Everything in the 193.168.13.0/24 LAN can ping Server. So IPcop 2 & 3 Can ping it as well as 25 (or so) desktops.
Using tracert, I see only one hop. Desktop gets a response from 192.168.14.1 (IPcop1), But then nothing except timeouts. I suspect It's my entry on IPcop1 that is the problem. I don't think IPcop1 knows what I'm trying to do. my exact entry was... route add -net 204.239.225.162 netmask 255.255.255.255 dev ipsec0 This is a bit more advanced that where I'm normally at (VPNs make things complicated). As much as I've specified -net, it is entered into the routing table as a host rather than a network, so I didn't think that was the issue. What I am wondering about, is should I have a gw 192.168.13.1 entry appended to that line? Or does the dev ipsec0 imply that? Kev. ----- Original Message ----- From: "Trevor Lauder" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 05, 2003 9:32 AM Subject: Re: (clug-talk) Routing question > Can anything between ipcop2 and ipcop3 ping server? It's hard to say > where it's failing, so I would put a sniffer on ipcop3 listening on eth1 > (That's the interface going to server right?). Then with the siffer > running there I would ping from desktop to server and watch the echo > requests/replys on ipcop3 eth1. Depending on if you get requests going > out and no replys coming in or any other combination, it will help > troubleshoot this further. Let us know what you find out. > > Cheers, > > -- > Personal: > > Trevor Lauder > Web: http://www.thelauders.net > E-Mail: [EMAIL PROTECTED] > > Work: > > Trevor Lauder > Technical Services Specialist > Wireless Networks Inc. > Web: http://www.wirelessnetworksinc.com > E-Mail: [EMAIL PROTECTED] > > Kevin Anderson said: > > I have a routing issue that I can't figure out. > > > > Here's the situation. Unless spelled out in full, IPs are > > 192.168.X.X/24 > > > > Desktop ------- IPCOP1 ======= IPCOP2 --------- IPCOP3 ======== > > Server. 14.100 LAN 14.1 VPN 13.1 LAN 13.2 > > Untrusted 204.239.225.162 > > > > I can Ping from the desktop to IPCOP3, (192.168.14.100 to 192.168.13.2), > > however I can't reach Server. > > > > Here's what I've done that should matter. > > > > outbound. > > IPcop 1 has a route to 204.239.225.162/32 on dev ipsec0 (I can't ping > > the next hop, so I can't add the route) IPcop2 has a route for > > 204.239.225.162/32 to IPcop3 > > IPcop3 has a route to 204.239.225.162/32 on eth1 > > > > inbound. > > IPcop3 has a default route of IPcop2 > > IPcop2 has a route for 192.168.14.0/24 across the VPN to IPcop 1 > > IPcop1 is in the same LAN as Desktop. > > > > Here's the situation. > > Desktop can ping IPcop3, (anything in the 13.0 LAN.) > > Anything in the 13.0 LAN can ping Desktop. > > Desktop cannot reach server. > > Server is not mine, so I can't test the reverse, but I suspect it'll > > fail. The 13.0 LAN can reach Server. > > > > This connection gets NATted at IPcop3 > > > > Thanks In Advance > > Kev. > > > >
