Re: managing another network route, can't connect to it! Pls see!
> For the hosts on the 10.0.0.0/16 network, like your ws, you have to
> add a route for the 192.168.129.0/24 network via 10.0.0.2, axactly as
> you have done for the linux gateway.
I already add another route to 192.168.129.x via 10.0.0.2, below are my
kernel route
- my kernel routing table GW ------------------------------
panic:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
203.190.72.104 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.129.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 203.190.72.110 0.0.0.0 UG 0 0 0 eth0
-----------------------------------------------------------
===
I did another ip block over 192.168.129.x, ip is 192.168.129.50 - just a
test of mine.
Now i can access 192.168.129.50 directly on my workstation, but left is i
can't access
still 192.168.129.x block, and yet except for .50.
- i add another ip over 192.168.129.x block ---------------
eth1:2 Link encap:Ethernet HWaddr 00:60:08:1F:21:5B
inet addr:192.168.129.50 Bcast:192.168.129.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0xb400
-----------------------------------------------------------
===
> As it stands now, if the 10.0.0.0/16 hosts have only a local route and
> a default route, they are sending datagrams bound for the
> 192.168.129.0/24 network to their default gw. Though this is not as
> efficient as having those hosts use the 10.0.0.2 router, it does save
> you the headache of setting static routes on each system. To get this
> to work, I would suspect the problem lies in the filtering and
> mangallind rules on the gw. You can post those rules, if you are
> comfortable with that and you want more help.
Below are my iptables rules (w/ nat). Yes i guess its on filtering on my gw.
Anyhow, here are my iptables rules again.
- iptables rules ------------------------------------------
panic:~# iptables -nL --line-num
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 4
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-----------------------------------------------------------
- iptables nat rules --------------------------------------
panic:~# iptables -nL --line-num -t nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
redir ports 3128
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-----------------------------------------------------------
===
Its only simple rules for iptables, wish someone could give me some light on
my problems.
--
thanks,
louie miranda
----- Original Message -----
From: "jereme" <jereme@rmcnet.cc>
To: <debian-user@lists.debian.org>
Sent: Wednesday, February 26, 2003 11:04 PM
Subject: Re: managing another network route, can't connect to it! Pls see!
> Hi Louie,
>
> "louie miranda" <lmiranda@chikka.com> writes:
> > Consider the following network: (kindly view the attached txt file for a
> > nicer one)
> >
> > inet
> > |
> > |
> > |203.190.72.108
> > *-----------------*
> > 10.0.0.1| eth0 |none
> > /----|eth1 eth2|------\ new
network
> > block pipe
> > | | LINUX GW | line cut *--------*
> > 192.168.129.x/24 (network)
> > | *-----------------* | |
> > 10.0.0.2, gw for 192.168.129.x/24 block under LINUX GW
> > | | 192.x |
> > | | |
> > *HUB*-----------------------------------------*--------*
> > | cisco
2600
> > router ip of this router is: 10.0.0.2
> > |
> > |
> > *--* *--* *--*
> > | | | | | |
> > | | | | | |
> > *--* *--* *--*
> > workstations
> > 10.0.0.0/16 block
> >
> >
> > interface:
> > - eth0 = 203.190.72.108, default gw.
> > - eth1 = 10.0.0.0/16, local area network.
> > - eth2 = none
> >
> >
> >
> > ===========
> >
> > Right now im inside 10.0.0.0/16 block, my ip is 10.0.0.11 and my default
gw
> > is via 203.190.72.108.
>
> I think that you mean your default gateway is 10.0.0.1, if your ws has
> a /16 netmask, as you say.
>
>
> > I can access ip block 192.168.129.x on my LINUX GW perfectly. But when
im on
> > my workstations on
> > 10.0.0.11 block i cannot even ping 192.168.129.x block. Which could be
> > possibly be wrong?
>
> For the hosts on the 10.0.0.0/16 network, like your ws, you have to
> add a route for the 192.168.129.0/24 network via 10.0.0.2, axactly as
> you have done for the linux gateway.
>
> As it stands now, if the 10.0.0.0/16 hosts have only a local route and
> a default route, they are sending datagrams bound for the
> 192.168.129.0/24 network to their default gw. Though this is not as
> efficient as having those hosts use the 10.0.0.2 router, it does save
> you the headache of setting static routes on each system. To get this
> to work, I would suspect the problem lies in the filtering and
> mangallind rules on the gw. You can post those rules, if you are
> comfortable with that and you want more help.
>
>
>
> hth,
> jereme
>
> --
> +--------------------------------------------------------------+
> Jereme Corrado <jereme@restorative-management.com>
> System Administrator
> Restorative Management Corp.
>
> gpg: 1024D/9C39E1F0
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
- my kernel routing table GW ------------------------------
panic:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
203.190.72.104 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.129.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 203.190.72.110 0.0.0.0 UG 0 0 0 eth0
-----------------------------------------------------------
- i add another ip over 192.168.129.x block ---------------
eth1:2 Link encap:Ethernet HWaddr 00:60:08:1F:21:5B
inet addr:192.168.129.50 Bcast:192.168.129.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0xb400
-----------------------------------------------------------
- iptables rules ------------------------------------------
panic:~# iptables -nL --line-num
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-----------------------------------------------------------
- iptables nat rules --------------------------------------
panic:~# iptables -nL --line-num -t nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-----------------------------------------------------------
Reply to: