168.1.40 from 192.168.2.53)
My routeing tables are as follows:
Router:[code:1]
root@bofh:/home/matt# ip route list
192.168.2.0/24 dev eth1.2 proto kernel scope link src 192.168.2.2
192.168.1.0/24 dev eth1.3 proto kernel scope link src 192.168.1.2
10.0.8.0/21 dev eth0 proto kernel scope link src 10.0.9.165
default via 10.0.8.1 dev eth0
[/code:1]
Client 192.168.1.40:
[code:1]
matt@matt-desktop:~$ ip route list
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.40
default via 192.168.1.2 dev eth1
[/code:1]
What silly little thing have i overlooked?
BTW, iptables rules are not blocking anything:
[code:1]
root@bofh:/home/matt# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code:1]
And on the client:[code:1]
matt@matt-desktop:~$ sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code:1]
(will harden it up when i get it working )
Also, dont worry about the funny eth names, im useing VLANS, which works as i can sucessfully ping from the router itself
Cheers to anyone who can shine some light on this
-Matt
I have a linux box with 3 NIC'S, each on a different subnet.
eth0) Internet on 10.0.8.0/255.255.248.0
eth1.1) LAN1 on 192.168.1.0/255.255.255.0
eth1.2) LAN2 on 192.168.2.0/255.255.255.0
The box's ip for eth1.1 is 192.168.1.2 and for eth2.2 192.168.2.2
eth0 is natted (IPtables Masq) for the other two to gain internet access, which works, however, when i want to ping a client on the eth1.2 network from the eth1.1 network, i can do from the routeing box itself, but not from clients on that network.
IE, ping 192.168.2.53 from 192.168.1.2(router)
[code:1]
root@bofh:/home/matt# ping 192.168.2.53
PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.
64 bytes from 192.168.2.53: icmp_seq=1 ttl=128 time=0.352 ms
64 bytes from 192.168.2.53: icmp_seq=2 ttl=128 time=0.316 ms
64 bytes from 192.168.2.53: icmp_seq=3 ttl=128 time=0.318 ms
64 bytes from 192.168.2.53: icmp_seq=4 ttl=128 time=0.308 ms
[/code:1]
However, ping 192.168.2.53 from 192.168.1.40(client)
[code:1]
matt@matt-desktop:~$ ping 192.168.2.53
PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.[/code:1]
Thats it
dosnt work the other way either (ping 192.168.1.40 from 192.168.2.53)
My routeing tables are as follows:
Router:[code:1]
root@bofh:/home/matt# ip route list
192.168.2.0/24 dev eth1.2 proto kernel scope link src 192.168.2.2
192.168.1.0/24 dev eth1.3 proto kernel scope link src 192.168.1.2
10.0.8.0/21 dev eth0 proto kernel scope link src 10.0.9.165
default via 10.0.8.1 dev eth0
[/code:1]
Client 192.168.1.40:
[code:1]
matt@matt-desktop:~$ ip route list
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.40
default via 192.168.1.2 dev eth1
[/code:1]
What silly little thing have i overlooked?
BTW, iptables rules are not blocking anything:
[code:1]
root@bofh:/home/matt# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code:1]
And on the client:[code:1]
matt@matt-desktop:~$ sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code:1]
(will harden it up when i get it working )
Also, dont worry about the funny eth names, im useing VLANS, which works as i can sucessfully ping from the router itself
Cheers to anyone who can shine some light on this
-Matt
Time to create page: 0.131 seconds