Hi Graham, Wow, I had to create a diagram to follow this...
1) I assume you have DHCP on the net4801 "107" network disabled and the pbx "107" network enabled. I think your problem, PC on net4801 "207" network -> pbx 192.168.107.250, the pbx's route back to 192.168.207.x is out through the external interface not back via pbx's eth1. So, you need to add a route on your pbx box to route the 192.168.207.x via the eth1 network. On your pbx box, try this: $ ip route add 192.168.207.0/24 via 192.168.107.249 dev eth1 Give that a try, and if it works, I'll help you make it persistent if you need help. Hint: /mnt/kd/rc.elocal Lonnie On Jun 23, 2012, at 7:33 AM, Graham S. Jarvis wrote: > Hello (Lonnie) > > I'm coming back to this one after a while ...... > > I have installed a new AstLinux 1.0.3 as a Voip-only network and it's own DSL > gateway: > PC with 2 Ethernet cards > EXTIF/eth0 EXTIP: 192.168.1.1 <--> 192.168.1.254 (DSL modem-analogue) for > VoIP > in/out > INTIF/eth1 INTIP: 192.168.107.250 <--> switch A (for phones) > > and I want to use the old pbx for PC/Server internet only connections (i.e. > no > VoIP traffic). > Net4801 (3 Ethernet) AstLinux 0.7.9 Asterisk 1.4.42 > EXTIF/eth0 EXTIP:192.168.1.1 <--> 192.168.1.254 (DSL modem-ISDN) for > "Internet" > INTIF/eth1 INT1IP: 192.168.107.249 <--> switch A > INT2IF/eth2 INT2IP: 192.168.207.249 <--> switch B (for PC's and other servers) > > The problem I have is two-fold: > I have WiFi access points on the "207" network that I use for WiFi phones > that > register to the new pbx on the "107" network. > I'd like to be able to do admin on the new pbx ("107" network) from my Ubuntu > PC > on the "207" network. > > As it stands, from my PC, I can connect to the Net4801 (I'm on the same > switch) > using any of it's IP Addresses: > 192.168.1.1 > 192.168.107.249 > 192.168.207.249 > but I can't connect to anything else on the "107" network. > _And neither can the WiFi 'phones_. > > I only need "207" -> "107" routing that should keep the "207" network a bit > safer. > > > So, here's some more detailed info: > > 4801_GW ~ # ifconfig > eth0 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CC > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:14637 errors:0 dropped:0 overruns:0 frame:0 > TX packets:12222 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:12978730 (12.3 MiB) TX bytes:1697265 (1.6 MiB) > Interrupt:10 Base address:0x8000 > > eth1 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CD > inet addr:192.168.107.249 Bcast:192.168.107.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:175 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:10500 (10.2 KiB) TX bytes:624 (624.0 B) > Interrupt:10 Base address:0xa000 > > eth2 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CE > inet addr:192.168.207.249 Bcast:192.168.207.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:15731 errors:0 dropped:0 overruns:0 frame:0 > TX packets:15033 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:1997007 (1.9 MiB) TX bytes:13096915 (12.4 MiB) > Interrupt:10 Base address:0x2000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:270 errors:0 dropped:0 overruns:0 frame:0 > TX packets:270 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:30851 (30.1 KiB) TX bytes:30851 (30.1 KiB) > > > 4801_GW ~ # route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 > 192.168.207.0 * 255.255.255.0 U 0 0 0 eth2 > 192.168.107.0 * 255.255.255.0 U 0 0 0 eth1 > 224.0.0.0 * 240.0.0.0 U 0 0 0 eth2 > 224.0.0.0 * 240.0.0.0 U 0 0 0 eth1 > default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 > > > I have ticked "Allow LAN to LAN" for 1st and 2nd LAN interfaces. > > > A nice little project for a Saturday morning - looks like I'll still be on it > on > Monday morning ;) > > -Graham- > PS: where did the > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.