Re: GW (LAN1, LAN2, ADSL) config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/20/2010 07:15 PM, j.halifax . wrote:
>>
>> .....please do netstat -rn
>> Please also do /sbin/ifconfig -a
>>
> 
> ======
> netstat
> ======
> # netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 192.168.180.0   0.0.0.0         255.255.255.0   U         0 0          0 eth3
> 10.255.253.0    10.255.250.250  255.255.255.0   UG        0 0          0 eth2
> 10.1.1.0        10.255.250.250  255.255.255.0   UG        0 0          0 eth2
> 195.39.130.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
> 10.255.250.0    0.0.0.0         255.255.255.0   U         0 0          0 eth2
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth2
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth3
> 172.17.0.0      192.168.180.1   255.255.0.0     UG        0 0          0 eth3
> 192.168.0.0     192.168.180.1   255.255.0.0     UG        0 0          0 eth3
> 0.0.0.0         195.39.130.89   0.0.0.0         UG        0 0          0 eth0
> 
> ======
> ifconfig
> ======
> ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:1B:11:B1:5D:0D
>           inet addr:195.39.130.92  Bcast:195.39.130.255  Mask:255.255.255.0
>           inet6 addr: fe80::21b:11ff:feb1:5d0d/64 Scope:Link
>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:24299910 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:15282420 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:16111717780 (15.0 GiB)  TX bytes:2946725879 (2.7 GiB)
>           Interrupt:21 Base address:0xca00
> 
> eth1      Link encap:Ethernet  HWaddr 00:19:D1:9D:E6:14
>           BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Memory:92200000-92220000
> 
> eth2      Link encap:Ethernet  HWaddr 00:19:5B:38:B7:36
>           inet addr:10.255.250.37  Bcast:10.255.250.255  Mask:255.255.255.0
>           inet6 addr: fe80::219:5bff:fe38:b736/64 Scope:Link
>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:53693057 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:15359524 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:5565104705 (5.1 GiB)  TX bytes:13115812080 (12.2 GiB)
>           Interrupt:22 Base address:0xa900
> 
> eth3      Link encap:Ethernet  HWaddr 00:1B:11:B1:1C:D4
>           inet addr:192.168.180.100  Bcast:192.168.180.255  Mask:255.255.255.0
>           inet6 addr: fe80::21b:11ff:feb1:1cd4/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:4068329 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:60337 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:417749601 (398.3 MiB)  TX bytes:4328913 (4.1 MiB)
>           Interrupt:18 Base address:0x6800
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:431338 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:431338 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:41551814 (39.6 MiB)  TX bytes:41551814 (39.6 MiB)
> 
> sit0      Link encap:IPv6-in-IPv4
>           NOARP  MTU:1480  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> Thank you so much... :)
> jh
> 
> 

The routing table and interfaces look okay.

I am confused.  I have questions below.

> 
>> ------------ Původní zpráva ------------
>> Od: Rick Sewill <rsewill@xxxxxxxxx>
>> Předmět: Re: GW (LAN1, LAN2, ADSL) config
>> Datum: 21.4.2010 01:10:47
>> ----------------------------------------
> On 04/20/2010 05:48 PM, j.halifax . wrote:
>>>>>>
>>>>> Is IP forwarding on?
>>>>>
>>>> Yes, it is.
>>>>
>>>>
>>>>
>>>>> ------------ Povodní zpráva ------------
>>>>> Od: Terry Polzin <foxec208@xxxxxxxxxx>
>>>>> PYedmt: Re: GW (LAN1, LAN2, ADSL) config
>>>>> Datum: 20.4.2010 19:03:39
>>>>> ----------------------------------------
>>>>> On Tue, 2010-04-20 at 15:31 +0200, j.halifax . wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> please help me kindly to reconfig my default GW (Fedora 12).
>>>>>>
>>>>>> The GW has 3 active Ethernet cards:
>>>>>> eth0 - connected to Internet ADSL router (incl. VPN, pptpd)

I expected to see something in the routing table or interfaces for
pptpd.  Isn't there a ppp0 (or something like that) interface for pptpd.

What is added to the routing table (netstat -rn) or interfaces (ifconfig
- -a) if pptpd is up?

Does VPN refer to pptpd or does VPN refer to something else?
Does VPN, pptpd mean there are two separate VPNs?

>>>>>> eth1 - not used
>>>>>> eth2 - LAN1
>>>>>> eth3 - LAN2.
>>>>>>
>>>>>> I had everything working fine but due to some problems I lost 
>>>>>> the configuration of the GW and I can't get it working again.
>>>>>>
>>>>>> (1) The Internet access (LAN1 -> GW -> Internet) is working fine.
>>>>>> (2) The access of  (Internet -> GW -> LAN1 / LAN2) is ok incl. VPN
>>>>>> (3) I can not access LAN2 neither from LAN1 nor from GW box
>>>>>>
>>>>>> Traceroute shows that for (3) packets don't go to eth3 (LAN2) as
>>>>>> they should, but they fall down to eth0 (default gw).
>>>>>>

I would have guessed you were doing masquerading, via ipatables, on eth0
to allow LAN1 and LAN2 access to the Internet.  I was assuming traffic
from LAN1 went to the GW to the Internet.  LAN1 traffic is on the
private IP address range.  Something must be masquerading it.
The internet will not route private IP addresses.

Are you doing masquerading, via iptables, on eth0?

I didn't wish to ask about your iptables, but now I do.
Can you do the following please:
/sbin/iptables -L -v
/sbin/iptables -L -v -t nat
Please examine and sanitize the output.
I wouldn't want people to know what ports I have open.
I don't want you sharing what ports you have open unless necessary.

Traceroute showing the packets went to eth0 caused me to believe the
problem wasn't an iptables problem.  If you said the packets were being
dropped, my instinct would have been to look at iptables.

I assumed your vpn was a pptpd interface and expected to see something
in the netstat -rn.

My instinct is to first learn why the GW box can't reach LAN2.

In this regard, I have two separate questions:
1) Can you reach LAN2 from the GW box if the VPN is down?
# from gw box interface for LAN 2 to remote gateway on LAN2
ping -I 192.168.180.100 192.168.180.1
# from GW box interface for LAN1 to remote gateway on LAN2
ping -I 10.255.250.37 192.168.180.1

2) Can you reach LAN2 from the GW box if the VPN is up?
# from gw box interface for LAN 2 to remote gateway on LAN2
ping -I 192.168.180.100 192.168.180.1
# from GW box interface for LAN1 to remote gateway on LAN2
ping -I 10.255.250.37 192.168.180.1

I am suspicious the VPN is doing something, but don't know what.

>>>>>> Can you please advise me what I need to set-up (iptables) in the GW?
>>>>>>

If LAN1 can reach the internet through the GW through eth0,
you must be using masquerading in iptables...unless...is the LAN1
traffic to the internet going through the VPN?

>>>>>> Thank you so much for your kind help.
>>>>>>
>>>>>> Regards,
>>>>>> jh
>>>>>>
>>>>> Is IP forwarding on?
>>>>>
>>>>> -- 
>>>>> users mailing list
>>>>> users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> To unsubscribe or change subscription options:
>>>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>
>>>>>
>>>>>
> 
> 
> As another person asked, please do netstat -rn
> Please also do /sbin/ifconfig -a
> 
> When debugging a routing problem, we need to see your routing table.
> It's also good to see the interfaces.
> 
> I would be surprised if the problem were iptables related.
> 
> Sounds more like the problem is routing table related.
> 
> I'm assuming you haven't done anything with the /sbin/ip command
> like policy routing.
- -- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>
>>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvOV0UACgkQyc8Kn0p/AZRb/ACfQT+2upvsxg3Fgi8dJjG7ytVW
ZawAn0MedYCLr/N/nLVtkiiUTemu296m
=l51S
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux