Matthew Boehm
2004-Dec-28 22:18 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
Hey gang, I was successful in recompiling my 2.4.20 kernel to support HDLC. I was successful in hooking up our T1 line into the zap card. I was successful in being able to ping equipment on the other end of the T1. I was unsuccessful in pinging the outside world from the other end of the T1. I've attached a cheezy image of the network. Here is the routing table: [root@asterisk root]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.5.2 * 255.255.255.255 UH 0 0 0 hdlc0 10.0.0.0 * 255.255.255.0 U 0 0 0 eth1 10.0.3.0 * 255.255.255.0 U 0 0 0 eth1 65.78.109.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 65.78.109.2 0.0.0.0 UG 0 0 0 eth0 There are 2 NICs (10.0.3.10, 65.78.109.10) and 1 T100P (10.0.5.1) on this box. Like I said above, from this machine I can ping everything in every attached network and the outside world. For some reason, I cannot ping the outside world if I am comming from the 10.0.0.* network on the diagram. From that network, I can ping 10.0.5.1 (this box) but nothing else. I'm a little stumped. My iptables are completly empty. If this is waaayyy off topic, please contact me off list. But I figured since it was related to the T100P it might be relevant. What can I use to find out why packets destined for the outside world (via 65.78.109.2) are not being routed? Thanks, Matthew -------------- next part -------------- A non-text attachment was scrubbed... Name: diagram.gif Type: image/gif Size: 5551 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20041228/251c5d3c/diagram.gif
Steven Critchfield
2004-Dec-28 22:30 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
On Tue, 2004-12-28 at 23:18 -0600, Matthew Boehm wrote:> Hey gang, > I was successful in recompiling my 2.4.20 kernel to support HDLC. I was > successful in hooking up our T1 line into the zap card. I was successful in > being able to ping equipment on the other end of the T1. I was unsuccessful > in pinging the outside world from the other end of the T1. > > I've attached a cheezy image of the network. Here is the routing table:And your cheezy network image shows you have not exhibited good networking knowledge. You show an internet clod in the middle of a point to point T1.> [root@asterisk root]# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.0.5.2 * 255.255.255.255 UH 0 0 0 > hdlc0 > 10.0.0.0 * 255.255.255.0 U 0 0 > 0 eth1Why is it you have 10.0.0.2 as a IP on the other end of a router on the T1 line and you are routing it out of the eth1 device.> 10.0.3.0 * 255.255.255.0 U 0 0 > 0 eth1 > 65.78.109.0 * 255.255.255.0 U 0 0 0 > eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 > 0 lo > default 65.78.109.2 0.0.0.0 UG 0 0 > 0 eth0 > > There are 2 NICs (10.0.3.10, 65.78.109.10) and 1 T100P (10.0.5.1) on this > box.> I'm a little stumped. My iptables are completly empty. If this is waaayyy > off topic, please contact me off list. But I figured since it was related to > the T100P it might be relevant.It just appears you have routing issues not anything related to the T100P card. The T100P card is passing traffic as it should and is no longer even a portion of your problem. You are into higher level protocols. -- Steven Critchfield <critch@basesys.com>
Gregory Junker
2004-Dec-28 22:30 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
> What can I use to find out why packets destined for the outside world (via > 65.78.109.2) are not being routed?Check with your ISP and make sure they have you set up correctly. I have had issues in the past with that. Fact is, if you can ping the far end, *and packets are returned*, then the problem is not in your setup. If packets were not being returned I would say that ARP was misconfigured for your T1 interface, but since you are getting packets back....it's not your problem. Call your ISP. BTW, I can ping the above IP from my machine just fine, so the rest of the world sees your T1 as well. Greg
Adam Fineberg
2004-Dec-28 22:31 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
Matthew Boehm wrote:>Hey gang, > I was successful in recompiling my 2.4.20 kernel to support HDLC. I was >successful in hooking up our T1 line into the zap card. I was successful in >being able to ping equipment on the other end of the T1. I was unsuccessful >in pinging the outside world from the other end of the T1. > >I've attached a cheezy image of the network. Here is the routing table: > >[root@asterisk root]# route >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use >Iface >10.0.5.2 * 255.255.255.255 UH 0 0 0 >hdlc0 >10.0.0.0 * 255.255.255.0 U 0 0 >0 eth1 >10.0.3.0 * 255.255.255.0 U 0 0 >0 eth1 >65.78.109.0 * 255.255.255.0 U 0 0 0 >eth0 >127.0.0.0 * 255.0.0.0 U 0 0 >0 lo >default 65.78.109.2 0.0.0.0 UG 0 0 >0 eth0 > >There are 2 NICs (10.0.3.10, 65.78.109.10) and 1 T100P (10.0.5.1) on this >box. > >Like I said above, from this machine I can ping everything in every attached >network and the outside world. For some reason, I cannot ping the outside >world if I am comming from the 10.0.0.* network on the diagram. From that >network, I can ping 10.0.5.1 (this box) but nothing else. > >Do you have net.ipv4.ip_forward set to 1 in /proc?>I'm a little stumped. My iptables are completly empty. If this is waaayyy >off topic, please contact me off list. But I figured since it was related to >the T100P it might be relevant. > >What can I use to find out why packets destined for the outside world (via >65.78.109.2) are not being routed? > >Try ethereal for packet watching. Adam
niles@atheos.net
2004-Dec-29 07:07 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
On Dec 29, 2004, at 12:18 AM, Matthew Boehm wrote:> Hey gang, > I was successful in recompiling my 2.4.20 kernel to support HDLC. I > was > successful in hooking up our T1 line into the zap card. I was > successful in > being able to ping equipment on the other end of the T1. I was > unsuccessful > in pinging the outside world from the other end of the T1. > > I've attached a cheezy image of the network. Here is the routing table: > > [root@asterisk root]# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.0.5.2 * 255.255.255.255 UH 0 0 > 0 > hdlc0 > 10.0.0.0 * 255.255.255.0 U 0 0 > 0 eth1 > 10.0.3.0 * 255.255.255.0 U 0 0 > 0 eth1 > 65.78.109.0 * 255.255.255.0 U 0 0 > 0 > eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 > 0 lo > default 65.78.109.2 0.0.0.0 UG 0 0 > 0 eth0 > > There are 2 NICs (10.0.3.10, 65.78.109.10) and 1 T100P (10.0.5.1) on > this > box. > > Like I said above, from this machine I can ping everything in every > attached > network and the outside world. For some reason, I cannot ping the > outside > world if I am comming from the 10.0.0.* network on the diagram. From > that > network, I can ping 10.0.5.1 (this box) but nothing else.appears that your box isn't configured for NAT, so you want to brush up on iptables. Most distributions make this pretty easy, and of course each distro has a different approach on where to find the preconfigured scripts. (google) Niles
Matthew Boehm
2004-Dec-29 07:13 UTC
[Asterisk-Users] OT: Linux routing with T100P problems
> And your cheezy network image shows you have not exhibited good > networking knowledge. You show an internet clod in the middle of a point > to point T1.That cloud pic only serves to show that there is a 30 mile gap between the two endpoints.> Why is it you have 10.0.0.2 as a IP on the other end of a router on the > T1 line and you are routing it out of the eth1 device.router1 is the main office router. All equipment in the office is in the 10.0.0.* network. And so the eth interface of router1 is 10.0.0.2. eth1 on the * box actually goes to a switch that connects to a PIX. I can send 10.0.*.* traffic out eth1 and the PIX routes it. -Matthew
On Tue, Dec 28, 2004 at 11:18:42PM -0600, Matthew Boehm wrote:> Hey gang, > I was successful in recompiling my 2.4.20 kernel to support HDLC. I was > successful in hooking up our T1 line into the zap card. I was successful in > being able to ping equipment on the other end of the T1. I was unsuccessful > in pinging the outside world from the other end of the T1. > > I've attached a cheezy image of the network. Here is the routing table: > > [root@asterisk root]# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.0.5.2 * 255.255.255.255 UH 0 0 0 > hdlc0 > 10.0.0.0 * 255.255.255.0 U 0 0 > 0 eth1 > 10.0.3.0 * 255.255.255.0 U 0 0 > 0 eth1 > 65.78.109.0 * 255.255.255.0 U 0 0 0 > eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 > 0 lo > default 65.78.109.2 0.0.0.0 UG 0 0 > 0 eth0 > > There are 2 NICs (10.0.3.10, 65.78.109.10) and 1 T100P (10.0.5.1) on this > box. > > Like I said above, from this machine I can ping everything in every attached > network and the outside world. For some reason, I cannot ping the outside > world if I am comming from the 10.0.0.* network on the diagram. From that > network, I can ping 10.0.5.1 (this box) but nothing else. > > I'm a little stumped. My iptables are completly empty. If this is waaayyy > off topic, please contact me off list. But I figured since it was related to > the T100P it might be relevant. > > What can I use to find out why packets destined for the outside world (via > 65.78.109.2) are not being routed? >Since 10.x.x.x is RFC1918 private space which no real-world addresses will/can reply to, you need to use masquerading (NAT) so that all of the packets to the "outside world" appear to come from a public routable address on the outside of your gateway box. -Dorn