LARTC - Sep 2003 - Routing problem

Internet
		|
		|
	________|________
	|		|
	| Cisco 2600	|                   		                	        |   		|   
IP: 208.53.98.254               
	|_______________|
		|
		|	
		|
		|
		|	
		|
	________|_________
	|		|
	|     Switch 1	|                   		                    
	|_______________|
	
		|	
		|
		|
		|	
		|
	       ETH0 ---> IP:208.53.98.198        Net 208.53.98.0/25
	________|________
	|		|
   	|    Linux      | 
	|_______________|
		|
	       ETH1 --> IP:208.53.164.254    Net 208.53.164.0/24		
		|
		|
	________|_________
	|		|
	|     Switch 2	| ------ Clients                   		                    
       
	|_______________|
			
Red Hat Linux 9
Kernel: 2.4.20-8
I used the traditional routing config (without iproute2)


Routing table:

208.53.98.128   0.0.0.0         255.255.255.128 U                   0 eth0
208.53.164.0    0.0.0.0         255.255.255.0   U                   0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U                   0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U                   0 lo
0.0.0.0         208.53.98.254   0.0.0.0         UG                  0 eth0

		
Cisco 2600 config:

ip route 208.53.164.0 255.255.255.0 208.53.98.198


Problem:

This configuration didn''t work. From the clients network (208.53.164.0)
I
could only reach the Cisco router but was unable to reach Internet. 

The only quick solution was to connect Switch 1 with Switch 2.


Any ideas why this didn''t work? 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

gaston wrote:
> Problem:
> This configuration didn''t work. From the clients network
(208.53.164.0) I
> could only reach the Cisco router but was unable to reach Internet. 
> 
> The only quick solution was to connect Switch 1 with Switch 2.
> Any ideas why this didn''t work? 
did you have IP forwarding enabled and the appropriate iptables rules on the
linux box ?
for pure routing:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

If you already done that, where does a traceroute from the clients''
network
(208.53.164.0) go ?   does it try to go through 208.53.164.254?
does it go anywhere after ?

good luck.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear ---                           ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Mon, 2003-09-08 at 01:03, Damion de Soto wrote:
> gaston wrote:
> > Problem:
> > This configuration didn''t work. From the clients network
(208.53.164.0) I
> > could only reach the Cisco router but was unable to reach Internet. 
> > 
> > The only quick solution was to connect Switch 1 with Switch 2.
> > Any ideas why this didn''t work? 
> 
> did you have IP forwarding enabled and the appropriate iptables rules on
the linux box ?
> for pure routing:
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> 
> If you already done that, where does a traceroute from the
clients'' network
> (208.53.164.0) go ?   does it try to go through 208.53.164.254?
> does it go anywhere after ?

in addition, was the cisco aware that the route to 
208.53.164.0/24 was thru the linux ?

post the routing table from the cisco also.

still good luck
-- 
Ronny Aasen <list@datapart-as.no>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Well, I don''t think its the cisco''s problem. I think there is
something
wrong with my linux routing config , here it is:

/proc/sys/net/ipv4 


icmp_echo_ignore_all:0
icmp_echo_ignore_broadcasts:0
icmp_ignore_bogus_error_responses:0
icmp_ratelimit:100
icmp_ratemask:6168
igmp_max_memberships:20
inet_peer_gc_maxtime:120
inet_peer_gc_mintime:10
inet_peer_maxttl:600
inet_peer_minttl:120
inet_peer_threshold:65664
ip_autoconfig:0
ip_conntrack_max:32656
ip_default_ttl:64
ip_dynaddr:0
ip_forward:1
ipfrag_high_thresh:262144
ipfrag_low_thresh:196608
ipfrag_time:30
ip_local_port_range:32768       61000
ip_nonlocal_bind:0
ip_no_pmtu_disc:0
tcp_abort_on_overflow:0
tcp_adv_win_scale:2
tcp_app_win:31
tcp_dsack:1
tcp_ecn:0
tcp_fack:1
tcp_fin_timeout:60
tcp_frto:0
tcp_keepalive_intvl:75
tcp_keepalive_probes:9
tcp_keepalive_time:7200
tcp_max_orphans:16384
tcp_max_syn_backlog:1024
tcp_max_tw_buckets:180000
tcp_mem:97280   97792   98304
tcp_orphan_retries:0
tcp_reordering:3
tcp_retrans_collapse:1
tcp_retries1:3
tcp_retries2:15
tcp_rfc1337:0
tcp_rmem:4096   87380   174760
tcp_sack:1
tcp_stdurg:0
tcp_synack_retries:5
tcp_syncookies:0
tcp_syn_retries:5
tcp_timestamps:1
tcp_tw_recycle:0
tcp_tw_reuse:0
tcp_window_scaling:1
tcp_wmem:4096   16384   131072


/proc/sys/net/ipv4/conf/ethX


accept_redirects:1
accept_source_route:1
arp_filter:0
bootp_relay:0
forwarding:1
log_martians:0
mc_forwarding:0
medium_id:0
proxy_arp:0
rp_filter:1
secure_redirects:1
send_redirects:1
shared_media:1
tag:0




-----Original Message-----
From: Ani <an2rhyme@yahoo.com>
To: gaston <gaston@steel.com.ar>
Date: Sat, 6 Sep 2003 03:07:14 -0700 (PDT)
Subject: Re: [LARTC] Routing problem
> if u r able to reach from ur client machine to cisco router ( but not
> outside ) then its the cisco configuration u need to check... send the
> cisco config and we can get back to u.
> 
> gaston <gaston@steel.com.ar> wrote:
> Internet
> |
> |
> ________|________
> | |
> | Cisco 2600 | | | 
> IP: 208.53.98.254 
> |_______________|
> |
> | 
> |
> |
> | 
> |
> ________|_________
> | |
> | Switch 1 | 
> |_______________|
> 
> | 
> |
> |
> | 
> |
> ETH0 ---> IP:208.53.98.198 Net 208.53.98.0/25
> ________|________
> | |
> | Linux | 
> |_______________|
> |
> ETH1 --> IP:208.53.164.254 Net 208.53.164.0/24 
> |
> |
> ________|_________
> | |
> | Switch 2 | ------ Clients 
> 
> |_______________|
> 
> Red Hat Linux 9
> Kernel: 2.4.20-8
> I used the traditional routing config (without iproute2)
> 
> 
> Routing table:
> 
> 208.53.98.128 0.0.0.0 255.255.255.128 U 0 eth0
> 208.53.164.0 0.0.0.0 255.255.255.0 U 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 lo
> 0.0.0.0 208.53.98.254 0.0.0.0 UG 0 eth0
> 
> 
> Cisco 2600 config:
> 
> ip route 208.53.164.0 255.255.255.0 208.53.98.198
> 
> 
> Problem:
> 
> This configuration didn''t work. From the clients network
(208.53.164.0)
> I
> could only reach the Cisco router but was unable to reach Internet. 
> 
> The only quick solution was to connect Switch 1 with Switch 2.
> 
> 
> Any ideas why this didn''t work? 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> 
> Message: 1
> Subject: Re: [LARTC] Routing problem
> From: Ronny Aasen <list@datapart-as.no>
> To: lartc <lartc@mailman.ds9a.nl>
> Cc: Damion de Soto <damion@snapgear.com>
> Organization: 
> Date: 08 Sep 2003 08:41:46 +0200
> 
> On Mon, 2003-09-08 at 01:03, Damion de Soto wrote:
> > gaston wrote:
> > > Problem:
> > > This configuration didn''t work. From the clients network
> (208.53.164.0) I
> > > could only reach the Cisco router but was unable to reach
Internet.
> > > 
> > > The only quick solution was to connect Switch 1 with Switch 2.
> > > Any ideas why this didn''t work? 
> > 
> > did you have IP forwarding enabled and the appropriate iptables rules
> on the linux box ?
> > for pure routing:
> > 
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> > iptables -P INPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> > iptables -P OUTPUT ACCEPT
> > 
> > If you already done that, where does a traceroute from the
clients''
> network 
> > (208.53.164.0) go ?   does it try to go through 208.53.164.254?
> > does it go anywhere after ?
> 
> 
> in addition, was the cisco aware that the route to 
> 208.53.164.0/24 was thru the linux ?
> 
> post the routing table from the cisco also.
> 
> still good luck
> -- 
> Ronny Aasen <list@datapart-as.no>
> 
> 
> --__--__--
Yes, the cisco knows that everything going to the net 208.53.164.0 goes
through the linux.

I did a traceroute from one of the clients to cisco''s website ip:

1st hop --> 208.53.164.254
2nd hop --> Time out
3d --> Time out
and so on

while doing this i sniffed with ethereal:

source            dest 
 
208.53.164.2      208.53.98.254(dns)           standard query ptr 
208.53.164.2      208.53.98.254(dns)           destination unreachable
208.53.164.2      198.133.219.25               echo ping request

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/