Fw: [LARTC] Routing Question
- Original Message - From: "Fernando Blankleder" <[EMAIL PROTECTED]> To: "Evgeni Gechev" <[EMAIL PROTECTED]> Sent: Friday, April 06, 2007 11:37 AM Subject: Re: [LARTC] Routing Question I was thinking in a more Permanent Solution :) - Original Message - From: "Evgeni Gechev" <[EMAIL PROTECTED]> To: "Fernando Blankleder" <[EMAIL PROTECTED]> Sent: Thursday, April 05, 2007 2:13 PM Subject: Re: [LARTC] Routing Question Fernando Blankleder написа: Hi, Somebody can help me , i have a linux gateway running ipsec, so if i ping a host on a remote ipsec network from gateway packet goes out with external ip address of gateway , is there a way that packets going from gateway to a remote network be sourced from internal gateway ip ? Thanks in advance Fernando ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ping -I Internal_IP Remote_IP ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Routing Question
Hi, Somebody can help me , i have a linux gateway running ipsec, so if i ping a host on a remote ipsec network from gateway packet goes out with external ip address of gateway , is there a way that packets going from gateway to a remote network be sourced from internal gateway ip ? Thanks in advance Fernando___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Routing question
I'll try that on-list this time.. An iptables rule in the FORWARD chain to DROP all packets to/from that network? Using the FORWARD chain should allow access from the server's IP address, but not allowing any forwarded traffic. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 5:08 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Routing question I've always had to either have routing on, or off on a system. For the first time this week I have a system on the internet but with one connection to a private network to manage a piece of network gear. The situation is where I have a server on a 802.1q trunk with 4 VLAN interfaces on the internet and needs standard routing across the interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public address space and has standard routing. I just turned up eth0.2 on a private network (192.168.x.x) that I need to prevent any traffic from the public interfaces from reaching. After dipping into the iprouting documentation, it's only confused me more. I assume this is accomplished with a rule but sofar I have only been able to completely shut off access to the private network entirely including the server's access to that subnet. Could someone point me to an example of how this can be done? Thank you! John Fulton Anchorage, AK ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Routing question
I've always had to either have routing on, or off on a system. For the first time this week I have a system on the internet but with one connection to a private network to manage a piece of network gear. The situation is where I have a server on a 802.1q trunk with 4 VLAN interfaces on the internet and needs standard routing across the interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public address space and has standard routing. I just turned up eth0.2 on a private network (192.168.x.x) that I need to prevent any traffic from the public interfaces from reaching. After dipping into the iprouting documentation, it's only confused me more. I assume this is accomplished with a rule but sofar I have only been able to completely shut off access to the private network entirely including the server's access to that subnet. Could someone point me to an example of how this can be done? Thank you! John Fulton Anchorage, AK ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] routing question
routing wrote: my current router and default gateway for my network is 192.168.0.4 (with one interface eth0) 192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0 I need to get to a network at 192.168.16.0/24 at the through the gateway at 192.168.15.254 Machines on 192.168.15.0 can ping those on 192.168.16.0 this is the current situation with some real numbers from 192.168.0.4 ip route 192.168.3.0/24 via 192.168.0.8 dev eth0 192.168.0.0/24 dev eth0 scope link 192.168.16.0/24 via 192.168.15.254 dev eth0 192.168.15.0/24 via 192.168.0.8 dev eth0 127.0.0.0/8 dev lo scope link default via 192.168.0.8 dev eth0 I can see the following from 192.168.0.4 :- ping 192.168.15.254 PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data. 64 bytes from 192.168.15.254: icmp_seq=1 ttl=253 time=66.7 ms 64 bytes from 192.168.15.254: icmp_seq=2 ttl=253 time=65.4 ms ping 192.168.15.21 PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data. 64 bytes from 192.168.15.21: icmp_seq=1 ttl=253 time=75.6 ms but when I do ip route add 192.168.15.254 via 192.168.15.21 I get RTNETLINK answers: Network is unreachable what I really want to do at 192.168.0.4 is something like this ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives RTNETLINK answers: Network is unreachable) Try "ip route add 192.168.16.0/24 via 192.168.15.21 dev eth0" this should really work but you might need to designate the interface name. Rene Gallati wrote: routing wrote: So far I have been used to using linux to provide simple routing from my network to others using commands such as ip route add 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly. I also use smoothwall GPL to provice vpn services, however I have hit on a problem and am not at all clear on the way in which to proceed. I now need to provide a route to services, the access to these is provided by a router on a network on the far end of a VPN. the computers on the remote network can see the service I need to access, however when I try to provice a route to that system using a router on the remoted network by issuing a command such as 192.168.5.0/24 via 192.168.15.6 in the router at 192.168.0.4 I get the following :- RTNETLINK answers: Network is unreachable. Imho this simply means that the router at 192.168.0.4 does not know where 192.168.15.6 (the via target) is and thus denies the request. Add a route to 192.168.15.6 first and then it should work. My question is , what way of providing access to this route do I need to follow, Is it GRE tunnels (not the best option as I don't have enough information on the remote router configurations and am not able to change their settings). Do I have to use new routing tables or is there something else I must do to get this working? Just tell the router where your target is and all should be well, provided it can be really reached by the router in the first place, of course. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] routing question
my current router and default gateway for my network is 192.168.0.4 (with one interface eth0) 192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0 I need to get to a network at 192.168.16.0/24 at the through the gateway at 192.168.15.254 Machines on 192.168.15.0 can ping those on 192.168.16.0 this is the current situation with some real numbers from 192.168.0.4 ip route 192.168.3.0/24 via 192.168.0.8 dev eth0 192.168.0.0/24 dev eth0 scope link 192.168.16.0/24 via 192.168.15.254 dev eth0 192.168.15.0/24 via 192.168.0.8 dev eth0 127.0.0.0/8 dev lo scope link default via 192.168.0.8 dev eth0 I can see the following from 192.168.0.4 :- ping 192.168.15.254 PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data. 64 bytes from 192.168.15.254: icmp_seq=1 ttl=253 time=66.7 ms 64 bytes from 192.168.15.254: icmp_seq=2 ttl=253 time=65.4 ms ping 192.168.15.21 PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data. 64 bytes from 192.168.15.21: icmp_seq=1 ttl=253 time=75.6 ms but when I do ip route add 192.168.15.254 via 192.168.15.21 I get RTNETLINK answers: Network is unreachable what I really want to do at 192.168.0.4 is something like this ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives RTNETLINK answers: Network is unreachable) Rene Gallati wrote: routing wrote: So far I have been used to using linux to provide simple routing from my network to others using commands such as ip route add 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly. I also use smoothwall GPL to provice vpn services, however I have hit on a problem and am not at all clear on the way in which to proceed. I now need to provide a route to services, the access to these is provided by a router on a network on the far end of a VPN. the computers on the remote network can see the service I need to access, however when I try to provice a route to that system using a router on the remoted network by issuing a command such as 192.168.5.0/24 via 192.168.15.6 in the router at 192.168.0.4 I get the following :- RTNETLINK answers: Network is unreachable. Imho this simply means that the router at 192.168.0.4 does not know where 192.168.15.6 (the via target) is and thus denies the request. Add a route to 192.168.15.6 first and then it should work. My question is , what way of providing access to this route do I need to follow, Is it GRE tunnels (not the best option as I don't have enough information on the remote router configurations and am not able to change their settings). Do I have to use new routing tables or is there something else I must do to get this working? Just tell the router where your target is and all should be well, provided it can be really reached by the router in the first place, of course. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] routing question
