Hi All,
I have the following setup on redhat linux 8.0 ...
eth 0
192.168.1.50
\
|--------------| \
|--------------|
-----------------| gateway 1|-------------------------|gateway2 |
/|_______ |\
|--------------|
/ \ /
\
eth0 eth1 - /
\
61.X.X.X 192.168.1.1 eth1
eth2
(public) | 192.168.2.51
192.168.3.52
|
|
------------
|
| BOX 1 |
----------------
-------------
| Box 3 |
192.168.1.101
---------------
192.168.3.101
My Problem is
A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any comments
or reasons why?
B) I have figured out that if I enable Masquerading then problem A is
solved. Can someone explain why?
C) Is it possible without Masquerading ?
I am in a fix and any Help would be very much appreciated...??
Thanks and Regards
Dp
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I cannot read your diagram because you are using proportional spaced fonts instead of monospaced. Not everyone has the same font spacing as you unless you use monospaced. David On Wed, 12 Mar 2003 13:39:28 -0800 Dhirendra Pal Singh <list@actiswitch.com> wrote:> Hi All, > I have the following setup on redhat linux 8.0 ... > > eth 0 > 192.168.1.50 > \ > |--------------| \ > |--------------| > -----------------| gateway 1|-------------------------|gateway2 | > /|_______ |\ > |--------------| > / \ / > \ > eth0 eth1 - / > \ > 61.X.X.X 192.168.1.1 eth1 > eth2 > (public) | 192.168.2.51 > 192.168.3.52 > | > | > ------------ > | > | BOX 1 | > ---------------- > ------------- > | Box 3 | > 192.168.1.101 > --------------- > > 192.168.3.101 > > My Problem is > > A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any comments > or reasons why? > B) I have figured out that if I enable Masquerading then problem A is > solved. Can someone explain why? > C) Is it possible without Masquerading ? > > I am in a fix and any Help would be very much appreciated...?? > > Thanks and Regards > Dp > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi All.. I think the image got screwed up... I am giving the description again.. Dsl feed goes to gateway 1. Its internal ip address is of 192.168.1.XXX. Now from here goes the feed to another gateway which eth0 ip address is 192,168.1.50. It has 2 more eth - eth1 and eth2. Their ip address are 192.168.2.51 and 192.168.3.XXX respectively. Now my problem is that all the computers connect to 192.168.2.XXX are unable to point to the computers of 192.168.1.XXX. Though strangely I can ping to 192.168.1.1 wich is the internal ip address of the gateway 1. Can someone help me whith this configuration...? rest question are below.. Thanks in advance .. dp Dhirendra Pal Singh wrote:> Hi All, > I have the following setup on redhat linux 8.0 ... > > eth 0 > 192.168.1.50 > \ > |--------------| \ > |--------------| > -----------------| gateway 1|-------------------------|gateway2 | > /|_______ |\ > |--------------| > / \ > / \ > eth0 eth1 - > / \ > 61.X.X.X 192.168.1.1 eth1 > eth2 > (public) | > 192.168.2.51 192.168.3.52 > | > | > ------------ > | > | BOX 1 > | > ---------------- > ------------- > | Box > BOX 3 | > 192.168.1.101 > --------------- > > 192.168.3.101 > > My Problem is > > A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any > comments or reasons why? > B) I have figured out that if I enable Masquerading then problem A is > solved. Can someone explain why? > C) Is it possible without Masquerading ? > > I am in a fix and any Help would be very much appreciated...?? > > Thanks and Regards > Dp > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Dhirendra,
: Dsl feed goes to gateway 1. Its internal ip address is of 192.168.1.XXX.
: Now from here goes the feed to another gateway which eth0 ip address is
: 192,168.1.50. It has 2 more eth - eth1 and eth2. Their ip address are
: 192.168.2.51 and 192.168.3.XXX respectively.
: Now my problem is that all the computers connect to 192.168.2.XXX are
: unable to point to the computers of 192.168.1.XXX. Though strangely I
: can ping to 192.168.1.1 wich is the internal ip address of the gateway 1.
Is this your network, or did I mangle it in reconstruction?
eth0
192.168.1.50
\
|----------| |----------|
| gateway 1|-------------------------| gateway2 |
/|__________|\ | |----------|
/ \ | / \
eth0 eth1 | / \
61.X.X.X 192.168.1.1 | eth1 eth2
(public) | 192.168.2.51 192.168.3.52
| |
------------ |
| BOX 1 | -------------
------------ | Box 3 |
192.168.1.101 -------------
192.168.3.101
You can ping 192.168.1.1 because it is a locally hosted IP on the default
gateway of the machines in the 192.168.2.0/24 network.
: I have the following setup on redhat linux 8.0 ...
:
: A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any
: comments or reasons why?
It looks like you have a common routing problem. If you examine the
routing tables on gateway 1 and box 1, they are probably missing routes
to 192.168.3.0/24 and 192.168.2.0/24 via 192.168.1.50. Host 1 probably
has a default route to 192.168.1.1 and gateway 1 certainly doesn''t have
a
default route pointing *into* your network.
<gripe>
This is not really a LAR (and certainly not a TC) question. This is a
basic routing question. Let''s try to keep these questions off the
LARTC
list....this is probably better for a forum like comp.os.linux.networking
or a LUG.
</gripe>
<helpful-hat>
You may find some of my documentation useful in conceptualizing static
routing:
http://linux-ip.net/
http://linux-ip.net/html/ch-routing.html
For others who are following along with questions like this, I would
recommend using a network analyzer of some kind to look at the packets on
each of the machines involved.
- use tcpdump or ethereal on each affected router and end-host
- generate regular traffic (ping, nc, socat, etc.) while trying to
determine where the packets are getting dropped or misrouted
</helpful-hat>
So, Dhirendra:
Remove the masquerading from gateway2
[root@box1]# ip route add 192.168.3.0/24 via 192.168.1.50
[root@box1]# ip route add 192.168.2.0/24 via 192.168.1.50
[user@box3]$ ping -n 192.168.1.101
You should get a response.
[root@box2]# ip route add 192.168.3.0/24 via 192.168.1.50
[root@box2]# ip route add 192.168.2.0/24 via 192.168.1.50
: B) I have figured out that if I enable Masquerading then problem A is
: solved. Can someone explain why?
Because you are changing the source IP on the packets to a 192.168.1.0/24.
When you do this, the other hosts in 192.168.1.0/24 have a direct route
for reply packets.
: C) Is it possible without Masquerading ?
Yes.
-Martin
Anybody think a LARTC FAQ is a good idea?
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks to David and Martin,
Okay I am copying the diagram again.. I remade it in acsi and replaced
the tabs with space.Have tested it on my box by sending the email to
myself and another box. It looks fine..
I hope it dosent breaks this time
eth 0 192.168.1.50
\
|----------| \ |--------------|
-----------------| gateway 1|-------------------------|gateway2 |
/|_______ |\ |--------------|
/ \ / \
eth0 eth1 - / \
61.X.X.X 192.168.1.1 eth1
eth2
(public) | 192.168.2.51
192.168.3.52
| |
------------ |
| BOX 1 |
-----------------
------------- | Box
3 |
192.168.1.101
---------------
192.168.3.101
My Problem is
A) I am unable to ping from Box 3 (192.168.3.101) to Box
1(192.168.1.101). Any comments or reasons why?
B) I have figured out that if I enable Masquerading then problem A is
solved. Can someone explain why?
C) Is it possible without Masquerading ?
I am in a fix and any Help would be very much appreciated...??
Thanks and Regards
Dp
Dhirendra Pal Singh wrote:
> Hi All..
> I think the image got screwed up...
> I am giving the description again..
>
> Dsl feed goes to gateway 1. Its internal ip address is of
> 192.168.1.XXX. Now from here goes the feed to another gateway which
> eth0 ip address is 192,168.1.50. It has 2 more eth - eth1 and eth2.
> Their ip address are 192.168.2.51 and 192.168.3.XXX respectively.
> Now my problem is that all the computers connect to 192.168.2.XXX are
> unable to point to the computers of 192.168.1.XXX. Though strangely I
> can ping to 192.168.1.1 wich is the internal ip address of the gateway 1.
>
> Can someone help me whith this configuration...?
> rest question are below..
> Thanks in advance ..
> dp
>
> Dhirendra Pal Singh wrote:
>
>> Hi All,
>> I have the following setup on redhat linux 8.0 ...
>>
>> eth 0
>> 192.168.1.50
>> \
>> |--------------| \
>> |--------------|
>> -----------------| gateway 1|-------------------------|gateway2 |
>> /|_______ |\
>> |--------------|
>> / \
>> / \
>> eth0 eth1 -
>> / \
>> 61.X.X.X 192.168.1.1 eth1
>> eth2
>> (public) |
>> 192.168.2.51 192.168.3.52
>> |
>> |
>> ------------
>> |
>> | BOX 1
>> |
>> ----------------
>> -------------
>> | Box
>> BOX 3 |
>>
>> 192.168.1.101 ---------------
>>
>> 192.168.3.101
>>
>> My Problem is
>>
>> A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any
>> comments or reasons why?
>> B) I have figured out that if I enable Masquerading then problem A is
>> solved. Can someone explain why?
>> C) Is it possible without Masquerading ?
>>
>> I am in a fix and any Help would be very much appreciated...??
>>
>> Thanks and Regards
>> Dp
>>
>>
>>
>> _______________________________________________
>> LARTC mailing list / LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>
>>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks a lot once again Martin. Yes this is the correct diagra. Mean while I have agian posted my question with the diagram fixed. Please ignore it. Got your point Martin about why its not working. I will try it later again. I apologise for posting the wrong question.. and thank once again to Martin for taking the pains to correct the diagram and sending and answer. I was in a fix and didnt knew where to send the question. I paniced.. sorry.. I will take care of this in future.. Thanks Dp Martin A. Brown wrote:>Dhirendra, > > : Dsl feed goes to gateway 1. Its internal ip address is of 192.168.1.XXX. > : Now from here goes the feed to another gateway which eth0 ip address is > : 192,168.1.50. It has 2 more eth - eth1 and eth2. Their ip address are > : 192.168.2.51 and 192.168.3.XXX respectively. > : Now my problem is that all the computers connect to 192.168.2.XXX are > : unable to point to the computers of 192.168.1.XXX. Though strangely I > : can ping to 192.168.1.1 wich is the internal ip address of the gateway 1. > >Is this your network, or did I mangle it in reconstruction? > > > eth0 > 192.168.1.50 > \ > |----------| |----------| > | gateway 1|-------------------------| gateway2 | > /|__________|\ | |----------| > / \ | / \ > eth0 eth1 | / \ > 61.X.X.X 192.168.1.1 | eth1 eth2 >(public) | 192.168.2.51 192.168.3.52 > | | > ------------ | > | BOX 1 | ------------- > ------------ | Box 3 | > 192.168.1.101 ------------- > 192.168.3.101 > > >You can ping 192.168.1.1 because it is a locally hosted IP on the default >gateway of the machines in the 192.168.2.0/24 network. > > : I have the following setup on redhat linux 8.0 ... > : > : A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any > : comments or reasons why? > >It looks like you have a common routing problem. If you examine the >routing tables on gateway 1 and box 1, they are probably missing routes >to 192.168.3.0/24 and 192.168.2.0/24 via 192.168.1.50. Host 1 probably >has a default route to 192.168.1.1 and gateway 1 certainly doesn''t have a >default route pointing *into* your network. > ><gripe> >This is not really a LAR (and certainly not a TC) question. This is a >basic routing question. Let''s try to keep these questions off the LARTC >list....this is probably better for a forum like comp.os.linux.networking >or a LUG. ></gripe> > ><helpful-hat> >You may find some of my documentation useful in conceptualizing static >routing: > > http://linux-ip.net/ > http://linux-ip.net/html/ch-routing.html > >For others who are following along with questions like this, I would >recommend using a network analyzer of some kind to look at the packets on >each of the machines involved. > > - use tcpdump or ethereal on each affected router and end-host > - generate regular traffic (ping, nc, socat, etc.) while trying to > determine where the packets are getting dropped or misrouted ></helpful-hat> > >So, Dhirendra: > >Remove the masquerading from gateway2 > >[root@box1]# ip route add 192.168.3.0/24 via 192.168.1.50 >[root@box1]# ip route add 192.168.2.0/24 via 192.168.1.50 >[user@box3]$ ping -n 192.168.1.101 > >You should get a response. > >[root@box2]# ip route add 192.168.3.0/24 via 192.168.1.50 >[root@box2]# ip route add 192.168.2.0/24 via 192.168.1.50 > > : B) I have figured out that if I enable Masquerading