Kami --
This report is sufficiently fragmentary that it is difficult to say with any
certainty what specific problems you are having. (The misspellings, lack of
upper case, and bad formatting don't help, either.) Please try again, and
tell us:
1. Which version of LEAF or LEP you are using (for example, LRP 2.9.6 with
the 2.2 kernel, or EigerStein, or Oxygen).
2. On each LEAF router, what does the routing table look like? Get this with
the command "netstat -nr".
3. Can the 2 LEAF routers themsselves ping each other (that is, each ping
the other's eth0)? If not, you may have any of several problems, including:
bad media (are they connected through a hub
or with a crossover cable?)
a bad routing table (your chosen addresses for the
2 eth0 interfaces are NOT on the same /24
network)
a bad ipchains ruleset (default rulesets often block
private addresses on the external interface)
To see which problems are lkely, compare your ping response with the ones
discussed in the various "why can't I ping XXX" FAQ answers.
Comments on your specific questions are below.
At 01:33 PM 9/22/01 -0700, KAMI SAI wrote:
>
>
>I have two Lrp's connected to each other via eth0 of
>both routers.both routers have three network cards.
>
> LRP1
> eth0 = 192.168.6.1(connecte to LRP 2)
>eth1 = 192.168.2.1(connected to 192.168.2.0)
>
>eth2 = 192.168.4.1(connected to 192.168.4.0)
>
>Lrp2
>eth0 = 192.168.7.1(connetcted to lrp 1)
>eth1 = 192.168.3.1(connetced to 192.168.3.0)
>eth2 = 192.168.5.1 (connetced to 192.168.5.0)
>
>The two LRP's are attached to each other via eth0.
>
>I want to implement access list on this network using
>IPChains
>
>Problems:
>
>1. All the computers directly attached to the LRP ping
>its respective interface.
> The computer on the network 192.168.2.0 does ping
>192.168.2.1 but nor
> 192.168.4.1 neither 192.168.6.1 some one told me to
>use " ip route add" .
> I did it and now i am able to ping from any machine
>on 192.168.2.0 network
> to 192.168.4.1 and also 192.168.6.1.But i think this
>is not the case in real
> time bcaz i cant give ip route add command to each
>machnie . The router must
> forward the traffics itself. Is there any other way
>to do so without using ip route add
Sort of. Every version of LEAF I am familiar with uses a network.conf file
in which you can setr up, among other things, the routes and networks. (This
configuration file in turn uses either the ip or the route command, which is
why I said "sort of" before.) Without knowing which LEAF variant you are
using or how you have set up network.conf, I can't be more specific.
>2 .after adding route add i was ablr to ping
>192.168.4.1 from the network
> 192.168.2.0 but not aable to ping the network
>attached to the
> 192.168.4.1 i.e( 192.168.4.0) why? i tried to use
>the following
> command to slove the problem but no sucess
> ipchains -A forward -s 192.168.2.0 -d 192.168.4.0
>-j ACCEPT
> (please tell me if there is some problem in this
>command )
ipchains rules don't mean anything when looked at one at a time. You need to
review the complet ruleset (with a command like "ipchains -L -n -v"),
because the FIRST rule that matckes a particular packet will be the one that
counts. So while adding the rule you wrote above is fine ... well, almost
fine; it should read "-s 192.168.2.0/24 -d 192.168.4.0/24" to specify the
network, not the single address ... if an earlier rule DENYs the same
traffic, the packets will never see this new rule.
Here as elsewhere, it is important to tell us HOW a ping fails. AS the FAQ
stuff I referred you to above indicates, pings fail in several distinct
fashions, and the differences help to pinpoint the actual problem.
>
>3. How can i tranfer traffic from the network
>192.168.4.0 to 192.168.5.0
> pls tell me which ipcains coomand i should run
>on both LRP's for success.
As before, you need to consider the ipchains (not ipcains) ruleset as a
whole, not one rule at a time. But ipchains rules may not be the problem. It
may be actual router connectivity; one or both router's routing tables; the
use of IP Masq on one or both routers; an ipchains ruleset error; or
configuration problems on the non-LEAF hosts, probably in their routing
tables. Or it could be something else that I'm not immediately thinking of.
Answers to the questions I asked at the start of this message will help us
to help you. You'd also do well to read the Troubleshooting Request How-To
(I forget the exact URL; look around for it) for more guidance about the
kinds of information that we, and you, will find useful in troubleshooting
configuration and routing problems.
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
