Hello Bob, Matt You wrote about trouble routing to a second network useing a bering disk As far as I understood you post you can ping from one site to the next one but not beyond. your routing seems to be ok,
Did you check cat /proc/sys/net/ipv4/ip_forward if this is set 0 then the kernel doesn't forward the ip-packets. even if you are able to reach them by route. You can change this with echo 1 >/proc/sys/net/ipv4/ip_forward. BTW this is also one of the things Shorewall does ;) look in /etc/network/options here is the line ip_forward=no you can change this to ip_forward=yes. good luck Eric Wolzak Bering_ http://leaf.sf.net/devel/ericw http://leaf.sf.net/devel/jnilo Original Message and answers below ............................................ > I just didn't bother typing them out here, but they do > exist. They are the same as what you have listed in your routing table. > > > There's also an occasion or two where I'd think the gateway > would simply be 0.0.0.0, but I'm not convinced that's an > issue. > The routes look logical. I point that out inllne. > > Most likely, we're at the point of traceroute and ping > to bang our heads against any rules that are getting > in the way. > > From a workstation at Site 1, I can ping the segment at Site > 2 including all the interfaces in between, and the 10.10.12.253 interface > (which is the router from Site 2b to Site 3, but I get unreachable messages > for everything beyond. > > >> I did this because that router is connected via 100Mb > fibre to another > >> building where the rest of the routing happens. eth0 on > Site 1 connects to a > >> switch, and 10.10.1.254 (my main gateway router) connects > to a different > >> port on that same switch. > > >Ok. I get that now. As long as you're not using some > really expensive > >3COM switch or router that has traffic filtering/routing > rules, we should > >be in good shape. Didn't you mention this exact setup > worked with a full > >blown RH distro? > >If that's the case, I'm leaning more toward "Shorewall," > heh heh. > > It's a Nortel Accelar 1150R-B, but there's no filtering on > it. And, yes it does work with a full blown RH distro. Since I haven't used > the ip route tool before, I thought there might be more parameters that I > need to be including when I build my routes. And I took Shorewall out to try > and make things easier on myself, but it doesn't seem to make a difference. > > >Because you're not saying to the kernel that 192.168.1.254 > is *another router*, > >*another gateway* or "a thing that does routing", but > rather you're just trying > >to say, "put all that traffic out eth1." Although I know > netstat and routing > >in general, I've never set something up this complicated > and can't be sure. > >I just know how a routing table usually looks, and it does > not specify the > >external nic ip address for routes like this one. Here's > mine, for example: > > >Destination Gateway Genmask Flags > Iface > >10.1.1.0 0.0.0.0 255.255.255.0 U > eth1 > >63.194.213.0 0.0.0.0 255.255.255.0 U > eth0 > >127.0.0.0 0.0.0.0 255.0.0.0 U > lo > >0.0.0.0 63.194.213.254 0.0.0.0 UG > eth0 > > >Ok then. I'll leave it at this point until we find out > about > >the localhost route (127.0.0.0/8) sort of thing and the > 0.0.0.0 > >gateway issue. > > I'll give this a try, but at first glance it seems that it > would direct all outbound traffic to the next hop, but what about traffic > destined for hosts on the 63.194.213.0/24 segment? That's why I got specific > with the gateway definitions. > > > >Btw, how do you pronounce Pocius? Poe'-shuss? > Poe'-she-us? > > It's Poe'-shuss......and I'm very impressed that you were > able to guess that. No one ever pronounces it right! > > > Bob Pocius > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
