-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Gary Stainburn wrote: | On Saturday 24 January 2009 11:19:05 Giany wrote: |> If you say ip_forward is enabled then either there is a routing problem |> or some firewall issue. |> | | I've been going round in circles all day and now my head's spinning. I even | got it working once, but don't know how and can't repeat it. | | Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP | forwarding enabled on both gateways. | | This only leaves routing. | | Both gateways talk to each other. | Client and Server can talk to their local gateway | Local gateway can talk to remote server. | Remote gateway cannot talk to client | Client cannot talk to remote gateway or server | server cannot talk to local gateway or client | | Layout | | Client eth0 10.6.1.2/16 | | Network 10.6.0.0/16 | | Local GW eth0 10.6.1.1/16 | eth1 192.168.1.1/24 (internet connection) | ppp0 192.168.127.2/32 P-to-P 192.168.127.1 | | VPN ppp-over-ssh | | Remote eth0 10.1.1.115/16 | GW ppp1 192.168.127.1/32 P-to-P 192.168.127.2 | | Network 10.1.0.0/16 | | Server eth0 10.1.1.104 | | route tables | | Client | Kernel IP routing table | Destination Gateway Genmask Flags Metric Ref Use Iface | 192.168.128.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0 | 192.168.127.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0 | 10.6.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0 | 0.0.0.0 10.6.1.1 0.0.0.0 UG 0 0 0 eth0 | | Local Gateway | Destination Gateway Genmask Flags Metric Ref Use Iface | 192.168.127.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 | 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 | 10.2.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 | 136.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 | 10.1.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 | 10.6.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 | 10.5.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 | 172.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0 | 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 | 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1 | | Remote Gateway | Destination Gateway Genmask Flags Metric Ref Use Iface | 192.168.127.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 | 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0 | 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 | 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 | 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 | 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 | 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 | 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 | 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0 | | Server | Destination Gateway Genmask Flags Metric Ref Use Iface | 192.168.127.2 10.1.1.115 255.255.255.255 UGH 0 0 0 eth0 | 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0 | 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 | 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 | 10.6.0.0 10.1.1.115 255.255.0.0 UG 0 0 0 eth0 | 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 | 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0 | 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0 | 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 | 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0 | | Perhaps I'm overlooking something, but the remote gateway does not appear to have a route to the 10.6 network via 192.168.127.2. It looks to me like traffic to 10.6 would go via the default to 10.1.1.112. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEAREIAAYFAkl7WFwACgkQ5LO5Iacp/hGQ7wCfR1Yx+/79iZrzEUAYAwKYS5Uq +T0An21t/JWjJUJPxrWa7aOeSi5TtSnP =pRoY -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