then problem A is > : solved. Can someone explain why? > >Because you are changing the source IP on the packets to a 192.168.1.0/24. >When you do this, the other hosts in 192.168.1.0/24 have a direct route >for reply packets. > > : C) Is it possible without Masquerading ? > >Yes. > >-Martin > >Anybody think a LARTC FAQ is a good idea? > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Not sure I can help, but I would try using ''traceroute'' to see how far your packets travel. My guess is that your have: - A mal-formed routing table on the box using Masquerading. For a network like yours, consider using a dynamic routing deamon like ''gated'' or ''routed'', if you are having problems. - You do not have packet-forwarding switched on. Look at the output of ''cat /proc/sys/net/ipv4/ip_forward''. Ensure it''s set to ''1''. - Your iptables/ipchains do not have the forwarding chain is set to ''-j ACCEPT'' for the relevent connection. Check the default policy as well. - Your iptables/ipchains are blocking you connection, which NAPT bypasses. - Your netmasks are incorrect. I guess all your networks are sudo-Class-C? Ensure they are all set to ''255.255.255.0'' or ''/24''. Ben. Dhirendra Pal Singh wrote:> Thanks to David and Martin, > > Okay I am copying the diagram again.. I remade it in acsi and replaced > the tabs with space.Have tested it on my box by sending the email to > myself and another box. It looks fine.. > > I hope it dosent breaks this time > > > > eth 0 192.168.1.50 > \ > |----------| \ |--------------| > -----------------| gateway 1|-------------------------|gateway2 | > /|_______ |\ |--------------| > / \ / \ > eth0 eth1 - / \ > 61.X.X.X 192.168.1.1 eth1 > eth2 > (public) | 192.168.2.51 > 192.168.3.52 > | | > ------------ | > | BOX 1 | > ----------------- > ------------- | Box > 3 | > 192.168.1.101 > --------------- > > 192.168.3.101 > My Problem is > > A) I am unable to ping from Box 3 (192.168.3.101) to Box > 1(192.168.1.101). Any comments or reasons why? > B) I have figured out that if I enable Masquerading then problem A is > solved. Can someone explain why? > C) Is it possible without Masquerading ? > > I am in a fix and any Help would be very much appreciated...?? > > Thanks and Regards > Dp > > > Dhirendra Pal Singh wrote: > >> Hi All.. >> I think the image got screwed up... >> I am giving the description again.. >> >> Dsl feed goes to gateway 1. Its internal ip address is of >> 192.168.1.XXX. Now from here goes the feed to another gateway which >> eth0 ip address is 192,168.1.50. It has 2 more eth - eth1 and eth2. >> Their ip address are 192.168.2.51 and 192.168.3.XXX respectively. >> Now my problem is that all the computers connect to 192.168.2.XXX are >> unable to point to the computers of 192.168.1.XXX. Though strangely I >> can ping to 192.168.1.1 wich is the internal ip address of the gateway 1. >> >> Can someone help me whith this configuration...? >> rest question are below.. >> Thanks in advance .. >> dp >> >> Dhirendra Pal Singh wrote: >> >>> Hi All, >>> I have the following setup on redhat linux 8.0 ... >>> >>> eth 0 >>> 192.168.1.50 >>> \ >>> |--------------| \ >>> |--------------| >>> -----------------| gateway 1|-------------------------|gateway2 | >>> /|_______ |\ >>> |--------------| >>> / \ >>> / \ >>> eth0 eth1 - >>> / \ >>> 61.X.X.X 192.168.1.1 eth1 >>> eth2 >>> (public) | >>> 192.168.2.51 192.168.3.52 >>> | >>> | >>> ------------ >>> | >>> | BOX 1 >>> | >>> ---------------- >>> ------------- >>> | Box >>> BOX 3 | >>> >>> 192.168.1.101 --------------- >>> >>> 192.168.3.101 >>> >>> My Problem is >>> >>> A) I am unable to ping from Box 3 (192.168.3.101) to Box 1. Any >>> comments or reasons why? >>> B) I have figured out that if I enable Masquerading then problem A is >>> solved. Can someone explain why? >>> C) Is it possible without Masquerading ? >>> >>> I am in a fix and any Help would be very much appreciated...?? >>> >>> Thanks and Regards >>> Dp >>> >>> >>> >>> _______________________________________________ >>> LARTC mailing list / LARTC@mailman.ds9a.nl >>> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >>> >>> >> >> >> _______________________________________________ >> LARTC mailing list / LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> >> > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/