Skip to main content

Help with a routing problem?

More
18 years 1 month ago #17210 by Mattj
hey people, pulling my hair out over what stupid thing ive done wrong here, just cant seem to solve it.

I have a linux box with 3 NIC'S, each on a different subnet.

eth0) Internet on 10.0.8.0/255.255.248.0

eth1.1) LAN1 on 192.168.1.0/255.255.255.0

eth1.2) LAN2 on 192.168.2.0/255.255.255.0

The box's ip for eth1.1 is 192.168.1.2 and for eth2.2 192.168.2.2

eth0 is natted (IPtables Masq) for the other two to gain internet access, which works, however, when i want to ping a client on the eth1.2 network from the eth1.1 network, i can do from the routeing box itself, but not from clients on that network.

IE, ping 192.168.2.53 from 192.168.1.2(router)
[code:1]
root@bofh:/home/matt# ping 192.168.2.53

PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.

64 bytes from 192.168.2.53: icmp_seq=1 ttl=128 time=0.352 ms

64 bytes from 192.168.2.53: icmp_seq=2 ttl=128 time=0.316 ms

64 bytes from 192.168.2.53: icmp_seq=3 ttl=128 time=0.318 ms

64 bytes from 192.168.2.53: icmp_seq=4 ttl=128 time=0.308 ms
[/code:1]

However, ping 192.168.2.53 from 192.168.1.40(client)
[code:1]
matt@matt-desktop:~$ ping 192.168.2.53
PING 192.168.2.53 (192.168.2.53) 56(84) bytes of data.[/code:1]
Thats it :(

dosnt work the other way either (ping 192.168.1.40 from 192.168.2.53)

My routeing tables are as follows:

Router:[code:1]
root@bofh:/home/matt# ip route list
192.168.2.0/24 dev eth1.2 proto kernel scope link src 192.168.2.2

192.168.1.0/24 dev eth1.3 proto kernel scope link src 192.168.1.2

10.0.8.0/21 dev eth0 proto kernel scope link src 10.0.9.165

default via 10.0.8.1 dev eth0
[/code:1]

Client 192.168.1.40:
[code:1]
matt@matt-desktop:~$ ip route list
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.40
default via 192.168.1.2 dev eth1
[/code:1]
What silly little thing have i overlooked?

BTW, iptables rules are not blocking anything:
[code:1]
root@bofh:/home/matt# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination



Chain FORWARD (policy ACCEPT)

target prot opt source destination



Chain OUTPUT (policy ACCEPT)

target prot opt source destination
[/code:1]
And on the client:[code:1]
matt@matt-desktop:~$ sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code:1]


(will harden it up when i get it working :P)

Also, dont worry about the funny eth names, im useing VLANS, which works as i can sucessfully ping from the router itself :)

Cheers to anyone who can shine some light on this :)

-Matt
Time to create page: 0.131 seconds