On Mo, 2016-09-26 at 22:15 -0500, Lonnie Abelbeck wrote: > On Sep 26, 2016, at 8:42 PM, Armin Tüting <armin.tueting@tueting-onli > ne.com> wrote: > > > > > On Mo, 2016-09-26 at 14:31 -0500, Lonnie Abelbeck wrote: > > > > > > On Sep 26, 2016, at 1:16 PM, Armin Tüting <armin.tueting@tueting- > > > onli > > > ne.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ip route > > > > > > default via 192.168.60.1 dev eth0 metric 2 > > > > > > 192.168.10.0/24 via 192.168.40.1 dev eth1 metric 1 > > > > > > 192.168.40.0/24 dev eth1 proto kernel scope link src > > > > > > 192.168.40.6 > > > > > > 192.168.50.0/24 via 192.168.40.1 dev eth1 metric 1 > > > > > > 192.168.60.0/24 dev eth0 proto kernel scope link src > > > > > > 192.168.60.6 > > > > > > > > > > > > Armin. > > > > > > > > > > Your network CIDR's look fine. > > > > > > > > > > Where are the "metric 1" routes coming from ?: > > > > > -- > > > > > 192.168.10.0/24 via 192.168.40.1 dev eth1 metric 1 > > > > > 192.168.50.0/24 via 192.168.40.1 dev eth1 metric 1 > > > > > -- > > > > > are you adding those manually ? > > > > Yes! I've added them through /mnt/kd/rc.elocal! They're > > > > static > > > > routes > > > > off eth1! > > > > > > > > > > > > > > > > > > > Where are the 192.168.10.0/24 and 192.168.50.0/24 networks in > > > > > your > > > > > configuration ? > > > > I've added them through /mnt/kd/rc.elocal > > > > > > OK, we are at the point where we need to draw a picture, I'll > > > start, > > > edit anything I got wrong: > > > > > > 192.168.60.6/24 - eth0 External - APU1 - LAN eth1 - > > > 192.168.40.6/24 > > > > > > How do the 192.168.10.0/24 and 192.168.50.0/24 networks fit in ? > > 192.168.40.1/24 - switch - 192.168.10.0/24 > > 192.168.40.1/24 - switch - 192.168.50.0/24 > > Clearly the subnets are "behind" AstLinux on a different device... > > Ahhh, so I presume that is a fancy layer-3 switch which is routing > the 192.168.10.0/24 and 192.168.50.0/24 networks via 192.168.40.1 ? Right :)
> We recently added (AstLinux 1.2.7) a user.conf variable > NAT_FOREIGN_NETWORK to allow these downstream networks to reach eth0 > and beyond. > -- user.conf snippet --- > NAT_FOREIGN_NETWORK="192.168.10.0/24 192.168.50.0/24" > -- > More Info: http://doc.astlinux.org/userdoc:tt-internal-downstream-rou > ter > > Of course your 192.168.10.0/24 and 192.168.50.0/24 networks can SSH > 192.168.40.6 and get to the AstLinux box without NAT_FOREIGN_NETWORK > defined, but if these networks want to reach outside eth0 and get to > the internet, then NAT_FOREIGN_NETWORK must be defined to NAT with > eth0. OK - I'll add the above setting and confirm back! BTW - Does 'IP_FORWARDING=0' disable the whole FORWARD chain? > Clear ? Got it :) Thanks for help and passion! Regards, Armin. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
