Can anybody help me ? This is my configuration: eth0: 10.0.0.2/16 eth1: 10.0.0.1 (inet gateway) #ip ru l : 0: from all lookup local 32765: from 10.0.0.2 lookup tabla1 32766: from all lookup main 32767: from all lookup default #ip r l t tabla1 10.0.0.0/16 dev eth0 scope link src 10.0.0.2 127.0.0.0/8 dev lo scope link default via 10.0.0.1 dev eth0 #ip r l t main 10.0.0.0/16 dev eth0 scope link #ip r l t local broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 broadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.2 local 10.0.0.2 dev eth0 proto kernel scope host src 10.0.0.2 broadcast 10.0.255.255 dev eth0 proto kernel scope link src 10.0.0.2 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 why can''t i connect to inet ?? thanks -- Vaquer0 <vaquero@bucomsec.net> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
: This is my configuration: : : : eth0: 10.0.0.2/16 : eth1: 10.0.0.1 (inet gateway) : : #ip ru l : : : 0: from all lookup local : 32765: from 10.0.0.2 lookup tabla1 : 32766: from all lookup main : 32767: from all lookup default : : : #ip r l t tabla1 : : : 10.0.0.0/16 dev eth0 scope link src 10.0.0.2 : 127.0.0.0/8 dev lo scope link : default via 10.0.0.1 dev eth0 : : #ip r l t main : : 10.0.0.0/16 dev eth0 scope link [ local routing table snipped ] : why can''t i connect to inet ?? Probably because your router doesn''t have a way to send packets to 10.0.0.1 even if the source address on the outbound packet is 10.0.0.2. Add one more route to tabla1: # ip route add 10.0.0.1 dev eth1 table tabla1 # ip route change default via 10.0.0.1 dev eth1 table tabla1 Once you can ping 10.0.0.1 from your policy routing device, then you should be able to hit the Internet from the same device. You didn''t explain anything about what applications or functions this box hosts, so there''s nothing more to say here. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Martin, as you can see in my last post i have route to 10.0.0.1 in the main routing table , so i have ping to the gateway but i can''t connect to inet. : #ip r l t main> : > : 10.0.0.0/16 dev eth0 scope link >The only way to connect to inet is adding: ip r a default via 10.0.0.1 t main If i add the default gw in table main , i can connect to inet but i''d like to do this in other table. Can you help me ? thanks. On Mon, 2003-12-01 at 08:19, Martin A. Brown wrote:> : This is my configuration: > : > : > : eth0: 10.0.0.2/16 > : eth1: 10.0.0.1 (inet gateway) > : > : #ip ru l : > : > : 0: from all lookup local > : 32765: from 10.0.0.2 lookup tabla1 > : 32766: from all lookup main > : 32767: from all lookup default > : > : > : #ip r l t tabla1 > : > : > : 10.0.0.0/16 dev eth0 scope link src 10.0.0.2 > : 127.0.0.0/8 dev lo scope link > : default via 10.0.0.1 dev eth0 > : > : #ip r l t main > : > : 10.0.0.0/16 dev eth0 scope link > > [ local routing table snipped ] > > : why can''t i connect to inet ?? > > Probably because your router doesn''t have a way to send packets to > 10.0.0.1 even if the source address on the outbound packet is 10.0.0.2. > Add one more route to tabla1: > > # ip route add 10.0.0.1 dev eth1 table tabla1 > # ip route change default via 10.0.0.1 dev eth1 table tabla1 > > Once you can ping 10.0.0.1 from your policy routing device, then you > should be able to hit the Internet from the same device. > > You didn''t explain anything about what applications or functions this box > hosts, so there''s nothing more to say here. > > -Martin-- Vaquer0 <vaquero@bucomsec.net> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello again, : Martin, as you can see in my last post i have route to 10.0.0.1 in the : main routing table , so i have ping to the gateway but i can''t connect : to inet. OK. So, you can ping the gateway.....can you ping the gateway from the source IPs you want to have Internet access? But, before we cover that, we need to back up to the "Why?" question. You don''t explain enough for me to understand why you need the second routing table. In looking at your two routing tables, I don''t see any reason for two. : #ip r l t main : 10.0.0.0/16 dev eth0 scope link : : : The only way to connect to inet is adding: : : ip r a default via 10.0.0.1 t main : : If i add the default gw in table main , i can connect to inet but i''d : like to do this in other table. I have some questions, then: - Are the packets initiated from the Linux box? - What is the source IP on a packet which is not leaving the box in the manner you desire? Can you add an "ip rule" to define the characteristics of this packet? - Are you trying to force packets to be sourced from a particular IP? - Are you trying to block particular packets from getting to the Internet? : Can you help me ? I''ll most certainly try. : eth0: 10.0.0.2/16 : eth1: 10.0.0.1 (inet gateway) : : #ip ru l : : : 0: from all lookup local : 32765: from 10.0.0.2 lookup tabla1 : 32766: from all lookup main : 32767: from all lookup default : : : #ip r l t tabla1 : : : 10.0.0.0/16 dev eth0 scope link src 10.0.0.2 : 127.0.0.0/8 dev lo scope link : default via 10.0.0.1 dev eth0 : : #ip r l t main : : 10.0.0.0/16 dev eth0 scope link [ snipped some of my earlier ravings ] -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/