Re: [gentoo-user] Routing problem ?
On Sunday 13 January 2008, Hans-Werner Hilse wrote: Hi, On Sun, 13 Jan 2008 16:42:56 +0530 Holla [EMAIL PROTECTED] wrote: One thing, I cannot understand is the difference in traceroute results. What does this say in plain english ? :-) At PC2 # traceroute 218.248.240.46 (ISP's DNS server) traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.2.43 (192.168.2.43) 1.730 ms 0.840 ms 0.920 ms 2 192.168.1.1 (192.168.1.1) 1.440 ms 1.469 ms 1.287 ms 3 * * * 4 * * * At PC1 # traceroute 218.248.240.46 traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 0.848 ms 0.706 ms 0.681 ms 2 117.192.128.1 (117.192.128.1) 19.712 ms 18.878 ms 19.920 ms 3 218.248.160.134 (218.248.160.134) 19.292 ms 19.796 ms 19.190 ms I'd say your router (Router1) isn't doing NAT for packets from other subnets than it's LAN interface is configured for -- regardless of the (correctly) configured internal additional route. So your option would be to set up PC1 for doing NAT, not necessarily for packets 192.168.2/24-192.168.1/24, but for all packets from 192.168.2/24 going to the internet. Your provider most likely does not have anything to do with all this. I agree that this is not related to the ISP. What you probably need to do is set up RIP2 in your router 1, to be able to recognise other subdomains (192.168.2.XXX). Then it'll process packets coming from that subdomain. The router manual ought to help you out on setting this up. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Routing problem ?
Mick wrote: I agree that this is not related to the ISP. What you probably need to do is set up RIP2 in your router 1, to be able to recognize other subdomains (192.168.2.XXX). Then it'll process packets coming from that subdomain. The router manual ought to help you out on setting this up. grumpy network engineer Sure let's make something simple really complicated. And sucky. / Is there some sort of dynamic routing happening on this network? Different possible paths to get to machines? Links we might want to balance traffic over? Other routers sending route updates? If not, then why would we want the added complexity of a routing protocol? There are all of two routes on this network and they never change. Static routing is the right choice and functionally no different than if the route had been inserted via a routing protocol. No routing protocol will make router1 NAT addresses it doesn't want to. Adding that subnet to the NAT list will, but that is outside the routing table or it would have already worked. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
On Jan 17, 2008 2:40 AM, kashani [EMAIL PROTECTED] wrote: Mick wrote: I agree that this is not related to the ISP. What you probably need to do is set up RIP2 in your router 1, to be able to recognize other subdomains (192.168.2.XXX). Then it'll process packets coming from that subdomain. The router manual ought to help you out on setting this up. grumpy network engineer Sure let's make something simple really complicated. And sucky. / Is there some sort of dynamic routing happening on this network? Different possible paths to get to machines? Links we might want to balance traffic over? Other routers sending route updates? If not, then why would we want the added complexity of a routing protocol? There are all of two routes on this network and they never change. Static routing is the right choice and functionally no different than if the route had been inserted via a routing protocol. No routing protocol will make router1 NAT addresses it doesn't want to. Adding that subnet to the NAT list will, but that is outside the routing table or it would have already worked. Well, I had earlier tried enabling the RIP2 option in Router1 but no change in results. For the moment I have given up on this configuration. I am now trying to setup up the network as one segment only 192.168.1.x.. Using the Router2 in client mode is one option. Thanks for all the respones.. Sathish -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
I redo the diagram to show the gw info. Router1: UTSStarCom WA3002G4 Wireless Router with 4 ethernet ports NAT is enabled (Just a tickbox) PC1, PC2 : gentoo, 2.6.18.3 kernel Router2: LinkSys WRT54GL (default firmware) used as access point -- 192.168.1.1 default gw: ISP net 192.168.2.0 gw: 192.168.1.23 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . Passive Hub gw: 192.168.1.1 . . 192.168.2.1 . ++ . | W.AccessPt |--)))... | (Router2) | ++ | +--+ | PC2 | +--+ 192.168.2.24 gw: 192.168.2.43 Yo Yo wrote: btw, why don't you use the wireless on the ROUTER1 (doesn't seem you want to do any firewalling on the PC1)? Because this box is temporary, it will be replaced with a non-wireless one by the ISP. Richard Torres wrote: snip .. Unless you have 2 networks that need to be separate only one is needed. If you have a wireless router, use it as a wireless access point and not a router. Which means turn off DHCP on the wireless router and don't configure or use the WAN connection. This router is LinkSys WRT54GL with default firmware and I am using it really as an access point. There is no option to disable the WAN connection, so I left it as 'DHCP'. Depending on the capabilities of the router you can connect a LAN port on Router2 to your ADSL (Router1) router and assign an IP address that's in the same network as Router1. I agree this would have simplified the network, but the problem is, I cannot run a cable due to walls in between. The default firmware on LinkSys does not provide a client option. (Yes, I am aware of OpenWrt/DD-WRT etc ) I hope using the client option does not prevent the access point function. reader wrote: By correct gateway I think in this case it would be the inward facing address of pc1 (192.168.2.43) so on router2 you would set the gw to that address. Already done. And on pc2 the gw would be 192.168.2.1. That is unless router2 is just a WAP (wireless access point). As router is just a WAP, the gw is set to 192.168.2.43. kashani wrote: Router1 is the NAT device and everything else is internal or so I assumed. You don't want NAT behind NAT on your network if you can help it. It tends to break things and is hard to troubleshoot. I just ticked the 'Enable NAT' tickbox in the router configuration. PC1 does need to have IP forwarding turned on which the original poster mentioned he configured. Yes, this is done. The tests I would run are: ping 192.168.2.43 from router1. That'll test that router1 knows how to get to 192.168.2.0. I don't think packet forwarding has to be working for this to return since the interfaces are all local on PC1. Ping is ok. ping router 1 from PC2 and vice versa. That'll make sure that PC1 is forwarding packets correctly. Ping is ok. If both of these are fine, it's possible the router1 is not NATing 192.168.2.0/24 addresses. Do you think an ISP would allow only one LAN segment (like 192.168.1.x) and not allow 192.168.2.x at the same time ? Is there any incentive for them ? One thing, I cannot understand is the difference in traceroute results. What does this say in plain english ? :-) At PC2 # traceroute 218.248.240.46 (ISP's DNS server) traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.2.43 (192.168.2.43) 1.730 ms 0.840 ms 0.920 ms 2 192.168.1.1 (192.168.1.1) 1.440 ms 1.469 ms 1.287 ms 3 * * * 4 * * * At PC1 # traceroute 218.248.240.46 traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 0.848 ms 0.706 ms 0.681 ms 2 117.192.128.1 (117.192.128.1) 19.712 ms 18.878 ms 19.920 ms 3 218.248.160.134 (218.248.160.134) 19.292 ms 19.796 ms 19.190 ms -- sathish -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Hi, On Sun, 13 Jan 2008 16:42:56 +0530 Holla [EMAIL PROTECTED] wrote: One thing, I cannot understand is the difference in traceroute results. What does this say in plain english ? :-) At PC2 # traceroute 218.248.240.46 (ISP's DNS server) traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.2.43 (192.168.2.43) 1.730 ms 0.840 ms 0.920 ms 2 192.168.1.1 (192.168.1.1) 1.440 ms 1.469 ms 1.287 ms 3 * * * 4 * * * At PC1 # traceroute 218.248.240.46 traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 0.848 ms 0.706 ms 0.681 ms 2 117.192.128.1 (117.192.128.1) 19.712 ms 18.878 ms 19.920 ms 3 218.248.160.134 (218.248.160.134) 19.292 ms 19.796 ms 19.190 ms I'd say your router (Router1) isn't doing NAT for packets from other subnets than it's LAN interface is configured for -- regardless of the (correctly) configured internal additional route. So your option would be to set up PC1 for doing NAT, not necessarily for packets 192.168.2/24-192.168.1/24, but for all packets from 192.168.2/24 going to the internet. Your provider most likely does not have anything to do with all this. -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
