Hi Everyone, My local subnet is 192.168.0.0/24 The linux box is 192.168.0.200 (eth0) and has a pppoe (ppp0) connection to the internet. I have a router with the ip address 192.168.0.1 that connects to a remote subnet 192.168.1.0/24. I add the route: ip route add 192.168.1.0/24 via 192.168.0.1 From the linux box I can ping any host on the 192.168.1.0/24 subnet however from a client on the network such as 192.168.0.10 that has the default gateway set to 192.168.0.200 when I try to ping 192.168.1.1 I get: Reply from 192.168.0.200: Destination host unreachable. Does anyone have any ideas? Do I need to NAT the traffic or add another route command? I have a standard shorewall config: INTERFACES net ppp0 loc eth0 - ppp+ ZONES fw firewall net ipv4 loc ipv4 vpn ipv4 POLICY $FW loc ACCEPT loc $FW ACCEPT vpn all ACCEPT all vpn ACCEPT net all DROP info all all REJECT info $FW net ACCET MASQ ppp0 eth0 ppp+ eth0 Thanks z ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Hi, On 10/29/06, Daniel Czarnecki <daniel@zoltak.com> wrote:> Hi Everyone, > > My local subnet is 192.168.0.0/24 > > The linux box is 192.168.0.200 (eth0) and has a pppoe (ppp0) > connection to the internet. > > I have a router with the ip address 192.168.0.1 that connects to a > remote subnet 192.168.1.0/24.That means that any connection to 192.168.1.0/24 does NOT go through the linux box, but through the router, right?> I add the route: ip route add 192.168.1.0/24 via 192.168.0.1 > > From the linux box I can ping any host on the 192.168.1.0/24 subnet > however from a client on the network such as 192.168.0.10 that has > the default gateway set to 192.168.0.200 when I try to ping > 192.168.1.1 I get: > > Reply from 192.168.0.200: Destination host unreachable.What you need to do is also add the route to the client at 192.168.0.10, just like you did it for the linux box. Windows, i.e., also has a route command that you can work with from a command line window.> Does anyone have any ideas? Do I need to NAT the traffic or add > another route command?Why would you need to NAT if the traffic doesn''t pass through the linux box?> I have a standard shorewall config: > > INTERFACES > net ppp0 > loc eth0 > - ppp+ > > ZONES > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > POLICY > $FW loc ACCEPT > loc $FW ACCEPT > vpn all ACCEPT > all vpn ACCEPT > net all DROP info > all all REJECT info > $FW net ACCET > > MASQ > ppp0 eth0 > ppp+ eth0 > > Thanks > > z~David ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Daniel Czarnecki wrote:> Hi Everyone, > > My local subnet is 192.168.0.0/24 > > The linux box is 192.168.0.200 (eth0) and has a pppoe (ppp0) > connection to the internet. > > I have a router with the ip address 192.168.0.1 that connects to a > remote subnet 192.168.1.0/24. > > I add the route: ip route add 192.168.1.0/24 via 192.168.0.1 > > From the linux box I can ping any host on the 192.168.1.0/24 subnet > however from a client on the network such as 192.168.0.10 that has > the default gateway set to 192.168.0.200 when I try to ping > 192.168.1.1 I get: > > Reply from 192.168.0.200: Destination host unreachable. > > Does anyone have any ideas? Do I need to NAT the traffic or add > another route command? >There are very detailed instructions for handling this configuration at http://www.shorewall.net/Multiple_Zones.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
I added routeback to eth0 which now works. INTERFACES net ppp0 loc eth0 routeback - ppp+ I have a PPTP VPN the zone for the VPN is vpn. How can I get the packets to follow from 192.168.1.0/24 to the VPN? Begin forwarded message:> From: Daniel Czarnecki <daniel@zoltak.com> > Date: 30 October 2006 10:57:50 AM > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: Routing via gateway > > Hi Everyone, > > My local subnet is 192.168.0.0/24 > > The linux box is 192.168.0.200 (eth0) and has a pppoe (ppp0) > connection to the internet. > > I have a router with the ip address 192.168.0.1 that connects to a > remote subnet 192.168.1.0/24. > > I add the route: ip route add 192.168.1.0/24 via 192.168.0.1 > > From the linux box I can ping any host on the 192.168.1.0/24 subnet > however from a client on the network such as 192.168.0.10 that has > the default gateway set to 192.168.0.200 when I try to ping > 192.168.1.1 I get: > > Reply from 192.168.0.200: Destination host unreachable. > > Does anyone have any ideas? Do I need to NAT the traffic or add > another route command? > > I have a standard shorewall config: > > INTERFACES > net ppp0 > loc eth0 > - ppp+ > > ZONES > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > POLICY > $FW loc ACCEPT > loc $FW ACCEPT > vpn all ACCEPT > all vpn ACCEPT > net all DROP info > all all REJECT info > $FW net ACCET > > MASQ > ppp0 eth0 > ppp+ eth0 > > Thanks > > z------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642