Re: Seriously confused about linux routing
- From: melement@xxxxxxxxx
- Date: Mon, 30 Jul 2007 20:57:16 -0000
On Jul 30, 1:39 pm, melem...@xxxxxxxxx wrote:
On Jul 27, 10:51 pm, fl...@xxxxxxxxxx (Floyd L. Davidson) wrote:
melem...@xxxxxxxxx wrote:
Ok, so, what I'm trying to do is to route between to 10.0.0.0/16
subnets.
There are two computers, connected via VPN, that are involved with the
routing.
Server 1: IP Address 10.10.0.1 and 192.168.1.1
Server 2: IP Address 10.15.0.2 and 192.168.1.2
The VPN is connecting the computers via the 192. addresses. I'm
trying to route traffic originating at 10.10.0.0/16 and direct it to
the 10.15.0.0/16 subnet and vise versa, also, beyond that, I'm trying
to route all internet-bound traffic on 10.10.0.0/16 out through the
10.15.0.0/16 network.
I have enabled ip_forward on both servers ( echo 1 > /proc/sys/net/
ipv4/ip_forward and editted /etc/sysctl.conf for future reboots, etc.)
So far, for the routing tables, on Server 1:
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
10.15.0.0 192.168.1.2 255.255.0.0 UG 0 0 0
eth1
0.0.0.0 192.168.1.2 0.0.0.0 UG 0
0 0 eth0
On Server 2:
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
10.10.0.0 192.168.1.1 255.255.0.0 UG 0 0 0
eth1
0.0.0.0 10.15.0.1 0.0.0.0 UG 0 0
0 eth0
It appears that these two servers can communicate, and even access
computers on the other subnets, however, I'm having problems with the
internet connection from 10.10.0.0/16 routing out through the
10.15.0.0/16 (10.15.0.1 gateway specifically).
How can I get this to work?
On Server 1, the default route is now,
0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth0
So all Internet traffic is going to be sent to host
192.168.1.2, but it will be sent on the eth0
interface... and there is no such IP address on that
subnet. The 192.168.1.2 host is connected via the eth1
interface.
Just change the default route, which should be
0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth1
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) fl...@xxxxxxxxxx
Thanks Floyd, that worked perfectly.
Now I'm trying to configure iptables to allow me to use these machines
as routers.
Using the same machine setup as I had above (eth0:10.0.0.0 addresses
eth1: 192.168.0.0 addresses) I'm trying to configure NAT properly on
the the machines.
This is what I have tried, and I know I'm getting close, but I'm just
not quite there with the iptables rules.
On the 10.15.0.2 machine:
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.2 --to
10.15.0.2
On the 10.10.0.1 machine:
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s 192.168.1.1 --to
10.10.0.1
Some generally "funkiness" goes on, that I'm haven't quite been able
to solve. While I'm on the 10.15.0.2 machine, I will try to ping
192.168.1.1 but I was unable to.
What am I doing wrong with my iptables rules now?
Thanks
So, looking at a tcpdump, while on the 10.15.0.2 machine, with the
iptable rules active, I can see the packets leaving a machine,
10.15.0.10 (set to route all packets through 10.15.0.2) I see the
packets heading towards their destination of 10.10.0.12, but I don't
see any packets being returned.
.
- References:
- Seriously confused about linux routing
- From: melement
- Re: Seriously confused about linux routing
- From: Floyd L. Davidson
- Re: Seriously confused about linux routing
- From: melement
- Seriously confused about linux routing
- Prev by Date: Re: Seriously confused about linux routing
- Next by Date: Re: Ebtables to stop DHCP and ARP
- Previous by thread: Re: Seriously confused about linux routing
- Next by thread: Re: Seriously confused about linux routing
- Index(es):
Relevant Pages
|
|