On Jan 11, 2008 8:44 AM, kashani [EMAIL PROTECTED] wrote: Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Thanks, I added this route at the Router1 and now can ping 192.168.1.1 at PC2. But still can't ping DNS server from PC2. At PC2 # traceroute 218.248.240.46 (ISP's DNS server) traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.2.43 (192.168.2.43) 1.730 ms 0.840 ms 0.920 ms 2 192.168.1.1 (192.168.1.1) 1.440 ms 1.469 ms 1.287 ms 3 * * * 4 * * * At PC1 # traceroute 218.248.240.46 traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 0.848 ms 0.706 ms 0.681 ms 2 117.192.128.1 (117.192.128.1) 19.712 ms 18.878 ms 19.920 ms 3 218.248.160.134 (218.248.160.134) 19.292 ms 19.796 ms 19.190 ms Any idea why this is so ? sathish kashani -- gentoo-user@lists.gentoo.org mailing list -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Holla wrote: Hi, I think I have a routing problem with network shown below (hope my ascii art survives) From PC2, I cannot ping 192.168.1.1 and no internet. Also cannot ping ISP's DNS servers. But there is full connectivity between PC1 and PC2. At PC2, # traceroute 192.168.1.1 traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 40 byte packets 1 * * * 2 * * * I reached upto this point by following up the gentoo howtos, but now stuck. Any pointers ? as someone other said, you should setup NAT, there should be enough information on the wiki, but basically iptabales -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE on PC1 should do it, but there might be better ways ;) (note that you need some iptables stuff in the kernel) one other thing, if nat doesn't work, some wireless aps (i'm thinking about the 192.168.2.1) need to have correctly set up default gateway etc... they sometimes try to be to smart and I had sometimes problems when the router was connected as a wireless client to them... btw, why don't you use the wireless on the ROUTER1 (doesn't seem you want to do any firewalling on the PC1)? It might make things much simpler... you could setup the other ap to connect to it in client mode and all your network could then be on the 192.168.1.0/24 and I would gues that your provider NATs the whole subnet... yoyo 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 -- Router1 (UTSStarCom ISP supplied) : - router IP 192.168.1.1 - wireless enabled but not used -- PC1: (gentoo) - eth0 (192.168.1.23) and wireless (192.168.2.43) - no iptables configuration - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.0 * 255.255.255.0 U 0 00 ra0 192.168.1.0 * 255.255.255.0 U 0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.1.1 0.0.0.0 UG0 00 eth0 # echo 1/proc/sys/net/ipv4/ip_forward # Kernel Networking options # CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_INET=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y CONFIG_IP_FIB_HASH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_TCP_CONG_BIC=y -- Router2 (WRT54GL) - router IP 192.168.2.1 - wireless enabled and used -- PC2 (gentoo) - static IP address 192.168.2.24 - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.43* 255.255.255.255 UH0 00 eth0 192.168.2.0 * 255.255.255.0 U 0 00 eth0 192.168.1.0 192.168.2.43255.255.255.0 UG0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.2.430.0.0.0 UG0 00 eth0 -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
On Jan 11, 2008 10:22 AM, Mike Mazur [EMAIL PROTECTED] wrote: Hi, On Jan 11, 2008 12:14 PM, kashani [EMAIL PROTECTED] wrote: Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Also if you want PC2 to access the net, you would need PC1 to be smart enough to route/NAT packets from PC2 to Router 1. Thanks, but I only have a very limited understanding of this matter. Does this mean I had to add netfilter to the kernel and configure iptables ? sathish Mike -- gentoo-user@lists.gentoo.org mailing list -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
On Jan 11, 2008 8:09 PM, YoYo Siska [EMAIL PROTECTED] wrote: one other thing, if nat doesn't work, some wireless aps (i'm thinking about the 192.168.2.1) need to have correctly set up default gateway etc... they sometimes try to be to smart and I had sometimes problems when the router was connected as a wireless client to them... Can you give some clues about what you mean by correctly setup gw ? btw, why don't you use the wireless on the ROUTER1 (doesn't seem you want to do any firewalling on the PC1)? It might make things much simpler... you could setup the other ap to connect to it in client mode and all your network could then be on the 192.168.1.0/24 and I would gues that your provider NATs the whole subnet... Router1 is temporary. My ISP will shortly replace it with a non-wireless version. So I want configure this way. sathish yoyo 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 -- Router1 (UTSStarCom ISP supplied) : - router IP 192.168.1.1 - wireless enabled but not used -- PC1: (gentoo) - eth0 (192.168.1.23) and wireless (192.168.2.43) - no iptables configuration - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.0 * 255.255.255.0 U 0 00 ra0 192.168.1.0 * 255.255.255.0 U 0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.1.1 0.0.0.0 UG0 00 eth0 # echo 1/proc/sys/net/ipv4/ip_forward # Kernel Networking options # CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_INET=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y CONFIG_IP_FIB_HASH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_TCP_CONG_BIC=y -- Router2 (WRT54GL) - router IP 192.168.2.1 - wireless enabled and used -- PC2 (gentoo) - static IP address 192.168.2.24 - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.43* 255.255.255.255 UH0 00 eth0 192.168.2.0 * 255.255.255.0 U 0 00 eth0 192.168.1.0 192.168.2.43255.255.255.0 UG0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.2.430.0.0.0 UG0 00 eth0 -- gentoo-user@lists.gentoo.org mailing list -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
I don't understand why 2 routers. Maybe I'm missing something. Unless you have 2 networks that need to be separate only one is needed. If you have a wireless router, use it as a wireless access point and not a router. Which means turn off DHCP on the wireless router and don't configure or use the WAN connection. Depending on the capabilities of the router you can connect a LAN port on Router2 to your ADSL (Router1) router and assign an IP address that's in the same network as Router1. - Original Message From: Holla [EMAIL PROTECTED] To: gentoo-user@lists.gentoo.org Sent: Friday, January 11, 2008 8:18:37 AM Subject: Re: [gentoo-user] Routing problem ? On Jan 11, 2008 10:22 AM, Mike Mazur [EMAIL PROTECTED] wrote: Hi, On Jan 11, 2008 12:14 PM, kashani [EMAIL PROTECTED] wrote: Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Also if you want PC2 to access the net, you would need PC1 to be smart enough to route/NAT packets from PC2 to Router 1. Thanks, but I only have a very limited understanding of this matter. Does this mean I had to add netfilter to the kernel and configure iptables ? sathish Mike -- gentoo-user@lists.gentoo.org mailing list -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Mike Mazur wrote: Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Also if you want PC2 to access the net, you would need PC1 to be smart enough to route/NAT packets from PC2 to Router 1. Not true in this case. Router1 is the NAT device and everything else is internal or so I assumed. You don't want NAT behind NAT on your network if you can help it. It tends to break things and is hard to troubleshoot. PC1 does need to have IP forwarding turned on which the original poster mentioned he configured. The tests I would run are: ping 192.168.2.43 from router1. That'll test that router1 knows how to get to 192.168.2.0. I don't think packet forwarding has to be working for this to return since the interfaces are all local on PC1. ping router 1 from PC2 and vice versa. That'll make sure that PC1 is forwarding packets correctly. If both of these are fine, it's possible the router1 is not NATing 192.168.2.0/24 addresses. kashani -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Routing problem ?
Hi, I think I have a routing problem with network shown below (hope my ascii art survives) From PC2, I cannot ping 192.168.1.1 and no internet. Also cannot ping ISP's DNS servers. But there is full connectivity between PC1 and PC2. At PC2, # traceroute 192.168.1.1 traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 40 byte packets 1 * * * 2 * * * I reached upto this point by following up the gentoo howtos, but now stuck. Any pointers ? thanks sathish 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 -- Router1 (UTSStarCom ISP supplied) : - router IP 192.168.1.1 - wireless enabled but not used -- PC1: (gentoo) - eth0 (192.168.1.23) and wireless (192.168.2.43) - no iptables configuration - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.0 * 255.255.255.0 U 0 00 ra0 192.168.1.0 * 255.255.255.0 U 0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.1.1 0.0.0.0 UG0 00 eth0 # echo 1/proc/sys/net/ipv4/ip_forward # Kernel Networking options # CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_INET=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y CONFIG_IP_FIB_HASH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_TCP_CONG_BIC=y -- Router2 (WRT54GL) - router IP 192.168.2.1 - wireless enabled and used -- PC2 (gentoo) - static IP address 192.168.2.24 - routing table entries Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.43* 255.255.255.255 UH0 00 eth0 192.168.2.0 * 255.255.255.0 U 0 00 eth0 192.168.1.0 192.168.2.43255.255.255.0 UG0 00 eth0 loopback* 255.0.0.0 U 0 00 lo default 192.168.2.430.0.0.0 UG0 00 eth0 -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Hi, On Jan 11, 2008 12:14 PM, kashani [EMAIL PROTECTED] wrote: Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Also if you want PC2 to access the net, you would need PC1 to be smart enough to route/NAT packets from PC2 to Router 1. Mike -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem
Am Mittwoch, den 07.09.2005, 16:18 +0200 schrieb Patrick Marquetecken: Hi, I have connected two sites with openVPN, this works fine all traffic goes trought the tunnels, and i can ping machines from one site to another. But, i can't ping a machine from siteA from openVPN from siteB. to make it compleet bizar the machine on siteA can ping the openVPN on siteB. It's rather hard to help you here. You described only the sympthoms but didn't provide any basic details like IP-ranges on both sides, routes, ovpn config, OpenVPN versions used, etc. etc. And what do you mean by I have connected two sites ? Are we talking Linux - Linux here, or is a Windoze box involved ? Firewalls in between? If i do a ping -R on the machine at siteA i see this: RR: 10.32.3.172 - machine siteA 10.32.101.3 - tunnel 10.32.16.52 - openVPN siteB 10.32.16.52 10.32.3.51 - must be 10.32.101.3 (openVPN siteA) 10.32.3.172 It seems that the answer goes direct between the two openVPN machines and not the tunnel (10.32.101.x) There is a route 10.32.0.0 netmask 255.255.252.0 gw 10.32.101.3 dev tun1. A ping from openVPN siteB to openVPN siteA RR: 10.32.101.4 10.32.3.51 10.32.3.51 10.32.101.4 My main portage server is in siteA and i would like to update my remore openVPN machines. This behaviour its not only with that machine but with all my other remote openVPN machines, all machines behind those does not have this kind of problems. Anyone know a solution TIA -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot. -- Mit freundlichen Grüßen Heinz Sporn SPORN it-freelancing Mobile: ++43 (0)699 / 127 827 07 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Website: http://www.sporn-it.com Snail: Steyrer Str. 20 A-4540 Bad Hall Austria / Europe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem
It's rather hard to help you here. You described only the sympthoms but didn't provide any basic details like IP-ranges on both sides, routes, ovpn config, OpenVPN versions used, etc. etc. SiteA 10.32.0.0/22 siteB 10.32.16.0/24 connection goes over 10.32.100.0 tunnels ip's are 10.32.101.3 for siteA and 10.32.101.4 for SiteB routing tables: siteA eth0 10.32.3.51 Destination Gateway Genmask Flags Metric RefUse Iface 10.32.101.6 0.0.0.0 255.255.255.255 UH0 00 tun2 10.32.101.4 0.0.0.0 255.255.255.255 UH0 00 tun1 10.32.101.2 0.0.0.0 255.255.255.255 UH0 00 tun0 10.32.16.16010.32.101.2 255.255.255.255 UGH 0 00 tun0 10.32.101.140.0.0.0 255.255.255.255 UH0 00 tun5 10.32.101.120.0.0.0 255.255.255.255 UH0 00 tun4 10.32.101.8 0.0.0.0 255.255.255.255 UH0 00 tun3 10.32.32.0 0.0.0.0 255.255.255.248 U 0 00 eth0 10.32.100.160.0.0.0 255.255.255.240 U 0 00 eth2 10.32.100.0 0.0.0.0 255.255.255.240 U 0 00 eth1 10.32.100.3210.32.0.20 255.255.255.240 UG0 00 eth0 10.35.0.0 10.32.101.8 255.255.255.0 UG0 00 tun3 10.32.24.0 10.32.101.6 255.255.255.0 UG0 00 tun2 10.35.1.0 10.32.100.17255.255.255.0 UG0 00 eth2 10.32.25.0 10.32.100.17255.255.255.0 UG0 00 eth2 10.32.66.0 10.32.101.4 255.255.255.0 UG0 00 tun1 10.32.16.0 10.32.101.4 255.255.255.0 UG0 00 tun1 10.32.67.0 10.32.101.4 255.255.255.0 UG0 00 tun1 10.32.0.0 0.0.0.0 255.255.252.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo 0.0.0.0 10.32.0.20 0.0.0.0 UG0 00 eth0 siteB eth0 10.32.16.52 Destination Gateway Genmask Flags Metric RefUse Iface 10.32.101.3 0.0.0.0 255.255.255.255 UH0 00 tun1 10.32.101.1 0.0.0.0 255.255.255.255 UH0 00 tun0 10.32.3.129 10.32.101.1 255.255.255.255 UGH 0 00 tun0 10.32.3.128 10.32.101.1 255.255.255.255 UGH 0 00 tun0 81.246.22.210 10.32.16.20 255.255.255.255 UGH 0 00 eth0 10.32.101.130.0.0.0 255.255.255.255 UH0 00 tun5 10.32.101.110.0.0.0 255.255.255.255 UH0 00 tun4 10.32.32.0 10.32.101.3 255.255.255.248 UG0 00 tun1 10.32.26.0 10.32.16.20 255.255.255.240 UG0 00 eth0 10.32.100.1610.32.16.20 255.255.255.240 UG0 00 eth0 10.32.100.0 0.0.0.0 255.255.255.240 U 0 00 eth1 10.32.100.320.0.0.0 255.255.255.240 U 0 00 eth2 10.35.0.0 10.32.101.3 255.255.255.0 UG0 00 tun1 10.32.24.0 10.32.101.3 255.255.255.0 UG0 00 tun1 10.32.16.0 0.0.0.0 255.255.255.0 U 0 00 eth0 10.33.10.0 10.32.101.3 255.255.255.0 UG0 00 tun1 10.32.64.0 10.32.101.3 255.255.255.0 UG0 00 tun1 10.32.65.0 10.32.101.3 255.255.255.0 UG0 00 tun1 10.32.0.0 10.32.101.3 255.255.252.0 UG0 00 tun1 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo 0.0.0.0 10.32.16.20 0.0.0.0 UG0 00 eth0 RR: 10.32.3.172 10.32.101.3 10.32.16.52 10.32.16.52 10.32.3.51 - should be 10.32.101.3 10.32.3.172 And what do you mean by I have connected two sites ? Are we talking Linux - Linux here, or is a Windoze box involved ? Firewalls in between Its Linux to Linux direct without any firewalls. the VPN tunnels are now working for more than 3 months, its only that the openVPN machines can't connect to other machines then theireselfs. Patrick Heinz Sporn -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem - Solved
After spending some hours watching tcpdumps, i saw that the openvpn at siteB comes with ip form the vpntunnel to the client, setting up a route on the client solved it all. I tought that i always would use the ip of eth0 ? Patrick -- Arwen: Why do you fear the past? You are Isildur's heir, not Isildur himself. You are not bound to his fate. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem - Solved
Am Donnerstag, den 08.09.2005, 11:37 +0200 schrieb Patrick Marquetecken: After spending some hours watching tcpdumps, i saw that the openvpn at siteB comes with ip form the vpntunnel to the client, setting up a route on the client solved it all. I tought that i always would use the ip of eth0 ? I have to say your network layout seems to be rather odd. Why on earth do you need so many tunnels and routes? If site A and B contain just a number of servers and clients I'd say you just need one tunnel at all and one route on each side of it that points to the correspondig LAN. Patrick -- Arwen: Why do you fear the past? You are Isildur's heir, not Isildur himself. You are not bound to his fate. -- Mit freundlichen Grüßen Heinz Sporn SPORN it-freelancing Mobile: ++43 (0)699 / 127 827 07 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Website: http://www.sporn-it.com Snail: Steyrer Str. 20 A-4540 Bad Hall Austria / Europe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick Marquetecken wrote: Its Linux to Linux direct without any firewalls. the VPN tunnels are now working for more than 3 months, its only that the openVPN machines can't connect to other machines then theireselfs. Have you enabled forwarding for the tun interfaces on both ends? Check sysctl.conf and iptables -t nat -L - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica KTP Consultores - info AT ktpconsultores.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDICmqAlpOsGhXcE0RAg0cAJ9Il2XBx8pLlQDPU5v8XtM4CPLbXQCdFnA/ txVntftfWXQfyV+iV0myjrs= =dZMi -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem - Solved
Am Donnerstag, den 08.09.2005, 11:37 +0200 schrieb Patrick Marquetecken: After spending some hours watching tcpdumps, i saw that the openvpn at siteB comes with ip form the vpntunnel to the client, setting up a route on the client solved it all. I tought that i always would use the ip of eth0 ? I have to say your network layout seems to be rather odd. Why on earth do you need so many tunnels and routes? If site A and B contain just a number of servers and clients I'd say you just need one tunnel at all and one route on each side of it that points to the correspondig LAN. We have two tunnels tun0 tun1 to siteB, but this is because we are using QOS, the tunnels contains different type of traffic. There are other tunnels to siteC and siteD Patrick Patrick -- Arwen: Why do you fear the past? You are Isildur's heir, not Isildur himself. You are not bound to his fate. -- Mit freundlichen Grüßen Heinz Sporn SPORN it-freelancing Mobile: ++43 (0)699 / 127 827 07 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Website: http://www.sporn-it.com Snail: Steyrer Str. 20 A-4540 Bad Hall Austria / Europe -- gentoo-user@gentoo.org mailing list -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot. -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Routing problem
Hi, I have connected two sites with openVPN, this works fine all traffic goes trought the tunnels, and i can ping machines from one site to another. But, i can't ping a machine from siteA from openVPN from siteB. to make it compleet bizar the machine on siteA can ping the openVPN on siteB. If i do a ping -R on the machine at siteA i see this: RR: 10.32.3.172 - machine siteA 10.32.101.3 - tunnel 10.32.16.52 - openVPN siteB 10.32.16.52 10.32.3.51 - must be 10.32.101.3 (openVPN siteA) 10.32.3.172 It seems that the answer goes direct between the two openVPN machines and not the tunnel (10.32.101.x) There is a route 10.32.0.0 netmask 255.255.252.0 gw 10.32.101.3 dev tun1. A ping from openVPN siteB to openVPN siteA RR: 10.32.101.4 10.32.3.51 10.32.3.51 10.32.101.4 My main portage server is in siteA and i would like to update my remore openVPN machines. This behaviour its not only with that machine but with all my other remote openVPN machines, all machines behind those does not have this kind of problems. Anyone know a solution TIA -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem
On Fri, 10 Jun 2005 20:08:08 -0500 James R Campbell [EMAIL PROTECTED] wrote: ... duplicate entries for the 10.32.16.0/32 are causing you grief here. It also looks like you have a typo in your second entry (if your above statement was correct) in the third quad of your gateway in this entry: 10.32.16.0/32 -- 10.32.100.2. ... I'm sorry, both of those should read 10.32.16.0/24. --James -- --This Message Powered by Linux-- --Registered Linux User 227032-- -- gentoo-user@gentoo.org mailing list Just rememberd what the problem could be, we had some trouble on this line and our ISP checked this here for i had to stop the tunnels, and created 'normal routing' to the other side. Afterwards i just started openvpn but forgot to remove the old routing tables, i think i'm going to implement this into the up-scripts. Patrick -- gentoo-user@gentoo.org mailing list
[gentoo-user] Routing problem
Hi, I'm having a bit trouble to get one computer force to use another route. this are the commands i'm using to create routes route add -net 10.32.16.0 netmask 255.255.255.0 gateway 10.32.101.4 dev tun1 route add -host 10.32.16.160 gateway 10.32.101.2 dev tun0 The routes on my gentoo router are: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.32.101.4 0.0.0.0 255.255.255.255 UH0 00 tun1 10.32.101.2 0.0.0.0 255.255.255.255 UH0 00 tun0 10.32.16.16010.32.101.2 255.255.255.255 UGH 0 00 tun0 10.32.100.0 0.0.0.0 255.255.255.240 U 0 00 eth1 10.32.26.0 10.32.100.2 255.255.255.0 UG0 00 eth1 10.32.16.0 10.32.101.4 255.255.255.0 UG0 00 tun1 10.32.16.0 10.32.100.2 255.255.255.0 UG0 00 eth1 10.32.0.0 0.0.0.0 255.255.252.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo and my tracepath: Tracing route to 10.32.16.160 over a maximum of 30 hops 11 ms1 ms1 ms 10.32.3.51 2 4 ms 3 ms 3 ms 10.32.101.4 3 5 ms 3 ms 3 ms 10.32.16.160 What must i do to change this? TIA Patrick -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem
On Friday 10 June 2005 09:19, Patrick Marquetecken wrote:
Hi,
I'm having a bit trouble to get one computer force to use another route.
this are the commands i'm using to create routes
route add -net 10.32.16.0 netmask 255.255.255.0 gateway 10.32.101.4 dev
tun1 route add -host 10.32.16.160 gateway 10.32.101.2 dev tun0
The routes on my gentoo router are:
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface 10.32.101.4 0.0.0.0 255.255.255.255 UH0 0
0 tun1 10.32.101.2 0.0.0.0 255.255.255.255 UH0 0
0 tun0 10.32.16.16010.32.101.2 255.255.255.255 UGH 0 0
0 tun0 10.32.100.0 0.0.0.0 255.255.255.240 U 0 0
0 eth1 10.32.26.0 10.32.100.2 255.255.255.0 UG0 0
0 eth1 10.32.16.0 10.32.101.4 255.255.255.0 UG0 0
0 tun1 10.32.16.0 10.32.100.2 255.255.255.0 UG0 0
0 eth1 10.32.0.0 0.0.0.0 255.255.252.0 U 0 0
0 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0
00 lo
Wow, that's an interesting route table. Off the bat, I'd say that the
duplicate entries for the 10.32.16.0/32 are causing you grief here. It also
looks like you have a typo in your second entry (if your above statement was
correct) in the third quad of your gateway in this entry: 10.32.16.0/32 --
10.32.100.2. Also that entry is set for eth1 and if that's a tunnel it
should be set for tun{x} iirc. I'm not going to comment on the rest of the
table as I don't know the whole story ;)
--James
--
--This Message Powered by Linux--
--Registered Linux User #227032--
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Routing problem
... duplicate entries for the 10.32.16.0/32 are causing you grief here. It also looks like you have a typo in your second entry (if your above statement was correct) in the third quad of your gateway in this entry: 10.32.16.0/32 -- 10.32.100.2. ... I'm sorry, both of those should read 10.32.16.0/24. --James -- --This Message Powered by Linux-- --Registered Linux User 227032-- -- gentoo-user@gentoo.org mailing list
