On Saturday 24 January 2009 11:19:05 Giany wrote: > If you say ip_forward is enabled then either there is a routing problem > or some firewall issue. > I've been going round in circles all day and now my head's spinning. I even got it working once, but don't know how and can't repeat it. Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP forwarding enabled on both gateways. This only leaves routing. Both gateways talk to each other. Client and Server can talk to their local gateway Local gateway can talk to remote server. Remote gateway cannot talk to client Client cannot talk to remote gateway or server server cannot talk to local gateway or client Layout Client eth0 10.6.1.2/16 Network 10.6.0.0/16 Local GW eth0 10.6.1.1/16 eth1 192.168.1.1/24 (internet connection) ppp0 192.168.127.2/32 P-to-P 192.168.127.1 VPN ppp-over-ssh Remote eth0 10.1.1.115/16 GW ppp1 192.168.127.1/32 P-to-P 192.168.127.2 Network 10.1.0.0/16 Server eth0 10.1.1.104 route tables Client Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.128.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0 192.168.127.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0 10.6.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0 0.0.0.0 10.6.1.1 0.0.0.0 UG 0 0 0 eth0 Local Gateway Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.127.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.2.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 136.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 10.1.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 10.6.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.5.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 172.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1 Remote Gateway Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.127.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0 Server Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.127.2 10.1.1.115 255.255.255.255 UGH 0 0 0 eth0 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.6.0.0 10.1.1.115 255.255.0.0 UG 0 0 0 eth0 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0 -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
