Re: routing question - why one way?

Thu, 01 Sep 2005 05:40:44 -0700 

On Thursday, September 01, 2005, Bill wrote:

> Right now I have the router installed with two active interfaces...
> 
> Segment A (192.168.0.4) interface on the router Segment B 
> (10.3.0.1) interface on the router
> 
> Now I have a machine on each segment also:
> 
> 192.168.0.2 (Segment A)
> 10.3.50.1 (Segment B)
> 
> Segment B has the default gateway set to 192.168.0.2
> (192.168.0.2 then passes out to the internet )

This doesn't make sense, Segment B's default gateway is 10.3.0.1

> >From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic).  I
> can ping any of the other interface cards on the router (there are a
> few) including the 192.168.0.4 interface on the router.  But 
> I cannot ping the 192.168.0.2 machine.
> 
> * WAIT * I know what you are going to say... but I DO have 
> the ip forwarding set
> 

No, I believe ip forwarding is enabled. A diagram of your network is a
follows (I believe)

                    <0/0 route to Internet gateway>     
                                  |             
(Segment A)                                        (Segment B)
192.168.0.2 <> 192.168.0.4 <-> 10.3.0.1 <> 10.3.50.1

Segment A gets 192.168.0.4 as their default gateway, Segment B gets
10.3.0.1 as their default gateway

> Now, if I go to the 192.168.0.2 machine, I added a route so 
> it knows where the 10.3.0.0 network is, and I can ping the 
> 10.3.50.1 machine no problem.  

Not necessary (of course) if Segment A's default gateway is 192.168.0.4
and Segment B is set to 10.3.0.1

> So if the pings can get from 192.168.0.2 to 10.3.50.1, the 
> ping responses from 10.3.50.1 should be able to be returned from the
> 192.168.0.2 box back no problem.

Let the router do it's job here

> 
> I am not sure where the pings are being lost... 

Probably lost in a 0/0 route, check your gateways.  YOU'RE SURE there
aren't any other players here in this simple network, correct?
Example, is pf, iptables, or other firewall blocking enabled on any of
the machines involved? ICMP could be getting lost in an ACL

-----------------------------------------------------------------------
Todd M. Boyer, CISSP 
President                   AutumnTECH, LLC 
[EMAIL PROTECTED]       http://www.AutumnTECH.com

AutumnTECH Manufactures Entire Network Protection Appliances 
    that Identify Spam and Sanitize Dangerous E-mail Content  
-----------------------------------------------------------------------

Reply via email to