Re: Forwarding not work in FC9 but ip forward is turn on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ppps wrote: 
First off, what is that extra netstat -rn entry for eth6
(169.254.0.0...looks like some Windows default garbage)? Can't help but
wonder what that's doing to routing to the 192.168.10 network on the
machine.
    
I have tried to eliminate that route with the command
route del -net 169.254.0.0 netmask 255.255.0.0
This eliminates the route but on reboot again and lift it
I do not know which file to modify to be removed.
Ok, this has been answered by Mr. Wright.
I think that you really don't need to worry about this route. 
It's used for default networking when your system is set to DHCP but does not get an address from a DHCP server 
(NIC self-assigns a 169.254.x.x address to itself). This also happens on Windows.
I think that, the route itself will have no effect on your connectivity or networking.

  
Next, why do you get two different traceroute results when you
traceroute host 192.168.10.20 as shown below (doesn't make any sense)?:
    

In the first tcpdump command,    
ping from 192.168.10.250 to 192.168.10.20

|firewall |--x-->|switch |----> | host 192.168.10.20 |

In de Second tcpdump command
ping from 192.168.10.20 to 192.168.5.1

|host 192.168.10.20 |---->|switch |----> | FIRWALL |--x-->| switch |-----> | HOST 192.168.5.1 |
Ah, ok, my bad for not noticing that.

Let's take this from the top (please correct me if I'm wrong):

Your firewall has the 3 interfaces with 192.168.1.231/24, 192.168.5.254/24, and 192.168.10.250/24 as the interface addresses. 
You have 3 machines off-firewall with addresses 192.168.1.201, 192.168.5.1, and 192.168.10.20 (all in the /24 bit network, right?).

1).From the firewall, if you ping/traceroute to the 3 off firewall addresses, do they all work or only some of them?

2).From the off firewall addresses, does ping/traceroute to the 3 firewall addresses *on the same network* (so from ...1.201 to ...1.231, ...5.1 to ...5.254, and ...10.20 to ...10.250) work?

3).On the off firewall machines, what does a tcpdump show about the traffic coming from the firewall in (1) (when it works and when it doesn't work)?

4).From the off firewall machines, what are the results of pings/traceroutes from those machines to the other machines (so from 1.201 to 5.1, 1.201 to 10.20, 5.1 to 10.20, 5.1 to 1.201, 10.20 to 5.1, and 10.20 to 1.201...you need to do all of them to verify that the traceroutes are all using the same paths coming and going...I've seen networking weirdness where a traceroute from a -> b shows 5 hops on 5 routers while a traceroute from b -> a shows different routers/hops ).

5).On the off firewall machines, what do the routing tables look like?  And what are the results of the command "arp"?  Are all of the off firewall machines Linux boxes or are there Windows or other O.S. machines (and is the 5.1 box just a router?)?

FWIW, it's often handy from a troubleshooting point of view and the sake of consistency to, if possible, have your firewall interfaces have the same ending octet (again, if possible in the network(s) that you are working with).  If the firewall interfaces *always* have .254 as the last octet (or .110 or .1 or whatever as long as they are the same on each interface) then it makes it easier to understand your routing/network setup.

<snip>


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux