OK. The most important thing in the diagnostics you sent is the difference
in the ping results from the SuSE and the Bering hosts. Just abstracting
that small bit of what you sent, they are:
SuSE:
SuSE#>ping -c 1 192.168.1.254
PING 192.168.1.254 (192.168.1.254) from 192.168.1.2 : 56(84) bytes
of data.
From 192.168.1.2: icmp_seq=1 Destination Host Unreachable
From 192.168.1.2 icmp_seq=1 Destination Host Unreachable
Bering:
Bering#>ping -c 2 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
So ... next step is to believe what these results say. The Bering host has
a route to the SuSE host, but the SuSE host does not have a route to the
Bering host. As a result, the pings go out from Bering just fine, but the
replies do not arrive (since the SuSE host does not know where to send the
replies). But from SuSE, the pings don't go out in the first place, ping
notices, and tells you.
Since you did not include the routing tables for either host (any of
several ways; the SR FAQ suggests "ip route show" for the Bering host, and
either that same command or "netstat -nr" should handle SuSE), I can't
comment on the details of where the SuSE host is misconfigured. (Or whether
the Bering host is; though it thinks it has a route to the SuSE host, we
don't know if it knows the correct route.)
Now, the Win2K host ... I'm not as accustomed to debugging Windows routing
tables as Linux ones, so I hope someone else pops in here ... but I do see
one very odd thing about this routing table: it has two default routes, namely
Network
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.10
192.168.72.77 1
0.0.0.0 0.0.0.0 192.168.1.254
192.168.1.10 1
Even odder (if I'm reading this right), the first of these specifies one of
the host's own interfaces as the gateway on a route that involves the other
interface. Now you do have a route to the Bering host (or at least to its
network) specified, here
192.168.1.0 255.255.255.0 192.168.1.10
192.168.1.10 1
and since kernel routing is supposed to choose the most specific route to
any address, this should be OK. Especially since the interface is specified
(implicitly) as local, here
192.168.1.10 255.255.255.255
127.0.0.1 127.0.0.1 1
Nonetheless, the initial oddity in the routing table has me wondering if
your problem here is a befuddled Windows kernel, not anything on the Bering
router ... since it *appears* to have two routes to 192.168.1.10 -- one via
loc (127.0.0.1), the other via the other NIC (192.168.72.77).
As to the Bering router ... I'm as far as you get here from an expert in
Shorewall rulesets, but now that you've provided a readable listing of the
ruleset, Tom (or someone expert in Shorewall) should be able to spot any
problems there.
At 11:11 PM 10/6/02 -0400, Quan Si Kwon wrote:
>Hi, Ray,
>
>Just came back from London via Montreal and thanks for your thoughts!
>The net mask of 225.225.225.0 was just a typo in my last e-mail to you.
>Using "route print" on the Win2k box I have the following:
>===========================================================================
>Interface List
>0x1 ........................... MS TCP Loopback interface
>0x1000003 ...00 05 5d f5 f9 bf ...... D-Link DFE-530TX PCI Fast Ethernet
>Adapter
>0x1000004 ...00 50 ba 5b dc 86 ...... D-Link DFE-538TX 10/100 Adapter
>===========================================================================
>===========================================================================
>Active Routes:
>Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.1.10 192.168.72.77 1
> 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.10 1
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
> 192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
> 192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
> 192.168.72.0 255.255.255.0 192.168.72.77 192.168.72.77 1
> 192.168.72.77 255.255.255.255 127.0.0.1 127.0.0.1 1
> 192.168.72.255 255.255.255.255 192.168.72.77 192.168.72.77 1
> 224.0.0.0 224.0.0.0 192.168.1.10 192.168.1.10 1
> 224.0.0.0 224.0.0.0 192.168.72.77 192.168.72.77 1
> 255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
>Default Gateway: 192.168.1.254
>===========================================================================
>Persistent Routes:
> None
>=======================================
>In addition to the above, I have set up the following mini LAN to test the
>Bering box with SuSE 8.0p:
>
> SuSE 8.0p Bering
> +---------------+ +---------------------+
> | 192.168.1.2 | | eth0:65.95.176.193 |---> PPPoE/DHCP
> | | | |
> | |<---[Xlink RJ45]--->| eth1:192.168.1.254 |
> +---------------+ +---------------------+
>
>With the above test LAN, I have captured the output of the following command:
>
>1. Commands issued with the SuSE 8.0p box:
>ip -s link
>ping -c 1 192.168.1.254
>ip -s link
>iptables -nvL
>
>2. Commands issued with the Bering LRP box:
>ip -s link
>ping -c 2 192.168.1.2
>ip -s link
>iptables -nvL
>
>The output is quite large, please see attached file=tstLn2a6.txt.
>
>It looks like the Bering box is not routing the ping traffic through eth1?
>
>Thanks!
>Quan Si Kwon
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
