Re: Routing problems

j.halifax . j.halifax at seznam.cz
Thu Feb 18 11:10:31 UTC 2010 

> The only thing I can think of is to ask how iptables is set up. The iptables are not used (I am not familiar with them, but tried different arrangement and nothing helped).

> I think you have iptables doing masquerading to the eth0 interface.
> The masquerading shouldn't be the problem.
Yes, masquerading is on eth0 and it works ok, Internet access as well both from inside out and from outside to the LAN via VPN (pptpd). But it doesn't work from outside to 172.17.1.50 (or so) analogously...

Thank you for your help!



> ------------ Původní zpráva ------------
> Od: Rick Sewill <rsewill at gmail.com>
> Předmět: Re: Routing problems
> Datum: 18.2.2010 11:03:31
> ----------------------------------------
> On Thu, 2010-02-18 at 07:31 +0100, j.halifax . wrote: 
> > Hi All,
> > 
> > Could you please help me with routing in the LAN default GW box?
> > 
> > I have 
> > eth0 connected to Internet 
> > eth2 to internal LAN 10.255.250.0 
> > LAN default GW is 10.255.250.37
> > eth3 connected to other LAN
> > 
> > Route in the default GW (10.255.250.37):
> > 
> > Destination       Gateway           Genmask         Flags Metric Ref  Use
> Iface
> > 192.168.180.0   *                       255.255.255.0   U      0      0       
> 0  eth3
> > 10.255.250.0     *                       255.255.255.0   U      0      0      
>  0  eth2
> > link-local           *                       255.255.0.0      U     1003   0  
>      0  eth0
> > link-local           *                       255.255.0.0      U     1004   0  
>      0  eth2
> > link-local           *                       255.255.0.0      U     1005   0  
>      0  eth3
> > 172.17.0.0       192.168.180.100  255.255.0.0      UG    0      0        0 
> eth3
> > default             dsl-router            0.0.0.0             UG    0      0  
>      0  eth0
> > 
> > >From the LAN default GW (10.255.250.37) 
> > - I can ping 172.17.1.50:
> > &nbsp;&nbsp;PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=5.62 ms
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=2 ttl=253 time=3.29 ms
> > 
> > >From other boxes in the same LAN (e.g. 10.255.250.38)
> > - I cann't ping 172.17.1.50
> > - I cann't traceroute 172.17.1.50: It goes to LAN default GW 
> > &nbsp;&nbsp;10.255.250.37 and then to its default GW dsl-router on eth0
> > &nbsp;&nbsp;instead of eth3 (so that the routing rule for 172.17.0.0 doesn't 
> > &nbsp;&nbsp;match for 172.17.1.50)
> > 
> > Can anybody help pleasee?
> > Thank you so much!
> > jh
> > 
> 
> Your problem has me stumped.
> 
> The only thing I can think of is to ask how iptables is set up.
> 
> I think you have iptables doing masquerading to the eth0 interface.
> The masquerading shouldn't be the problem.
> 
> Are you doing anything special with packets coming in eth2 in iptables?
> 
> I assume 10.255.250.38 can ping the Internet so you have routing set up.
> 
> I can't think of anything else to check at this moment.
> 
> Hopefully others will have better suggestions and ideas where to look.
> 
> 
> 
> -- 
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> 
> 
>

More information about the users mailing list