So far I have been used to using linux to provide simple routing from my network to others using commands such as ip route add 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly. I also use smoothwall GPL to provice vpn services, however I have hit on a problem and am not at all clear on the way in which to proceed. I now need to provide a route to services, the access to these is provided by a router on a network on the far end of a VPN. the computers on the remote network can see the service I need to access, however when I try to provice a route to that system using a router on the remoted network by issuing a command such as 192.168.5.0/24 via 192.168.15.6 in the router at 192.168.0.4 I get the following :- RTNETLINK answers: Network is unreachable. My question is , what way of providing access to this route do I need to follow, Is it GRE tunnels (not the best option as I don't have enough information on the remote router configurations and am not able to change their settings). Do I have to use new routing tables or is there something else I must do to get this working? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Routing question
>>I found this to be excellent... >> >>http://www.linuxpowered.com/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html >> >> >That's the exact same thing I used, but I don't have separate ethernet >cards, which this set up relies on. Both my routers are on a switch, >along with my server, so everything goes over eth0 > >ip route add default dev eth0 src 10.1.1.1 >ip route add 10.1.1.1 dev eth0 src 10.1.1.1 > >don't work. The routing system needs to be able to differentiate between packets coming from the two routers, so I would suggest that you put another nic in the machine. this setup makes source based routing very easy to implement. I don't know if multihoming your current eth0 nic would make it possible because both routers are on the same network... > >I also can't find any info on creating tables T1, and T2 > Go to the link I gave and click "Prev" - the info you need is on that page... >Alex Leigh ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Routing question
> Hi, > > I was wondering if somebody could assist me in the following > > I have a lan with a mail server, a fixed outside ip address leased line > router at 10.1.1.1, and a dynamic outside ip address adsl router at 10.1.1.5 > > Our linux mail server always used to have the leased line router at > 10.1.1.1, but now with our adsl, I'd like traffic to go across 10.1.1.5, > I thought it would be straight forward to just change the default > gateway from 10.1.1.1 to 10.1.1.5, but this resulted in any traffic > coming in via 10.1.1.1 being ignored. I've been told it is because the > replies go out over 10.1.1.5 > > I've looked over the adv routing howto, but can't see how I would > implement it according to section 4.2.1, as I won't always know our ip > address for the adsl connection. > > Could someone point me in the right direction? > > Thanks, > Alex > I found this to be excellent... http://www.linuxpowered.com/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html Leigh. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Routing question
Hi, I was wondering if somebody could assist me in the following I have a lan with a mail server, a fixed outside ip address leased line router at 10.1.1.1, and a dynamic outside ip address adsl router at 10.1.1.5 Our linux mail server always used to have the leased line router at 10.1.1.1, but now with our adsl, I'd like traffic to go across 10.1.1.5, I thought it would be straight forward to just change the default gateway from 10.1.1.1 to 10.1.1.5, but this resulted in any traffic coming in via 10.1.1.1 being ignored. I've been told it is because the replies go out over 10.1.1.5 I've looked over the adv routing howto, but can't see how I would implement it according to section 4.2.1, as I won't always know our ip address for the adsl connection. Could someone point me in the right direction? Thanks, Alex ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Routing Question?
I have a network 128.187.2.0/24 and 128.187.1.0/24 that was setup by a vendor. I'm not too sure about the subnet mask above might be 16. I have a host on 128.187.2.1 and 128.187.1.1 that I need a network to talk to. I have a firewall setup like the following. eth1: 128.187.3.1/24 and eth2: 128.187.4.1/24 - with clients on each side of the lan with default gateway being the interface that it is connected to. The 128.187.2.1 is on the hub that eth2 is connected to and 128.187.1.1 is on the hub that eth1 is connected to. I have done the following: echo 1 > /proc/sys/net/ipv4/ip_forward ip route replace 128.187.1.1 dev eth1 ip route replace 128.187.2.1 dev eth2 >From the firewall I can ping 128.187.1.1 & 128.187.2.1. clients from the 128.187.3.0 side can't ping 128.187.2.1 and clients from the 128.187.4.0 side can't ping 128.187.1.1 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/