On Mon, 18 Jan 1999, Sean Roe wrote:
> Date: Mon, 18 Jan 1999 07:26:43 -0700 (MST)
> From: Sean Roe <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [masq] Weird problems in IP Masq
>
> Hi all,
>
> I have a kinda weird setup and its doing some strange stuff.
>
> I have three Linux boxes behind a cisco 2501 router hooked to a T-1 frame.
> One of the boxes is an IP_Masq box. The Cisco is using NAT to talk to the
> linux boxes. My problem is I can telnet to the Masq box from the
> Internet, I can run lynx from it ftp, ect. But I cant ping anything on
> the LAN. Here is a copy of my routing table:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 26 eth0
> 192.168.101.0 192.168.101.10 255.255.255.0 UG 0 0 25 eth1
> 192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 4 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 22 lo
> 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 37 eth0
For one thing, you have duplicate routes to the 192.168.101.0 net. I'm
pretty sure that first route (the one with gateway 192.168.101.10) is
meaningless, since you don't have a route to 192.168.101.10. For example,
the kernel sees a packet destined for 192.168.101.0 and sees it has to go
through the gateway 192.168.101.10, but sees it does not have a route to
that host, so it tries to send the packet down the default route... Can
anyone confirm? Deleting that route should help:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 26 eth0
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 4 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 22 lo
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 37 eth0
to be honest, I doubt this has anything to do with your problem.
> Anyway, whenever I try to traceroute a LAN Address (192.168.101.XX) I get:
>
> [sean@proxy sean]$ traceroute 192.168.101.4
> traceroute: Warning: Multiple interfaces found; using 192.168.100.10 @
> eth0
> traceroute to 192.168.101.4 (192.168.101.4), 30 hops max, 40 byte packets
>
Try 'traceroute -i eth1 192.168.101.4'.
It tells traceroute to use eth1 when doing its business. They're arguing
over on the linux-net mailing list that this is a bug in traceroute, and
I have to agree. traceroute should be able to figure out the proper
route from the tables.
Now back to your original problem. How exactly are you trying to connect
to your box from the internet? What address are you using? You can't
use 192.168.*. Those addresses won't route on the internet. If the cisco
is supposed to be NAT'ting, then it sounds like the cisco is misconfigured,
not the linux box. Can you telnet to the linux box from any machine on
the 192.168.101 net? Can you telnet to the linux box from the cisco router?
On a side note, this setup is just begging the question: why? If you're
running NAT on the router, why are you running masq on the linux host?
NAT on the router should take care everything (unless I misunderstand NAT).
Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field. All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
