With the route command you can try using -host instead of -net and add the gw parameter but the gw parameter shouldn't matter as it will send it out the default gw device if you don't specify it. Try as someone else recommended (sorry can't remember name and I don't have the email in front of me right now :) and ping the external side of ipcop3 from desktop. If you can't ping it but you can ping the internal side of ipcp3 then there is either something wrong with the routing on it or with the NAT. My guess would be ipcop3 isn't configured to NAT the 192.168.14.0 network and it's only NATing the 192.168.13.0 network.
Cheers, -- Personal: Trevor Lauder Web: http://www.thelauders.net E-Mail: [EMAIL PROTECTED] Work: Trevor Lauder Technical Services Specialist Wireless Networks Inc. Web: http://www.wirelessnetworksinc.com E-Mail: [EMAIL PROTECTED] Kevin Anderson said: > Everything in the 193.168.13.0/24 LAN can ping Server. So IPcop 2 & 3 > Can ping it as well as 25 (or so) desktops. > > Using tracert, I see only one hop. > > Desktop gets a response from 192.168.14.1 (IPcop1), But then nothing > except timeouts. > > I suspect It's my entry on IPcop1 that is the problem. I don't think > IPcop1 knows what I'm trying to do. > > my exact entry was... > > route add -net 204.239.225.162 netmask 255.255.255.255 dev ipsec0 > > This is a bit more advanced that where I'm normally at (VPNs make > things complicated). > > As much as I've specified -net, it is entered into the routing table > as a host rather than a network, so I didn't think that was the issue. > > What I am wondering about, is should I have a gw 192.168.13.1 entry > appended to that line? Or does the dev ipsec0 imply that? > > Kev. > > > ----- Original Message ----- > From: "Trevor Lauder" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 05, 2003 9:32 AM > Subject: Re: (clug-talk) Routing question > > >> Can anything between ipcop2 and ipcop3 ping server? It's hard to say >> where it's failing, so I would put a sniffer on ipcop3 listening on >> eth1 (That's the interface going to server right?). Then with the >> siffer running there I would ping from desktop to server and watch >> the echo requests/replys on ipcop3 eth1. Depending on if you get >> requests going out and no replys coming in or any other combination, >> it will help troubleshoot this further. Let us know what you find >> out. >> >> Cheers, >> >> -- >> Personal: >> >> Trevor Lauder >> Web: http://www.thelauders.net >> E-Mail: [EMAIL PROTECTED] >> >> Work: >> >> Trevor Lauder >> Technical Services Specialist >> Wireless Networks Inc. >> Web: http://www.wirelessnetworksinc.com >> E-Mail: [EMAIL PROTECTED] >> >> Kevin Anderson said: >> > I have a routing issue that I can't figure out. >> > >> > Here's the situation. Unless spelled out in full, IPs are >> > 192.168.X.X/24 >> > >> > Desktop ------- IPCOP1 ======= IPCOP2 --------- IPCOP3 ======== >> Server. 14.100 LAN 14.1 VPN 13.1 LAN 13.2 >> Untrusted 204.239.225.162 >> > >> > I can Ping from the desktop to IPCOP3, (192.168.14.100 to >> 192.168.13.2), however I can't reach Server. >> > >> > Here's what I've done that should matter. >> > >> > outbound. >> > IPcop 1 has a route to 204.239.225.162/32 on dev ipsec0 (I can't >> ping the next hop, so I can't add the route) IPcop2 has a route for >> 204.239.225.162/32 to IPcop3 >> > IPcop3 has a route to 204.239.225.162/32 on eth1 >> > >> > inbound. >> > IPcop3 has a default route of IPcop2 >> > IPcop2 has a route for 192.168.14.0/24 across the VPN to IPcop 1 >> IPcop1 is in the same LAN as Desktop. >> > >> > Here's the situation. >> > Desktop can ping IPcop3, (anything in the 13.0 LAN.) >> > Anything in the 13.0 LAN can ping Desktop. >> > Desktop cannot reach server. >> > Server is not mine, so I can't test the reverse, but I suspect >> it'll >> fail. The 13.0 LAN can reach Server. >> > >> > This connection gets NATted at IPcop3 >> > >> > Thanks In Advance >> > Kev.
