Routing problem - was FC9 Linux gateways, VPN working, IP forwarding isn't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 24 January 2009 11:19:05 Giany wrote:
> If you say ip_forward is enabled then either there is a routing problem
> or some firewall issue.
>

I've been going round in circles all day and now my head's spinning. I even 
got it working once, but don't know how and can't repeat it.

Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP 
forwarding enabled on both gateways.

This only leaves routing.

Both gateways talk to each other.
Client and Server can talk to their local gateway
Local gateway can talk to remote server.
Remote gateway cannot talk to client
Client cannot talk to remote gateway or server
server cannot talk to local gateway or client

Layout

Client	eth0		10.6.1.2/16

		Network	10.6.0.0/16

Local GW	eth0		10.6.1.1/16
		eth1		192.168.1.1/24 (internet connection)
		ppp0	192.168.127.2/32 P-to-P 192.168.127.1

		VPN		ppp-over-ssh

Remote	eth0		10.1.1.115/16
GW		ppp1	192.168.127.1/32 P-to-P 192.168.127.2

		Network 10.1.0.0/16

Server	eth0		10.1.1.104

route tables

Client
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.128.1   10.6.1.1        255.255.255.255 UGH   0      0        0 eth0
192.168.127.1   10.6.1.1        255.255.255.255 UGH   0      0        0 eth0
10.6.0.0        0.0.0.0         255.255.0.0     U     1      0        0 eth0
0.0.0.0         10.6.1.1        0.0.0.0         UG    0      0        0 eth0

Local Gateway
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.127.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.2.0.0        192.168.127.1   255.255.0.0     UG    0      0        0 ppp0
136.0.0.0       192.168.127.1   255.255.0.0     UG    0      0        0 ppp0
10.1.0.0        192.168.127.1   255.255.0.0     UG    0      0        0 ppp0
10.6.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.5.0.0        192.168.127.1   255.255.0.0     UG    0      0        0 ppp0
172.0.0.0       192.168.127.1   255.255.0.0     UG    0      0        0 ppp0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth1

Remote Gateway
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.127.2   0.0.0.0         255.255.255.255 UH    0      0        0 ppp1
10.2.0.0        10.1.1.1        255.255.0.0     UG    0      0        0 eth0
172.24.0.0      10.1.1.16       255.255.0.0     UG    0      0        0 eth0
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.4.0.0        10.1.1.112      255.255.0.0     UG    0      0        0 eth0
10.5.0.0        10.1.1.112      255.255.0.0     UG    0      0        0 eth0
136.9.0.0       10.1.1.16       255.255.0.0     UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.1.1.112      0.0.0.0         UG    0      0        0 eth0

Server
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.127.2   10.1.1.115      255.255.255.255 UGH   0      0        0 eth0
10.2.0.0        10.1.1.1        255.255.0.0     UG    0      0        0 eth0
172.24.0.0      10.1.1.16       255.255.0.0     UG    0      0        0 eth0
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.6.0.0        10.1.1.115      255.255.0.0     UG    0      0        0 eth0
10.4.0.0        10.1.1.112      255.255.0.0     UG    0      0        0 eth0
10.5.0.0        10.1.1.112      255.255.0.0     UG    0      0        0 eth0
136.9.0.0       10.1.1.16       255.255.0.0     UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.1.1.112      0.0.0.0         UG    0      0        0 eth0






-- 
Gary Stainburn
 
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000     

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux