Routing again...
- From: mike <mike@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: 8 May 2007 23:45:30 -0700
Hello,
I was wondering whether anyone could see where I'm going wrong with my
setup.
I have the following
172.23.224.0/22 |---------------------------------|
192.168.20.0/22
------------> | Linux box with 2 nics
|------------------>
| eth0=192.168.23.123/22
|
| eth1=172.23.225.1/22 |
----------------------------------
All I want to do is contact and connect to my 192 subnet from my 172
subnet.
I have checked forwarding with =
cat /proc/sys/net/ipv4/ip_forward
1
The route command outputs like this =
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
172.23.224.0 * 255.255.252.0 U 0 0
0 eth1
192.168.20.0 * 255.255.252.0 U 0 0
0 eth0
default 192.168.20.1 0.0.0.0 UG 0 0
0 eth0
I have a (windows) laptop with the following IP status =
ip=172.23.225.5 netmask=255.255.252.0 gw=172.23.225.1
( I went back after a bank-holiday weekend and now the laptop needs a
gw of 192.168.20.1 to ping both NICS on the Linux - confusing or
what?)
I have a cmd window open (on laptop) and I'm trying to ping ANY
machine on the 192.168.20.0/22 subnet - all I can ping is eth0 and
eth1 on the 'Nix box -
so forwarding/routing is KIND of working, but I'm not sure where to
go
from here - I've checked /var/log/messages but no real feedback.
I then try the following command to ping anything on the 192 subnet =
route add -net 192.168.20.0 netmask 255.255.252.0 dev eth1
No difference.....just slow at refreshing 'route' command
I tried the following commands to ping anything on the 192 subnet =
route add -net 172.23.224.0 netmask 255.255.252.0 gw 192.168.23.123
dev eth0
route add -net 192.168.20.0 netmask 255.255.252.0 gw 172.23.225.1 dev
eth1
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
and the output was=
The route command outputs like this =
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
172.23.224.0 172.23.225.1 255.255.252.0 UG 0 0
0 eth1
172.23.224.0 * 255.255.252.0 U 0
0 0 eth1
192.168.20.0 192.168.23.123 255.255.252.0 UG 0 0
0 eth0
192.168.20.0 * 255.255.252.0 U 0
0 0 eth0
default 192.168.20.1 0.0.0.0 UG 0
0 0 eth0
The iptables -v -L command outputs this =
Chain INPUT (policy ACCEPT 24264 packets, 4068K bytes)
<-----------------somethings going on......
pkts bytes target prot opt in out source
destination
31676 4423K ACCEPT all -- eth1 any anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth1 eth0 anywhere
anywhere
Chain OUTPUT (policy ACCEPT 8738 packets, 524K bytes)
<-----------------somethings going on......
pkts bytes target prot opt in out source
destination
11 700 ACCEPT all -- any eth0 anywhere
anywhere
I get the same results - no difference.
All I want to do is contact and connect to my 192 subnet from my 172
subnet - all the 'googling' I've done seems to point to a 'dead easy,
hands tied behind its back' type, but not here...unless I'm
misunderstanding routing?
I've looked at the man pages and here is a list of links I have also
been to.....
http://yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
http://enterprise.linux.com/article.pl?sid=05/04/10/2132252&tid=129
http://www.etoyoc.com/linux/iptables-lockdown.html
http://hnsg.net/tutorials/routing_firewall.html
http://www.techworld.com/opsys/features/index.cfm?featureid=352
http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en.html
http://www.faqs.org/docs/linux_network/x-087-2-issues.routing.html
plus others......
I am pulling my hair out over this...
- BTW I am a school (UK) network administrator (windoz) with limited
time to get involved with Linux, but I feel it has a lot to offer as a
supplement to the Education departments
insistence on using Microsoft everywhere and I suppose it is down to
us administrators to learn, in our own time, all the benefits of Linux
and integrate it with MS, but it is difficult.
I have had limited success with basic things like Samba, Apache, FTP
etc. but this routing has got me puzzled.
..
- could anyone help please?
.
- Follow-Ups:
- Re: Routing again...
- From: Allen McIntosh
- Re: Routing again...
- From: elsiddik
- Re: Routing again...
- Prev by Date: Re: Apache Web Server
- Next by Date: rtl8185L chipset wlan pci adapters
- Previous by thread: Apache Web Server
- Next by thread: Re: Routing again...
- Index(es):
Relevant Pages
|
