On 12/10/05, J. K. Cliburn <jcliburn@xxxxxxxxx> wrote:
You don't know that, it could be a lot of things, you need to do tcpdumps on both gadwall and smoothwall to determine what's the cause.
can you get to the internet from gadwall? or anything else that's on the 192.168.1.0 network?
also, You didn't say anything about smoothwall's setup and NAT translation if you are doing any....
the config on gadwall looks good, I would do tcpdumps on both gadwall and smoothwall (both interfaces) to see where the problem is
I'm overlooking something very simple, I know, but I've been looking at
this mess for so long, there's little hope now of my seeing what's
wrong.
For reference, I've uploaded a diagram of my network at
http://home.bellsouth.net/p/s/community.dll?ep=16&ext=1&groupid=266017&ck=
Please refer to it for the discussion below.
I'm preparing to replace a smoothwall box at my border with a
custom-configured Fedora machine (hostname gadwall). In order to test
the configuration of gadwall in its new role, I've set up a second
subnet inside my home network by putting petrel behind gadwall on the
.2 subnet. (Yes, I know, there's some serious triple natting at play.)
I added a route on osprey (192.168.1.3) that enables me to ssh in to
petrel (192.168.2.2). From petrel I can get to anything on the
192.168.1.0 subnet through gadwall. Unfortunately, from petrel I can't
get to the internet; gadwall isn't forwarding packets to smoothwall.
From gadwall itself I can get to the internet just fine.
Here's some net config stuff from gadwall.
[root@gadwall ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:B0:D0:82:6D:DB
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fec0::2b0:d0ff:fe82:6ddb/64 Scope:Site
inet6 addr: fe80::2b0:d0ff:fe82:6ddb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11416 errors:0 dropped:0 overruns:0 frame:0
TX packets:8144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4871805 (4.6 MiB) TX bytes:1066146 (1.0 MiB)
Interrupt:5 Base address:0xe880
eth1 Link encap:Ethernet HWaddr 00:0F:B5:8D:63:D9
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20f:b5ff:fe8d:63d9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141635 (138.3 KiB) TX bytes:108304 (105.7 KiB)
Interrupt:5 Base address:0x4c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1129 errors:0 dropped:0 overruns:0 frame:0
TX packets:1129 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1313920 (1.2 MiB) TX bytes:1313920 (1.2 MiB)
[root@gadwall ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@gadwall ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@gadwall ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Here's a traceroute from petrel (192.168.2.2) to google.com
(72.14.207.99). Clearly, gadwall isn't forwarding to smoothwall.
You don't know that, it could be a lot of things, you need to do tcpdumps on both gadwall and smoothwall to determine what's the cause.
can you get to the internet from gadwall? or anything else that's on the 192.168.1.0 network?
also, You didn't say anything about smoothwall's setup and NAT translation if you are doing any....
[root@petrel ~]# traceroute 72.14.207.99
traceroute to 72.14.207.99 (72.14.207.99), 30 hops max, 38 byte packets
1 gadwall (192.168.2.1) 0.412 ms 0.144 ms 0.114 ms
2 * * *
But it works for .1 subnet addresses.
[root@petrel ~]# traceroute 192.168.1.3
traceroute to 192.168.1.3 ( 192.168.1.3), 30 hops max, 38 byte packets
1 gadwall (192.168.2.1) 0.412 ms 0.119 ms 0.092 ms
2 osprey (192.168.1.3) 0.206 ms !<10> 0.160 ms !<10> 0.154 ms !<10>
What route should I add to gadwall to make him forward packets from
petrel to smoothwall (and hence, the internet)?
the config on gadwall looks good, I would do tcpdumps on both gadwall and smoothwall (both interfaces) to see where the problem is
- Yang
