>It's funny how the keys slip sometimes, huh :-)
>There's definitely no "unsend" button :-)
It wasn't until after my third or fourth time reading this
e-mail that I figured out what you were talking about. Oops!
>Ok. Be aware that you're going to want to check your
>syslog a lot during this phase to see what's really going
>on. Hopefully, all denied or rejected packets will be
>logged and we can get somewhere.
Even without Shorewall?
>Yes, it looks complete, and it seems to make sense.
>I don't see any lo, localhost routes. Why not? Did you
>just omit them?
I just didn't bother typing them out here, but they do
exist. They are the same as what you have listed in your routing table.
There's also an occasion or two where I'd think the gateway
would simply be 0.0.0.0, but I'm not convinced that's an
issue.
The routes look logical. I point that out inllne.
Most likely, we're at the point of traceroute and ping
to bang our heads against any rules that are getting
in the way.
From a workstation at Site 1, I can ping the segment at Site
2 including all the interfaces in between, and the 10.10.12.253 interface
(which is the router from Site 2b to Site 3, but I get unreachable messages
for everything beyond.
>> I did this because that router is connected via 100Mb
fibre to another
>> building where the rest of the routing happens. eth0 on
Site 1 connects to a
>> switch, and 10.10.1.254 (my main gateway router) connects
to a different
>> port on that same switch.
>Ok. I get that now. As long as you're not using some
really expensive
>3COM switch or router that has traffic filtering/routing
rules, we should
>be in good shape. Didn't you mention this exact setup
worked with a full
>blown RH distro?
>If that's the case, I'm leaning more toward "Shorewall,"
heh heh.
It's a Nortel Accelar 1150R-B, but there's no filtering on
it. And, yes it does work with a full blown RH distro. Since I haven't used
the ip route tool before, I thought there might be more parameters that I
need to be including when I build my routes. And I took Shorewall out to try
and make things easier on myself, but it doesn't seem to make a difference.
>Because you're not saying to the kernel that 192.168.1.254
is *another router*,
>*another gateway* or "a thing that does routing", but
rather you're just trying
>to say, "put all that traffic out eth1." Although I know
netstat and routing
>in general, I've never set something up this complicated
and can't be sure.
>I just know how a routing table usually looks, and it does
not specify the
>external nic ip address for routes like this one. Here's
mine, for example:
>Destination Gateway Genmask Flags
Iface
>10.1.1.0 0.0.0.0 255.255.255.0 U
eth1
>63.194.213.0 0.0.0.0 255.255.255.0 U
eth0
>127.0.0.0 0.0.0.0 255.0.0.0 U
lo
>0.0.0.0 63.194.213.254 0.0.0.0 UG
eth0
>Ok then. I'll leave it at this point until we find out
about
>the localhost route (127.0.0.0/8) sort of thing and the
0.0.0.0
>gateway issue.
I'll give this a try, but at first glance it seems that it
would direct all outbound traffic to the next hop, but what about traffic
destined for hosts on the 63.194.213.0/24 segment? That's why I got specific
with the gateway definitions.
>Btw, how do you pronounce Pocius? Poe'-shuss?
Poe'-she-us?
It's Poe'-shuss......and I'm very impressed that you were
able to guess that. No one ever pronounces it right!
Bob Pocius
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
