weird routing problem
Weird routing problem here. I have a network which looks like this:
pc1 <-ethernet-> linux1 <-ppp-> central <-ppp-> linux2 <-ethernet-> pc2
|
V
internet
That is, there are two separate ethernets, which both have a linux router
with PPP to the central system. They are both halves of a class C;
pc1 and linux1 are on (say) 192.168.1.0/25, and pc2 and linux2 are
on 192.168.1.128/25. Both linux1 and linux2 do masquerading for
hosts that are on the internet and not the private network.
Everybody can reach the internet just fine, and everybody can reach
the central machine just fine. However, pc1 (running Linux)
can ping pc2, but neither pc2 nor linux2 can ping pc1. They can both
ping linux1 though. Traceroute shows that the route gets stuck
after reaching linux1 (on linux1's PPP interface address).
tcpdump shows that pc1 receives the ICMP echo request packets
and sends an ICMP echo reply, but linux1 never sees them going over
the PPP link.
I am completely baffled as to how ping can work in one direction
but not another. (And it's not just ping; pc1 can telnet to linux2,
but linux2 can't telnet to pc1 -- it never connects.)
Here is the IP forwarding/masq setup script from linux1:
# set default policy
ipfwadm -F -p deny
# allow local hosts to talk to yodeller and the dialups direct
# -b is for bidirectional
ipfwadm -F -a a -b -S 192.168.1.0/25 -D yodeller/32
ipfwadm -F -a a -b -S 192.168.1.0/25 -D dialup-1/32
ipfwadm -F -a a -b -S 192.168.1.0/25 -D dialup-2/32
# set up the ip masquerading
ipfwadm -F -a m -S 192.168.1.0/25 -D 0.0.0.0/0
(yodeller is the central machine, dialup-1 and dialup-2 are the names
for the PPP interfaces on linux1 and linux2).
linux2 has an identical script with 192.168.1.128 instead of .1.0.
This gives:
bash-2.00# ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc all localnet/25 yodeller.rising.com.au n/a
acc all localnet/25 dialup-1.rising.com.au n/a
acc all localnet/25 dialup-2.rising.com.au n/a
acc/m all localnet/25 anywhere n/a
Routes on linux1 look fine:
bash-2.00# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
yodeller.rising * 255.255.255.255 UH 0 0 2 ppp0
yodeller.rising * 255.255.255.255 UH 1 0 11 sl0
localnet * 255.255.255.128 U 0 0 58 eth0
127.0.0.0 * 255.0.0.0 U 0 0 32 lo
default * 0.0.0.0 U 0 0 11 ppp0
default * 0.0.0.0 U 1 0 16 sl0
(linux1 is running diald, just to confuse the issue.)
Route table on pc1:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.128 U 0 0 2 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 1 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 1 0 16 eth0
I just added
ipfwadm -F -a a -b -S 192.168.1.0/25 -D 192.168.1.128/25
and vice-versa to the machines too and it still doesn't work -- I can
still ping linux2 from pc1, but not vice-versa.
Any ideas? It makes no sense to me!
thanks,
hamish
--
Hamish Moffatt, hamish@debian.org, hamish@rising.com.au, hmoffatt@mail.com
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome. http://hamish.home.ml.org
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: