RE: (clug-talk) Routing question

[Shawn Grover]

A couple of questions.   Does IPCop3 have two network interfaces (I'm guessing so by your diagram).  Can your desktop ping the outside interface of IPCop3.  If not, then your problem is in the routing of IPCop3. Can IPCop3 ping the server?  Can it receive a response from the server.  If so, then the problem is in the NAT configuration (my guess), or the routing between internal/external on IPCop3. Have you checked the routing tables on IPCop3?  Do they have the appropriate routes? Have you checked the filtering on IPCop3?  Does it filter any traffic it shouldn't?   I'm sure you have already checked most of this, but I find that sometimes we have to ask the obvious questions. (surprising how many times something obvious wasn't checked).  Maybe posting the output of a "route -n", or an "iptables --save" and an "iptables -t nat --save" might help.  (Hope I got the commands right - working from memory right now).   HTH.   Shawn   (scary thought - when I first joined the list and saw commands posted like this, I thought I was in over my head.  Here I am now (finally) able to do some of the same.... <grins>) -----Original Message----- From: Kevin Anderson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 9:20 AM To: [EMAIL PROTECTED] Subject: (clug-talk) Routing question I have a routing issue that I can't figure out.   Here's the situation.  Unless spelled out in full, IPs are 192.168.X.X/24   Desktop  ------- IPCOP1 ======= IPCOP2 ---------  IPCOP3 ======== Server. 14.100     LAN   14.1       VPN        13.1     LAN     13.2     Untrusted    204.239.225.162   I can Ping from the desktop to IPCOP3, (192.168.14.100 to 192.168.13.2), however I can't reach Server.   Here's what I've done that should matter.   outbound. IPcop 1 has a route to 204.239.225.162/32 on dev ipsec0 (I can't ping the next hop, so I can't add the route) IPcop2 has a route for 204.239.225.162/32 to IPcop3 IPcop3 has a route to 204.239.225.162/32 on eth1   inbound. IPcop3 has a default route of IPcop2 IPcop2 has a route for 192.168.14.0/24 across the VPN to IPcop 1 IPcop1 is in the same LAN as Desktop.   Here's the situation. Desktop can ping IPcop3, (anything in the 13.0 LAN.) Anything in the 13.0 LAN can ping Desktop. Desktop cannot reach server. Server is not mine, so I can't test the reverse, but I suspect it'll fail. The 13.0 LAN can reach Server.   This connection gets NATted at IPcop3   Thanks In Advance Kev.