Re: routing problem
On 22/3/21 5:17 am, Dan Ritter wrote: ghe2001 wrote: There are 2 computers on my LAN. I'll call one Fast and the other Slow. When I, for example, type ping www.cbs.com, Fast pings right away, Slow pauses for about 5 seconds ('time' says that). When I ping something in /etc/hosts, both start right away. On Slow, 'route' takes the 5 second pause, but 'route -n' is fast. On Fast, both are equally snappy. You have just described a DNS lookup problem. -dsr- in particular cat /etc/resolv.conf on each machine and then use dig @ google.com One or more of the digs will be slow on the slow machine telling you where your DNS problems are I'd suggest copying /etc/resolv.conf from the fast machine to slow machine, but it's often overwritten by abominations such as NetworkManager -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: routing problem
ghe2001 wrote: > There are 2 computers on my LAN. I'll call one Fast and the other Slow. > When I, for example, type ping www.cbs.com, Fast pings right away, Slow > pauses for about 5 seconds ('time' says that). When I ping something in > /etc/hosts, both start right away. On Slow, 'route' takes the 5 second > pause, but 'route -n' is fast. On Fast, both are equally snappy. > You have just described a DNS lookup problem. -dsr-
routing problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Debian GNU/Linux (Buster) There are 2 computers on my LAN. I'll call one Fast and the other Slow. When I, for example, type ping www.cbs.com, Fast pings right away, Slow pauses for about 5 seconds ('time' says that). When I ping something in /etc/hosts, both start right away. On Slow, 'route' takes the 5 second pause, but 'route -n' is fast. On Fast, both are equally snappy. It didn't used to be that way. They both used to be snappy. And I can't figure out why. Routing tables: Fast: route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface default 10.200.184.254 0.0.0.0 UG0 00 enp8s0 localnet0.0.0.0 255.255.255.0 U 0 00 enp8s0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 enp7s0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.200.184.254 0.0.0.0 UG0 00 enp8s0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 enp8s0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 enp7s0 Slow: route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface default 10.200.184.254 0.0.0.0 UG0 00 eth0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 eth0 link-local 0.0.0.0 255.255.0.0 U 1000 00 eth0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 eth0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.200.184.254 0.0.0.0 UG0 00 eth0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 00 eth0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 eth0 (169.254.0.0 in IANA -- no idea why that's in there. It's not mentioned in /etc/network/interfaces.) Both these are built by the same version of the OS on boot. Why they're different, I have no idea -- Fast has 2 Ethernet holes, Slow has 1 (configured as eth0 and eth0:1 to get to the 2 nets). I've tried removing the link-local line from the Slow's table -- doesn't seem to make any difference. Other than routing, Slow (with i5 CPU, DDR4 RAM, same clock speed) runs circles around Fast. -- Glenn English -BEGIN PGP SIGNATURE- Version: ProtonMail wsBzBAEBCAAGBQJgV7EKACEJEObKK1bRaqt3FiEExEbtoeXBeE9fruv35sor VtFqq3dWDQgAtpKNGULtszPvWr6Gk9k0ZdPngzUf7zlNNpKLob9H8RgsWOYJ i7zwPNp4sL8mRce24wIJGDukln40JLSSWp6QMbtHtdpVM54anmF7VWRihqFJ l2+tUxcVeLb6wG5m/x5ly1OnSs4C7oHbQAntON1O4q51sn/5egiLMaIypBsY CzmbH/GuBM+cmr8vBc2HHq8CA16gD5CzUvYHKlyeN58OWUvQcrTjnMveYZ+I Z1dFIYT+9vLV+dVlvpAhYIUbhwYW1hP6QhdeVKHGaLjV+zu8cEov0kQhhFtH J0m7yVmp681Xzxp2dCvrjLW7u6duPCLyqb94z/xX+UJyJ551gjf/OQ== =MuPr -END PGP SIGNATURE-
Re: Linux bridge TCP routing problem
On Tue, Mar 30, 2010 at 3:07 PM, l...@puhti.com wrote: Hello folks I have following setup: DMZ public IP 4 DMZ public IP 3 | Internet---br0, public IP 1 (eth0 is internet side and eth1 is DMZ side) br0:0, public IP 2---nat (eth2)---private IP Problem is that sometimes (a 2-4 times in a day) DMZ public IP 3 cannot make TCP connection to br0:0 public IP 2. The connection is lost from 5 minutes to 5 hours and fixes by itself. Connection can be fixed manually by running command nmap public IP 2 from DMZ public IP3. ICMP and UDP -protocols works fine. When system is broken and I try to make tcp-connection from DMZ public IP 3 to public IP 2 and dumping eth2, I see some of packets there. When system is working, no those backets can bee seen on eth2. DMZ public IP 3 can connect all the time in other mentioned IP:s. This system went broken when we removed all physdev-things from our firewall and upgraded from etch to lenny. Does anybody have a clue what sounds like you are having firewall issues, nmap is probably setting up connection tracking and allowing packets to flow again. What I don't understand is why you need to use bridging ? trying to save ip addresses ?? you can put iptables -j LOG ruiles in to test where packets are getting to, good rule of thumb is to log packets before drop/rejecting them physdev is important when you are firewalling bridge devices could cause the broblem or at least what could I do to investigate this problem more? System is Debian Lenny with default kernel 2.6.26-2-686 -Lauri- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/082ae19851cb6ef9852c548143c41206.squir...@ssl.puhti.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/836a6dcf1003300010v6bb49c2blc77041f0f35f5...@mail.gmail.com
Linux bridge TCP routing problem
Hello folks I have following setup: DMZ public IP 4 DMZ public IP 3 | Internet---br0, public IP 1 (eth0 is internet side and eth1 is DMZ side) br0:0, public IP 2---nat (eth2)---private IP Problem is that sometimes (a 2-4 times in a day) DMZ public IP 3 cannot make TCP connection to br0:0 public IP 2. The connection is lost from 5 minutes to 5 hours and fixes by itself. Connection can be fixed manually by running command nmap public IP 2 from DMZ public IP3. ICMP and UDP -protocols works fine. When system is broken and I try to make tcp-connection from DMZ public IP 3 to public IP 2 and dumping eth2, I see some of packets there. When system is working, no those backets can bee seen on eth2. DMZ public IP 3 can connect all the time in other mentioned IP:s. This system went broken when we removed all physdev-things from our firewall and upgraded from etch to lenny. Does anybody have a clue what could cause the broblem or at least what could I do to investigate this problem more? System is Debian Lenny with default kernel 2.6.26-2-686 -Lauri- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/082ae19851cb6ef9852c548143c41206.squir...@ssl.puhti.com
Re: Linux Brücke - Kernel 2.4 Routing-Problem
Am Freitag, 29. September 2006 16:55 schrieb Stefan Bauer: [bridge kram] Jetzt würde ich gerne den Verkehr, welcher über die Bridge geht und den Zielport 80 hat (--dport 80) an den lokalen Squid auf Port 3128 übergeben. Hier dachte ich an: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Funktioniert so aber nicht, die Anfragen gehen weiter über die Bridge und der Proxy sieht nichts von. Die Pakete durchlaufen keine iptables chains, da ja nichts geroutet wird. Schau dir mal die ebtables an. Entsprechende Dokumentation ist im Internet haufenweise zu finden. -- Markus Schulz Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rich Cook
Re: Linux Brücke - Kernel 2.4 Routing-Problem
Am Freitag, 29. September 2006 18:59 schrieb Stefan Bauer: gpgkeys: key 02D0ADDAD5176489 not found on keyserver Markus Schulz schrieb: Die Pakete durchlaufen keine iptables chains, da ja nichts geroutet wird. sicher? ich konnte auf freshmeat[1] anderers lesen. ich will einfach nur vermeiden extra einen neuen kernel zu bauen (die kiste steht nichtmal hier lokal) nur für einen befehl, welcher evtl. auch anders realisierbar ist. [1] http://osx.freshmeat.net/articles/view/1433/ Hast du auch das hier gelesen: bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT ... The first command says that packets passing through the bridge going to port 80 will be redirected to the local machine, instead of being bridged. -- Markus Schulz Plug and Play ist eine ganz tolle Sache, leider funktioniert es in der Regel nur zu 50 Prozent. Um exakt zu sein: Plug gelingt eigentlich immer... (Aus dem C-Tutorial von Jürgen Dankert)
Re: Linux Brücke - Kernel 2.4 Routing-Problem
Am Freitag, 29. September 2006 19:54 schrieb Stefan Bauer: gpgkeys: key 02D0ADDAD5176489 not found on keyserver Markus Schulz schrieb: Hast du auch das hier gelesen: bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT ja ich hab sogar noch weiter gelesen ;) To my surprise, even if BI removed the ebtables statement, it still worksB. Care to comment why ? In other words, the following statment is sufficient! iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ -j REDIRECT --to-port 3128 sowie die Antwort darauf: By the time i worked on that problem iptables was not able to see packets going thru the bridge. There was even another proyect useful for bringing packets into iptables: the frame diverter. Perhaps there was a promise to patch iptables. Maybe iptables is now capable of doing that without ebtables. ok, hatte das nur überflogen. Ich bleibe aber dabei, das iptables diese Pakete nicht zu Gesicht bekommt. Nach dieser Grafik http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png erscheint er mir aber unlogisch wie das ohne ebtables funktionieren soll.(ausser mittels Routing Regeln) Würde mich direkt interessieren warum es bei demjenigen auch ohne ebtables BRoute Regel funktioniert hat. -- Markus Schulz ich hatte einmal ein kommandozeilenprogramm, mit dem ich word-datein bearbeiten konnte, weiß aber nicht mehr wie das heißt. find . -name *.doc | xargs rm -f {} \; [Andreas Kretschmer in dug]
Re: Linux Brücke - Kernel 2.4 Routing-Problem
Am Freitag, 29. September 2006 20:12 schrieb Markus Schulz: Am Freitag, 29. September 2006 19:54 schrieb Stefan Bauer: gpgkeys: key 02D0ADDAD5176489 not found on keyserver Markus Schulz schrieb: Hast du auch das hier gelesen: bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT ja ich hab sogar noch weiter gelesen ;) To my surprise, even if BI removed the ebtables statement, it still worksB. Care to comment why ? In other words, the following statment is sufficient! iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ -j REDIRECT --to-port 3128 sowie die Antwort darauf: By the time i worked on that problem iptables was not able to see packets going thru the bridge. There was even another proyect useful for bringing packets into iptables: the frame diverter. Perhaps there was a promise to patch iptables. Maybe iptables is now capable of doing that without ebtables. ok, hatte das nur überflogen. Ich bleibe aber dabei, das iptables diese Pakete nicht zu Gesicht bekommt. Nach dieser Grafik http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png erscheint er mir aber unlogisch wie das ohne ebtables funktionieren soll.(ausser mittels Routing Regeln) Hmm ist aber eigentlich quark, gerade in dieser Grafik sieht man ja eigentlich, das die Pakete sehr wohl die PreRouting Chain der NAT und Mangle Table durchlaufen. Bin jetzt auch etwas verdutzt. -- Markus Schulz
OpenVPN Routing-Problem (Site2Site)
Hallo! Ich habe hier einen OpenVPN-Server der ansich läuft und die Verbindung des Clients akzeptiert. Realiesieren will eine Site2Site-Anbindung zweier Netzwerke. Hier mal die Ausgangslage: Server site (Konfig fürs Lan) -- Network: 192.168.100.0/24 Gateway: 192.168.100.99 VPN server: 192.168.100.99 (debain, ip_forward aktiviert) VPN subnet: 192.168.123.0/24 VPN address: 192.168.132.1 route -n des Servers: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.2 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.200.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 192.168.123.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth1 Client Site: Network: 192.168.200.0/24 Gateway: keines Eingetragen VPN Client host: 192.168.200.99 (linux, ip_forward aktiviert) VPN address: 192.168.123.6 route -n says: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.5 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.100.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.123.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth0 Symptome: - * Verbindung aktivert. * Ich kann jeder Maschine in 192.168.100.0/24 von 192.168.200.99 (192.168.123.6, VPNClient) erreichen * Ich kann 192.168.123.6 (VPN-Client) von jeder Maschine aus 192.168.100.0/24 erreichen * Ich kann KEINE Maschinen in 192.168.200.0/24 (ClientLAN) aus 192.168.100.0/24 (ServerLAN) erreichen * Ich kann KEINE Maschinen in 192.168.100.0/24 (ServerLAN) aus 192.168.200.0/24 (ClientLAN) erreichen. Meine Konfiguration: server.conf port 1193 proto udp dev tun tun-mtu 1500 fragment 1300 mssfix 1300 server 192.168.123.0 255.255.255.0 ifconfig-pool-persist ipp.txt push route 192.168.1.0 255.255.255.0 client-config-dir ccd client-to-client route 192.168.200.0 255.255.255.0 push route 192.168.100.0 255.255.255.0 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log openvpn.log verb 4 mute 10 - Client conf --- client dev tun proto udp remote 83.64.124.110 1193 resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 4 mute 10 tun-mtu 1500 fragment 1300 Wenn ich tcpdump auf dem Server ausführe, und aus dem ClientLAN (192.168.200.0/24) ins Server-LAN pinge, bekomme ich folgende Auzfzeichnungen: 11:32:04.259505 IP ns1.inode.at.domain vpnclient.hausstein.vpn.32771: 60826 1/2/2 (139) 11:32:05.242478 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 11:32:05.243031 IP 83.64.124.110.openvpn vpnclient.hausstein.vpn.32770: UDP, length: 69 11:32:06.242323 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 11:32:07.242407 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 11:32:08.242469 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 11:32:09.241203 arp who-has 83.64.124.110 tell vpnclient.hausstein.vpn 11:32:09.241298 arp reply 83.64.124.110 is-at 00:0e:2e:0b:30:6b 11:32:09.242460 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 11:32:10.242422 IP vpnclient.hausstein.vpn.32770 83.64.124.110.openvpn: UDP, length: 133 Das Routing dürfte meiner Meinung nach also klappen. 83.64.124.110 ist der VPN-Server Wenn ich am Server tcpdump auf tun0 ausführe, passts auch: 13:00:13.456524 IP 192.168.200.100 192.168.100.99: icmp 64: echo request seq 5285 13:00:14.456554 IP 192.168.200.100 192.168.100.99: icmp 64: echo request seq 5286 Am Server erhalte ich folgenden Mitschnitt auf die Schnittstelle die ins WAN zeigt: 11:32:44.232076 IP 83.64.124.105.32770 homestone.hausstein.at.openvpn: UDP, length 133 11:32:45.232125 IP 83.64.124.105.32770 homestone.hausstein.at.openvpn: UDP, length 133 11:32:46.232229 IP 83.64.124.105.32770 homestone.hausstein.at.openvpn: UDP, length 133 11:32:46.806972 IP homestone.hausstein.at.21720 249.176.102-84.rev.gaoland.net.13999: UDP, length 107 11:32:46.808032 IP homestone.hausstein.at.32769 ns1.inode.at.domain: 5129+ [1au] PTR? 249.176.102.84.in-addr.arpa. (56) 11:32:46.871778 IP ns1.inode.at.domain homestone.hausstein.at.32769: 5129 1/2/3 (170) 11:32:47.232332 IP 83.64.124.105.32770 homestone.hausstein.at.openvpn: UDP, length 133 11:32:48.232460 IP 83.64.124.105.32770
Re: OpenVPN Routing-Problem (Site2Site)
On Sat, Jun 03, 2006 at 12:54:01PM +0200, Martin Müller - Rudolf Hausstein OHG wrote: Server site (Konfig fürs Lan) -- Network: 192.168.100.0/24 Gateway: 192.168.100.99 VPN server: 192.168.100.99 (debain, ip_forward aktiviert) VPN subnet: 192.168.123.0/24 VPN address: 192.168.132.1 route -n des Servers: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.2 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.200.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 192.168.123.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth1 Der Client hat also im VPN-Transfernetz die 192.168.123.2 Client Site: Network: 192.168.200.0/24 Gateway: keines Eingetragen VPN Client host: 192.168.200.99 (linux, ip_forward aktiviert) VPN address: 192.168.123.6 Wieso hat der Client denn jetzt die 192.168.123.6 im VPN-Transfernetz? Sollte das nicht 192.168.123.2 sein? route -n says: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.5 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.100.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.123.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth0 Wer hat denn die 192.168.123.5? Sollte die Route nicht die auf den VPN-Server 192.168.123.1 zeigen? server.conf port 1193 proto udp dev tun tun-mtu 1500 fragment 1300 mssfix 1300 server 192.168.123.0 255.255.255.0 ifconfig-pool-persist ipp.txt push route 192.168.1.0 255.255.255.0 Wo kommt denn 192.168.1.0/24 her? Sollte da nicht push route 192.168.100.0 255.255.255.0 stehen? client-config-dir ccd client-to-client route 192.168.200.0 255.255.255.0 push route 192.168.100.0 255.255.255.0 Sollte das nicht ifconfig-push 192.168.123.2 192.168.123.1 sein? keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log openvpn.log verb 4 mute 10 - -- Nicht Absicht unterstellen, wenn auch Dummheit ausreicht! pgpAZ6E2GrzPE.pgp Description: PGP signature
Re: OpenVPN Routing-Problem (Site2Site)
Martin Reising [EMAIL PROTECTED] wrote: [-- text/plain, encoding quoted-printable, charset: iso-8859-1, 92 lines --] On Sat, Jun 03, 2006 at 12:54:01PM +0200, Martin Müller - Rudolf Hausstein OHG wrote: Server site (Konfig fürs Lan) -- Network: 192.168.100.0/24 Gateway: 192.168.100.99 VPN server: 192.168.100.99 (debain, ip_forward aktiviert) VPN subnet: 192.168.123.0/24 VPN address: 192.168.132.1 route -n des Servers: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.2 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.200.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 192.168.123.0 192.168.123.2 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth1 Der Client hat also im VPN-Transfernetz die 192.168.123.2 Nein, das passt schon. Das ist nur die Dummy-Route für das Transfernetz auf das tun0-Device. Durhc das server 192.168.123.0 in OpenVPN wird ein Netz folgender Art erzeugt: .0 - Netz-Adresse Server-Netz .1 - Server selbst .2 - Route auf das tun-Device auf dem Server für das Transfernetz .3 - Broadcast Server-Netz .4 - Netz-Adresse 1. Client Netz .5 - Gateway-Adresse Server für 1. Client .6 - 1. Client eigene Adressen .7 - Broadcast 1. Client ... ... ... Das wird so gebraucht, wenn man Windows-Clients hat, weil die immer Netz- und Broadcast-Adresse brauchen. Hat man nur Unix-Clients kann man OpenVPN anders konfigurieren und sich Netz- und Broadcast-Adressen sparen. Die Routen sehen dabei dann aber ähnlich aus. Client Site: Network: 192.168.200.0/24 Gateway: keines Eingetragen VPN Client host: 192.168.200.99 (linux, ip_forward aktiviert) VPN address: 192.168.123.6 Wieso hat der Client denn jetzt die 192.168.123.6 im VPN-Transfernetz? Sollte das nicht 192.168.123.2 sein? Nein, das ist schon OK so. route -n says: # route -n Kernel IP Routentabelle ZielRouter Genmask Flags Metric Ref Use Iface 192.168.123.5 0.0.0.0 255.255.255.255 UH0 0 0 tun0 83.64.124.960.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.100.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.123.0 192.168.123.5 255.255.255.0 UG0 0 0 tun0 0.0.0.0 83.64.124.970.0.0.0 UG0 0 0 eth0 Wer hat denn die 192.168.123.5? Sollte die Route nicht die auf den VPN-Server 192.168.123.1 zeigen? Nein, das ist auch korrekt so. Point-to-Point-Interfaces sind etwas eigenwillig in den möglichen IP-Vergaben. S° -- Sven Hartge -- professioneller Unix-Geek Meine Gedanken im Netz: http://www.svenhartge.de/ -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: routing problem
On Sat, May 13, 2006 at 08:43:35PM +0200, [EMAIL PROTECTED] wrote: Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? etc/network/interfaces.. iface eth0 inet static address 192.168.1.1 255.255.255.0 gateway 194.10.8.2 iface eth1 inet static address 194.10.8.2 255.255.255.252 gateway 194.10.8.1 I also added.. route add -net 0.0.0.0 netmask 0.0.0.0 gw 194.10.8.1 dev eth1 ..but no way to make my Debian works as router/gateway for computers iiside my lan Giuseppe Hello Giuseppe, You should remove the gateway for your eth0 configuration, as it is not in the same subnet of 192.168.1.1/24 Your default gateway for your other devices on the LAN should point to 192.168.1.1. Cheers! Wim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 wim wrote: On Sat, May 13, 2006 at 08:43:35PM +0200, [EMAIL PROTECTED] wrote: Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? etc/network/interfaces.. iface eth0 inet static address 192.168.1.1 255.255.255.0 gateway 194.10.8.2 iface eth1 inet static address 194.10.8.2 255.255.255.252 gateway 194.10.8.1 I also added.. route add -net 0.0.0.0 netmask 0.0.0.0 gw 194.10.8.1 dev eth1 ..but no way to make my Debian works as router/gateway for computers iiside my lan Giuseppe Hello Giuseppe, You should remove the gateway for your eth0 configuration, as it is not in the same subnet of 192.168.1.1/24 Your default gateway for your other devices on the LAN should point to 192.168.1.1. Also IP Forwarding has to be enabled. Ace. - -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEaFQM7U+DAAbUYg0RAkaIAJ9si3Ghoqp+ZPDQmyp+9OCbpfu4ugCdF6cr Xa/zXzQCdTBGES4tFMuwU40= =TMJS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
On Sat, 2006-05-13 at 20:43 +0200, [EMAIL PROTECTED] wrote: Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? what does cat /proc/sys/net/ipv4/ip_forward say? -- Chris [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
Title: routing problem Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? etc/network/interfaces.. iface eth0 inet static address 192.168.1.1 255.255.255.0 gateway 194.10.8.2 iface eth1 inet static address 194.10.8.2 255.255.255.252 gateway 194.10.8.1 I also added.. route add -net 0.0.0.0 netmask 0.0.0.0 gw 194.10.8.1 dev eth1 ..but no way to make my Debian works as router/gateway for computers iiside my lan Giuseppe
Re: routing problem
[EMAIL PROTECTED] wrote: Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? etc/network/interfaces.. iface eth0 inet static address 192.168.1.1 255.255.255.0 gateway 194.10.8.2 iface eth1 inet static address 194.10.8.2 255.255.255.252 gateway 194.10.8.1 I also added.. route add -net 0.0.0.0 netmask 0.0.0.0 gw 194.10.8.1 dev eth1 ..but no way to make my Debian works as router/gateway for computers iiside my lan Giuseppe Please investigate the shorewall package. Their documentation at www.shorewall.net provides a great deal of information on how to setup a firewall/gateway/router in a number of different combinations. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto signature.asc Description: OpenPGP digital signature
Re: routing problem
Roberto C. Sanchez wrote: [EMAIL PROTECTED] wrote: Hi all I have dth fallowing problem.. I have a router with public ip (for example 194.10.8.1/30) and my Debian whit eth1 public ip 194.10.8.2/30. Everything works fine I can ping outside no problem.. but my Debian also fas eth0 interface with ip 192.168.1.1 and it is the gateway of my LAN. The problem is that packets from my lan stops at 194.10.8.2. It seems to be Debian cannot routes packets ?? etc/network/interfaces.. iface eth0 inet static address 192.168.1.1 255.255.255.0 gateway 194.10.8.2 iface eth1 inet static address 194.10.8.2 255.255.255.252 gateway 194.10.8.1 I also added.. route add -net 0.0.0.0 netmask 0.0.0.0 gw 194.10.8.1 dev eth1 ..but no way to make my Debian works as router/gateway for computers iiside my lan Giuseppe Please investigate the shorewall package. Their documentation at www.shorewall.net provides a great deal of information on how to setup a firewall/gateway/router in a number of different combinations. -Roberto Roberto, I finally found great nfs documentation at the shorewall site. Very complete. You shorewall evangilization finally paid off! Thanks! H -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Audio Routing Problem in Ubuntu
Moin zusammen, ich weiß, dass das hier kein Ubuntu-Forum ist, aber letztlich ist's ja auch nur eine Vanilla-Distri und vielleicht hat jemand eine Idee zu fogendem Problem: Wir führen hier gerade VoIP mit Softphones ein und mein Test-Gegenüber hat Trouble mit seinem Sound-System: Der Mic-Eingang wird automatisch auf die Speaker geroutet und es scheint, als könne man das nicht abschalten. Das das Feedback nervt, brauche ich nicht erläutern Er benutzt eine onboard-Soundkarte (VIA AC97) und alsa-Treiber! Wir benutzen als Softphone x-lite, aber davon ist das Problem nicht abhängig! Mein Sarge-System macht das nicht. ?? Thanks, Boris
Re: Audio Routing Problem in Ubuntu
B wrote: Wir führen hier gerade VoIP mit Softphones ein und mein Test-Gegenüber hat Trouble mit seinem Sound-System: Der Mic-Eingang wird automatisch auf die Speaker geroutet und es scheint, als könne man das nicht abschalten. Das das Feedback nervt, brauche ich nicht erläutern Er benutzt eine onboard-Soundkarte (VIA AC97) und alsa-Treiber! Wir benutzen als Softphone x-lite, aber davon ist das Problem nicht abhängig! Dein Gegner soll mal den Microfonregler runterdrehen, oder ganz stummschalten und den 'Capture' Regler dafuer raufdrehen. Greetings, Reinhard -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Audio Routing Problem in Ubuntu
Reinhard Tartler wrote: B wrote: Wir führen hier gerade VoIP mit Softphones ein und mein Test-Gegenüber hat Trouble mit seinem Sound-System: Der Mic-Eingang wird automatisch auf die Speaker geroutet und es scheint, als könne man das nicht abschalten. Das das Feedback nervt, brauche ich nicht erläutern Er benutzt eine onboard-Soundkarte (VIA AC97) und alsa-Treiber! Wir benutzen als Softphone x-lite, aber davon ist das Problem nicht abhängig! Dein Gegner soll mal den Microfonregler runterdrehen, oder ganz stummschalten und den 'Capture' Regler dafuer raufdrehen. Moin Reinhard, erstmal vielen Dank für Dein Statement!! Das hat funktioniert!! Leider nur einmal (ein 'Telefonat'). Nach dem Auflegen () fällt bei ihm das Soundsystem aus, und zwar dadurch, dass x-lite (das Softphone) das /dev/dsp belegt, aber nicht mehr benutzen kann. Ein Beenden von x-lite hilft nicht, erst ein kill auf den x-lite-Prozess gibt das Device wieder frei und ein Neustart von x-lite führt zum Wieder-Funktionieren. Das ist also ein neues Problem Wir versuchen, x-lite (das Binary heißt xtensoftphone) mit artsdsp zu starten, aber das gibt einen Speicherzugriffsfehler :-( Gruß, Boris
Re: Audio Routing Problem in Ubuntu
On 14.02.06 16:13:37, B wrote: Wir versuchen, x-lite (das Binary heißt xtensoftphone) mit artsdsp zu starten, aber das gibt einen Speicherzugriffsfehler :-( Probierts doch mal mit aoss und dmix Plugin. Dann brauchts keinen Soundserver. Auch das funktioniert (leider) nicht immer, hat dieses xtensoftphone keine Moeglichkeit direkt auf Alsa auszugeben? Andreas PS: aoss ist aus dem Paket alsa-oss -- You will never know hunger. -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Re: Audio Routing Problem in Ubuntu
Andreas Pakulat wrote: On 14.02.06 16:13:37, B wrote: Wir versuchen, x-lite (das Binary heißt xtensoftphone) mit artsdsp zu starten, aber das gibt einen Speicherzugriffsfehler :-( Probierts doch mal mit aoss und dmix Plugin. Dann brauchts keinen Soundserver. Auch das funktioniert (leider) nicht immer, hat dieses xtensoftphone keine Moeglichkeit direkt auf Alsa auszugeben? Scheinbar nicht. Wir forschen noch... Vielen Dank für diese Idee! Wir werden morgen weiterbasteln! Gruß, Boris
Re: Routing problem
On Mon, 13 Feb 2006 21:43:08 + [EMAIL PROTECTED] wrote: I cannot get my linux box to act as a router, I'm hoping someone can help. My setup is sarge on a machine with 2 NICs, 192.168.1.2 and 192.168.2.1. I attach 192.168.1.2 to another machine with 2 NICs [192.168.1.1 and 192.168.0.6]. This is a Win2K machine, and it routes connections from the linux box to other machines on the 192.168.0.0/24 network. I now want to attach another machine [192.168.2.2] to 192.168.2.1. This machine [192.168.2.2] can ping either NIC in the linux box, but it cannot contact machines beyond it. I have used echo 1 /proc/sys/net/ipv4/ip_forward. Made no difference. I have tried using iptables but from what I can tell, I should not have to use that - the linux box ought to forward packets anyway. http://tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html#RC.FIREWALL-IPTABLES AFAIK it doesn't just forward packets by default... i haven't used a linux box for NAT since kernel 2.4 though. -- Shawn Lamson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing problem
On Mon, 2006-02-13 at 13:43, [EMAIL PROTECTED] wrote: I cannot get my linux box to act as a router, I'm hoping someone can help. My setup is sarge on a machine with 2 NICs, 192.168.1.2 and 192.168.2.1. I attach 192.168.1.2 to another machine with 2 NICs [192.168.1.1 and 192.168.0.6]. This is a Win2K machine, and it routes connections from the linux box to other machines on the 192.168.0.0/24 network. I now want to attach another machine [192.168.2.2] to 192.168.2.1. This machine [192.168.2.2] can ping either NIC in the linux box, but it cannot contact machines beyond it. Your network looks like this: .--. .---. .---. | A | | B | | C| | .2.2 +---+ .2.1 .1.2 +---+ .1.1 .0.6 +--- .0.* `--' `---' `---' When you attempt to send a packet from .2.2 to .1.1, how does system A know where to send it? Assuming such a packet reaches .1.1, how does system C know where to send the reply? You may need some routes. Perhaps these will allow A and C to talk. On A# route add default gw 192.168.2.1 On C# route add -net 192.168.2.0/24 gw 192.168.1.2 You have four or more hosts on three or more network segments. I'd strongly recommend an introductory networking course or book. With a firm understanding of the principles there's no limit to what you can achieve. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing problem
On Mon, 2006-02-13 at 13:43, [EMAIL PROTECTED] wrote: I cannot get my linux box to act as a router, I'm hoping someone can help. My setup is sarge on a machine with 2 NICs, 192.168.1.2 and 192.168.2.1. I attach 192.168.1.2 to another machine with 2 NICs [192.168.1.1 and 192.168.0.6]. This is a Win2K machine, and it routes connections from the linux box to other machines on the 192.168.0.0/24 network. I now want to attach another machine [192.168.2.2] to 192.168.2.1. This machine [192.168.2.2] can ping either NIC in the linux box, but it cannot contact machines beyond it. Your network looks like this: .--. .---. .---. | A | | B | | C| | .2.2 +---+ .2.1 .1.2 +---+ .1.1 .0.6 +--- .0.* `--' `---' `---' When you attempt to send a packet from .2.2 to .1.1, how does system A know where to send it? Assuming such a packet reaches .1.1, how does system C know where to send the reply? You may need some routes. Perhaps these will allow A and C to talk. On A# route add default gw 192.168.2.1 On C# route add -net 192.168.2.0/24 gw 192.168.1.2 You have four or more hosts on three or more network segments. I'd strongly recommend an introductory networking course or book. With a firm understanding of the principles there's no limit to what you can achieve. --Mike Bird Thanks Mike. I have routes set up as you describe, and when I look at the routing cache on the debian box [...1.2 and ...2.1] using route -Cn, packets from 192.168.1.1 trying to get to 192.168.2.2, and vice versa, appear in the list. This is from using ping from ..2.2 to ..1.1 and the other way round. That means they are arriving in the debian machine, but it seems not to be doing much with them. The flag shown is i, but man route doesn't explain the meaning of that. Regards - Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing problem
On Tue, 2006-02-14 at 12:14, [EMAIL PROTECTED] wrote: On Mon, 2006-02-13 at 13:43, [EMAIL PROTECTED] wrote: Your network looks like this: .--. .---. .---. | A | | B | | C| | .2.2 +---+ .2.1 .1.2 +---+ .1.1 .0.6 +--- .0.* `--' `---' `---' When you attempt to send a packet from .2.2 to .1.1, how does system A know where to send it? Assuming such a packet reaches .1.1, how does system C know where to send the reply? You may need some routes. Perhaps these will allow A and C to talk. On A# route add default gw 192.168.2.1 On C# route add -net 192.168.2.0/24 gw 192.168.1.2 You have four or more hosts on three or more network segments. I'd strongly recommend an introductory networking course or book. With a firm understanding of the principles there's no limit to what you can achieve. --Mike Bird Thanks Mike. I have routes set up as you describe, and when I look at the routing cache on the debian box [...1.2 and ...2.1] using route -Cn, packets from 192.168.1.1 trying to get to 192.168.2.2, and vice versa, appear in the list. This is from using ping from ..2.2 to ..1.1 and the other way round. That means they are arriving in the debian machine, but it seems not to be doing much with them. The flag shown is i, but man route doesn't explain the meaning of that. Use the source Joe. :-) The i flag appears to be associated with RTF_IRTT which is something to do with calculation of initial round trip time. Probably not relevant to your problem. At this point I'd wind up ethereal - or maybe just tethereal for looking at pings - and see how far the packets and/or replies were travelling. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Routing problem
I cannot get my linux box to act as a router, I'm hoping someone can help. My setup is sarge on a machine with 2 NICs, 192.168.1.2 and 192.168.2.1. I attach 192.168.1.2 to another machine with 2 NICs [192.168.1.1 and 192.168.0.6]. This is a Win2K machine, and it routes connections from the linux box to other machines on the 192.168.0.0/24 network. I now want to attach another machine [192.168.2.2] to 192.168.2.1. This machine [192.168.2.2] can ping either NIC in the linux box, but it cannot contact machines beyond it. I have used echo 1 /proc/sys/net/ipv4/ip_forward. Made no difference. I have tried using iptables but from what I can tell, I should not have to use that - the linux box ought to forward packets anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
Hi! i have 1 box, with 2 eth cards, both are in the same lan. eth0 192.168.1.1 eth1 192.168.1.10 i want to use it as dns server (eth0) and webserver (eth1). And ssh on both interfaces. bind conf: listen-on {148.247.153.1;} apache conf: Listen 192.168.1.10:80 #netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 All packets go out throught eth1! It doesn't mather if they are 192.168.1.1 or 192.168.1.10 How can i correct this? All 192.168.1.1 packets MUST go in and out throught eht0. And all 192.168.1.10 packets MUST go in and out throught eth1. How can i tell the routing table this? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
On 21/12/05 4:28 AM, Enrique Morfin wrote: All 192.168.1.1 packets MUST go in and out throught eht0. And all 192.168.1.10 packets MUST go in and out throught eth1. How can i tell the routing table this? If both interfaces are on the same subnet, then you aren't routing. Perhaps you should rethink what you are trying to do. Why does it matter which interface your traffic leaves on if both are on the same network? If you /really/ want to send traffic out on the same interface it came in on, perhaps have a look at http://lartc.org/howto/ Hope that helps. Regards, -- Lucas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Basic routing problem
Peter Coppens wrote: From: Brett [mailto:[EMAIL PROTECTED] You can possibly use ARP to get B to listen for A's packets and route them accordingly. For example I have the following setup: LAN-1 -- LAN-2 -- router -- internet All hosts on LAN-1 can talk to all hosts on LAN-2 and all hosts can access the internet via the router. I have found this to be a very good setup. The link between LAN-1 and LAN-2 is very slow and all the packets get to where they are going without wasting bandwidth. It also doesn't have any of the disadvantages of NAT'ing. Thanks for the suggestion. Would you be able to share details on how you configured your systems? I am willing to collect and explain what I did to get it working but it may take a little time (a couple of days) to make sure I get everything and to go over it so I can understand it again. And just now having a look at the routing table shows a couple of duplicate and/or conflicting routes (but they don't seem to be causing any problems). However for starters you might like to read this howto which explains a few things which you might need to know: http://www.faqs.org/docs/Linux-mini/Proxy-ARP-Subnet.html One thing to remember is that I put my solution together from snippets from usenet, forums, howto's and webpages. So it may not be technically 100% correct but expert help was thin at the time. Brett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Basic routing problem
I am willing to collect and explain what I did to get it working but it may take a little time (a couple of days) to make sure I get everything and to go over it so I can understand it again. And just now having a look at the routing table shows a couple of duplicate and/or conflicting routes (but they don't seem to be causing any problems). However for starters you might like to read this howto which explains a few things which you might need to know: http://www.faqs.org/docs/Linux-mini/Proxy-ARP-Subnet.html Let me start here and see where it gets me. Thanks, Peter
Re: Basic routing problem
On Sat, Oct 08, 2005 at 05:16:35AM -0400, Peter Coppens wrote: Debian (network) fans, I am strugging with a basic routing problem I have two machines and a router which is connected to the internet. [..] Anybody any suggestions what is going on, or any ideas which route or modules are missing on which machine? [..] Hi Peter, I know that you are more likely to get a response if you provide the output of at least: a) route -vee b) cat /etc/network/interfaces from each machine. I am not running a network yet and so can not directly help you but if I was then I would want to know the output of at least those commands. In other words, I hope someone else may help ;-) You running Sarge? -- Chris. == Reproduction if desired may be handled locally. -- rfc3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Basic routing problem
Or maybe you can make B act like a bridge instead of a router and put A on 192.168.1.0/24. I have attempted to use brctl on B to bridge eth0 and wlan0 and something seems to work...something meaning when I do dhclient on A it gets an address from R. After that I can however still not ping R. I get 'Destination Host Unreachable'. Any suggestions warmly appreciated, Thanks, Peter
Re: Basic routing problem
On Sun, Oct 09, 2005 at 06:48:00AM -0400, Peter Coppens wrote: Or maybe you can make B act like a bridge instead of a router and put A on 192.168.1.0/24. I have attempted to use brctl on B to bridge eth0 and wlan0 and something seems to work...something meaning when I do dhclient on A it gets an address from R. After that I can however still not ping R. I get 'Destination Host Unreachable'. Any suggestions warmly appreciated, Thanks, Peter More details (as somebody else wrote) would be helpful. A guess: you must set a route on machine A, something like: route add default gw 192.168.2.1 (that means: use B as a gateway to all other hosts) HTH -- Joachim Fahnenmüller -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Basic routing problem
Hendrik Sattler wrote: Peter Coppens wrote: I assume you missed to add a route on R for the net of A pointing to B. Yes...that is probably what is wrong. Problem is I don't have enough privileges on the router to do that. Seems I am stuck, sigh. You can do NAT for A on B or install a proxy on B. You can possibly use ARP to get B to listen for A's packets and route them accordingly. For example I have the following setup: LAN-1 -- LAN-2 -- router -- internet All hosts on LAN-1 can talk to all hosts on LAN-2 and all hosts can access the internet via the router. I have found this to be a very good setup. The link between LAN-1 and LAN-2 is very slow and all the packets get to where they are going without wasting bandwidth. It also doesn't have any of the disadvantages of NAT'ing. HTH, Brett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Basic routing problem
Brett, Thanks for the suggestion. Would you be able to share details on how you configured your systems? Tx, Peter -Original Message- From: Brett [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 5:41 AM To: debian-user@lists.debian.org Subject: Re: Basic routing problem Hendrik Sattler wrote: Peter Coppens wrote: I assume you missed to add a route on R for the net of A pointing to B. Yes...that is probably what is wrong. Problem is I don't have enough privileges on the router to do that. Seems I am stuck, sigh. You can do NAT for A on B or install a proxy on B. You can possibly use ARP to get B to listen for A's packets and route them accordingly. For example I have the following setup: LAN-1 -- LAN-2 -- router -- internet All hosts on LAN-1 can talk to all hosts on LAN-2 and all hosts can access the internet via the router. I have found this to be a very good setup. The link between LAN-1 and LAN-2 is very slow and all the packets get to where they are going without wasting bandwidth. It also doesn't have any of the disadvantages of NAT'ing. HTH, Brett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Basic routing problem
Debian (network) fans, I am strugging with a basic routing problem I have two machines and a router whichis connected to the internet. A -- B -- R - Internet - A is connected to B through eth0, static IP 192.168.2.2 - B is connected to A through eth0, static IP 192.168.2.1 - B is connected to R through wlan0, dynamic IP 192.168.1.102 - ip forwarding on B is enabledI think, no ipchain enabled or installed. I have added routes added so that - A can ping B on 192.168.2.1 and192.168.1.102 - B can ping A, R and theInternet I can not get A to ping R nor the Internet Anybody any suggestions what is going on, or any ideas which route or modules are missing on which machine? Thanks, Peter
Re: Basic routing problem
Hello Peter, On Sat, 8 Oct 2005 05:16:35 -0400 Peter Coppens [EMAIL PROTECTED] wrote: Debian (network) fans, I am strugging with a basic routing problem I have two machines and a router which is connected to the internet. A -- B -- R - Internet - A is connected to B through eth0, static IP 192.168.2.2 - B is connected to A through eth0, static IP 192.168.2.1 - B is connected to R through wlan0, dynamic IP 192.168.1.102 - ip forwarding on B is enabledI think, no ipchain enabled or installed. I have added routes added so that - A can ping B on 192.168.2.1 and 192.168.1.102 - B can ping A, R and the Internet I can not get A to ping R nor the Internet I assume you missed to add a route on R for the net of A pointing to B. Anybody any suggestions what is going on, or any ideas which route or modules are missing on which machine? Jörg -- Jörg Schütter http://www.schuetter.org/joerg [EMAIL PROTECTED]http://www.lug-untermain.de/
RE: Basic routing problem
I assume you missed to add a route on R for the net of A pointing to B. Yes...that is probably what is wrong. Problem is I don't have enough privileges on the router to do that. Seems I am stuck, sigh. Thanks for the help, Peter -Original Message- From: Jörg Schütter [mailto:[EMAIL PROTECTED] Sent: Saturday, October 08, 2005 1:11 PM To: debian-user@lists.debian.org Subject: Re: Basic routing problem Hello Peter, On Sat, 8 Oct 2005 05:16:35 -0400 Peter Coppens [EMAIL PROTECTED] wrote: Debian (network) fans, I am strugging with a basic routing problem I have two machines and a router which is connected to the internet. A -- B -- R - Internet - A is connected to B through eth0, static IP 192.168.2.2 - B is connected to A through eth0, static IP 192.168.2.1 - B is connected to R through wlan0, dynamic IP 192.168.1.102 - ip forwarding on B is enabledI think, no ipchain enabled or installed. I have added routes added so that - A can ping B on 192.168.2.1 and 192.168.1.102 - B can ping A, R and the Internet I can not get A to ping R nor the Internet I assume you missed to add a route on R for the net of A pointing to B. Anybody any suggestions what is going on, or any ideas which route or modules are missing on which machine? Jörg -- Jörg Schütter http://www.schuetter.org/joerg [EMAIL PROTECTED]http://www.lug-untermain.de/
RE: Basic routing problem
Peter Coppens wrote: I assume you missed to add a route on R for the net of A pointing to B. Yes...that is probably what is wrong. Problem is I don't have enough privileges on the router to do that. Seems I am stuck, sigh. You can do NAT for A on B or install a proxy on B. HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Basic routing problem
Peter Coppens wrote: I assume you missed to add a route on R for the net of A pointing to B. Yes...that is probably what is wrong. Problem is I don't have enough privileges on the router to do that. Seems I am stuck, sigh. You could enable NAT on B; in that case, the router doesn't need to know about A's subnet. Or maybe you can make B act like a bridge instead of a router and put A on 192.168.1.0/24. -- If I have been able to see further, it was only because I stood on the shoulders of giants. -- Isaac Newton Roel Schroeven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
On 7/21/05, eva s [EMAIL PROTECTED] wrote: Routing bridging problem med min ipaq5550 med familiar som kopplats genom usb till host Har kopplat SSH remote X11 ,vilket funkar Kan pinga numeriskt till yttre världen från PDA, funkar Men har hostname lookup failure och kan inte pinga routern heller, 192.168.0.1 från PDA'n, resolv.conf har samma ip som resten av datorerna. Host eth0 192.168.0.101 Host usb0 192.168.0.103 default gw 192.168.0.1 iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to 192.168.0.101 echo 1 /proc/sys/net/ipv4/ip_forward Router 192.168.0.1 PDA usbf 192.168.0.102 route add -host 192.168.129.103 usbf route add default gw 192.168.129.103 Kolla ARP-tabellen för på handdatorn. Du kanske måste ställa in PC:n på att svara på ARP-förfrågningar som gäller 192.168.0-nätet.
Re: routing problem
ok ska kolla det -eva brbrbrgt;From: Karl Eklund lt;[EMAIL PROTECTED]gt;brgt;Reply-To: Karl Eklund lt;[EMAIL PROTECTED]gt;brgt;To: debian-user-swedish@lists.debian.orgbrgt;Subject: Re: routing problembrgt;Date: Fri, 22 Jul 2005 16:50:37 +0200brgt;brgt;On 7/21/05, eva s lt;[EMAIL PROTECTED]gt; wrote:brgt; gt; Routing bridging problem med min ipaq5550 med familiar som kopplats genombrgt; gt; usb till hostbrgt; gt;brgt; gt; Har kopplat SSH remote X11 ,vilket funkarbrgt; gt; Kan pinga numeriskt till yttre världen från PDA, funkarbrgt; gt; Men har hostname lookup failure och kan inte pinga routern heller,brgt; gt; 192.168.0.1 från PDA'n,brgt; gt; resolv.conf har samma ip som resten av datorerna.brgt; gt;brgt; gt;brgt; gt; Host eth0 192.168.0.101brgt; gt; Host usb0 192.168.0.103brgt; gt; default gw 192.168.0.1brgt; gt;brgt; gt; iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to 192.168.0.101brgt; gt; echo quot;1quot; gt; /proc/sys/net/ipv4/ip_forwardbrgt; gt;brgt; gt; Router 192.168.0.1brgt; gt;brgt; gt; PDA usbf 192.168.0.102brgt; gt; route add -host 192.168.129.103 usbfbrgt; gt; route add default gw 192.168.129.103brgt;brgt;Kolla ARP-tabellen för på handdatorn. Du kanske måste ställa in PC:nbrgt;på att svara på ARP-förfrågningar som gäller 192.168.0-nätet.brgt;br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] HTML-mail Was:Re: routing problem
Blir det inte underbara mail från hot-mail? //I On Fri, Jul 22, 2005 at 05:00:46PM +, eva s wrote: ok ska kolla det -eva brbrbrgt;From: Karl Eklund lt;[EMAIL PROTECTED]gt;brgt;Reply-To: Karl Eklund lt;[EMAIL PROTECTED]gt;brgt;To: debian-user-swedish@lists.debian.orgbrgt;Subject: Re: routing problembrgt;Date: Fri, 22 Jul 2005 16:50:37 +0200brgt;brgt;On 7/21/05, eva s lt;[EMAIL PROTECTED]gt; wrote:brgt; gt; Routing bridging problem med min ipaq5550 med familiar som kopplats genombrgt; gt; usb till hostbrgt; gt;brgt; gt; Har kopplat SSH remote X11 ,vilket funkarbrgt; gt; Kan pinga numeriskt till yttre v?rlden fr?n PDA, funkarbrgt; gt; Men har hostname lookup failure och kan inte pinga routern heller,brgt; gt; 192.168.0.1 fr?n PDA'n,brgt; gt; resolv.conf har samma ip som resten av datorerna.brgt; gt;brgt; gt;brgt; gt; Host eth0 192.168.0.101brgt; gt; Host usb0 192.168.0.103brgt; gt; default gw 192.168.0.1brgt; gt;brgt; gt; iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to 192.168.0.101brgt; gt; echo quot;1quot; gt; /proc/sys/net/ipv4/ip_forwardbrgt; gt;brgt; gt; Router 192.168.0.1brgt; gt;brgt; gt; PDA usbf 192.168.0.102brgt; gt; route add -host 192.168.129.103 usbfbrgt; gt; route add default gw 192.168.129.103brgt;brgt;Kolla ARP-tabellen f?r p? handdatorn. Du kanske m?ste st?lla in PC:nbrgt;p? att svara p? ARP-f?rfr?gningar som g?ller 192.168.0-n?tet.brgt;br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Routing problem with OpenVPN.
Hi guys, I Wonder if I could pick your minds for a moment with a routing problem I am having. I've been asked to setup a VPN for a client to so they can log into their linux server from home. That part of things I was able to handle no problems. Now he wants to be able to use VNCviewer to take over his work desktop over the VPN, and it is here that I am having routing problems. The work network is a 192.168.0.0/24 network, with the VPN/samba server on 192.168.0.22 and the internet gateway router on 192.168.0.21 The VPN is using OpenVPN in a TUN routed mode. (meaning the network it is connecting to must have a different subnet from the home network.) I'm using my laptop and home network to test this before setting it up at his end. The network looks like this: Internal machine on work network. X (this machine can ping the remote laptop, X but the remote laptop cannot ping it.) X 192.168.0.27 X X OpenVPN/Samba server (192.168.0.22 local interface ) | (Tun VPN interface 10.254.0.1) | | | Internet gateway router. (192.168.0.21 local interface) | (Router port forwards port 5000 traffic to VPN server: 192.168.0.22) | |INTERNET | | | Home network router. (192.168.1.4) | (NAT provided to local clients) | | Laptop 192.168.1.16 (Tun 10.254.0.2) Running VPN client, connecting to VPN server perfectly, able to ping vpn servers local network connection as well as vpn IP's (pinging both 192.168.0.22 and 10.254.0.1 works fine from here.) But this machine cannot ping any address's past the VPN server and that is what I need to solve. The route on the client laptop is: ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.254.0.2 Which correctly directs all traffic for a 192.168.0.0/24 network over the VPN to the server. The route on the server is: route add 192.168.1.0 netmask 255.255.255.0 gw 10.254.0.1 Which correctly directs traffic for 192.168.1.x to the TUN VPN. (since the server already has an interface on the 192.168.0.x network, it has a default route for those packets in its routing table as well.) - The VPN server can ping everyone, internal clients behind it, the router itself, and my remote 192.168.1.16 address. - The remote laptop can ping all of the vpn servers interfaces. - The remote laptop can NOT ping any other machine on that remote work network other then the servers interfaces and that is what I need to fix. It seems like the VPN server will not accept any packets for IP's that it doesn't have an exact interface match for, even though it has a route statement in place that is supposed to route any 192.168.0.x packets out of it's own local interface to that network. (eth0) I've been pulling my hair out all weekend trying to work this out. If it helps, here is the routing table from the VPN server. # netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.254.0.2 * 255.255.255.255 UH0 0 0 tun0 192.168.1.0 10.254.0.1 255.255.255.0 UG0 0 0 tun0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default vpn.eze-grou 0.0.0.0 UG0 0 0 eth0 As you can see, it has default route for 192.168.0.x because it has a local interface on that network. I've added the 192.168.1.0 10.254.0.1 255.255.255.0 UG 0 0 0 tun0 to route traffic for 192.168.1.x to the VPN which is working perfectly. but the VPN server will not accept a ping from the remote laptop and route it to a machine on it's local network and I can't figure out why. I even tried at one stage adding an explicite route like so: 192.168.0.27192.168.0.22255.255.255.255 UGH 0 0 0 eth0 To see if I could get it to accept the ping to 192.168.0.27 and route it to it's local eth0 interface (192.168.0.22) but that hasn't worked either. There are no firewalls blocking anything, so it's not a case of filtering. Please please PLEASE, anyone with any knowledge of routing have a look at this and see what I'm missing.. :-) rgds Franki -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing problem with OpenVPN.
On 5/1/05, Franki [EMAIL PROTECTED] wrote: But this machine cannot ping any address's past the VPN server and that is what I need to solve. It seems like the VPN server will not accept any packets for IP's that it doesn't have an exact interface match for, even though it has a route statement in place that is supposed to route any 192.168.0.x packets out of it's own local interface to that network. (eth0) I've been pulling my hair out all weekend trying to work this out. Check your firewall rules... and that ip_forward is turned on. http://openvpn.net/man.html#lbAV Scroll down to the Routing section... -- Jiann-Ming Su I have to decide between two equally frightening options. If I wanted to do that, I'd vote. --Duckman
Re: (OT) OpenVPN: routing problem
Guten Tag Goran Ristic, Am Donnerstag, 14. April 2005 um 22:56 schrieb Goran Ristic: Hallo, Stefan! Thursday, 14. April 2005 Es liegt nicht an der Firewall. - Ich muss einfach andere routes pushen. Interessant ist folgende Konfig: TLS-Server 1 |- TLS-Client (linux) mit eigenem Netz hinter 2 |- TLS-Clients (linux) per WLAN (lokal) 3 |- TLS-Client (windows) mit eigebem Netz hinter 4 |- TLS-Clients (windows) per WLAN (lokal) Noch immer habe ich das Problem: für alle aus (2) und (4) muss, da lokal, und per DHCP, die default-route umgebogen werden. Für (1) und (3) darf das nicht geschehen. Die wollen sonst ihr komplettes Netz per VPN über meinen Server ins Internet bringen. Im Moment löse ich das mit zwei Openvpn-Server Konfigs. Eine für Linux, eine für Windows. Eine dritte (ip2ip( läuft, um (1) ans VPN anzubinden. Hallo nochmal! Wie wär´s mit ner anderen Idee... Die routen (defaultroute) ist doch statisch, d.h. es wird immer dieselbe Adresse angegeben, ja? Dann könntest du das doch über die Clientkonfigs lösen: bei mir gibt´s da Folgenden Eintrag: # To get the route and ifconfig settings # from the server AUTOMATICALLY # If not set, # ifconfig 172.16.1.2 172.16.1.1 # route 172.16.1.0 255.255.255.0 # route 192.168.100.0 255.255.255.0 # will be needed. pull D.h. er besorgt sich die Routen vom Server. In deiner Situation würde ich das so lösen, dass er alles vom Server bekommt, ausser der Defaultroute und DIE setzt du indem du pull aktivierst und dann zusätzlich in deiner Clientenkonfig noch in etwa Folgendes eintragen: #push route informations to client push route-gateway 172.16.0.1 push redirect-gateway local push ip-win32 dynamic (wobei das nun die Serverkonfig ist, dass musst du halt umdrehen, z.B. route-gateway 172.16.0.1 als Eintrag in der Clientkonfig -ich weiss aber nicht, obs das gibt-) Normalerweise müsste das eigentlich gehen, denn damit würde das nur auf bestimmten Rechnern aktiv, die das so WOLLEN (denn da muss es dann ja explizit eingestellt werden). ciao, kniffte
Re: (OT) OpenVPN: routing problem
Guten Tag Goran Ristic, Am Montag, 11. April 2005 um 13:54 schrieb Goran Ristic: Hallo, Jan! Monday, 11. April 2005 Wie bekomme ich es also hin? Eine Konfig? Zwei? Und wie route ich dann beide Netze untereinander? Selbst nicht gemacht, aber es geb etwas mit Pulling. Bastle selbst gerade am Routing in OpenVPN so dass man von jedem Rechner jeden anderen sehen kann (was zur Zeit nicht klappt, sondern nur in eine Richtung). Im Moment habe ich das hinbekommen. - Allerdings noch immer mit zwei Konfigurationen. Eine für Wintendo-Kisten, eine für Unix. Wenn Du interesse hast, kann ich Dir aber mal meine Konfig schicken, vielleicht ist was für Dich dabei? Ja, gern. Vllt. bekommen wir zusammen eine hin. ;) Hallo! So was hatte ich auch mal, bei mir lags dann aber an einer fehlerhaften Firewallkonf. Könnt ihr eventl. mal tcpdump mitlaufen lassen, wenn ihr einen ping von einem Rechner durch den Tunnel zu einem Rechner im anderen LAN schickt? Und dann das Ganze noch ein 2. Mal wenn´s retour geht... Vielleicht sieht man dann ja, woran´s liegen könnte. Danke cu, Stefan
Re: (OT) OpenVPN: routing problem
Goran Ristic wrote: Wie bekomme ich es also hin? Eine Konfig? Zwei? Und wie route ich dann beide Netze untereinander? Selbst nicht gemacht, aber es geb etwas mit Pulling. Bastle selbst gerade am Routing in OpenVPN so dass man von jedem Rechner jeden anderen sehen kann (was zur Zeit nicht klappt, sondern nur in eine Richtung). Wenn Du interesse hast, kann ich Dir aber mal meine Konfig schicken, vielleicht ist was fr Dich dabei? Cheers, Jan signature.asc Description: OpenPGP digital signature
Routing-Problem
Hallo Mailingliste, ich habe ein Problem mit dem Routing meines Netzwerks. Das Netzwerk ist folgendermaßen aufgebaut: Rechner1 hat drei Netzwerkkarten: * ath0 (funklan): 192.168.1.12 --- hier hängen weitere Clients z. B. 192.168.1.2 und der Einwahlrechner zum Internet (192.168.1.254) dran * eth0: 192.168.2.1 --- hier hängen weitere Clients z. B. 192.168.2.2 dran * eth1: 192.168.3.1 --- hier hängen weitere Clients z. B. 192.168.3.2 dran Ich kann vom Rechner1 zu jedem Client (z. B. 192.168.1.2, 192.168.2.2, 192.168.2.3) pingen. Auch die Pings von den Clients zum Rechner1 gehen. Leider geht jedoch kein Ping über die Netzwerkrenzen hinweg, also z. B. von 192.168.1.2 auf 192.168.2.2. Hat jemand eine Idee, woran das liegen könnte? Danke! Gerhard P. S. Hier noch ein paar Zusatzinformationen Meine Routing-Tabelle sieht so aus: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.3.0 * 255.255.255.0 U 0 00 eth1 192.168.2.0 * 255.255.255.0 U 0 00 eth0 localnet* 255.255.255.0 U 0 00 ath0 default micky 0.0.0.0 UG0 00 ath0 Meine /etc/network/interfaces sieht so aus: # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.2.1 netmask 255.255.255.0 network 192.168.2.0 broadcast 192.168.2.255 auto eth1 iface eth1 inet static address 192.168.3.1 netmask 255.255.255.0 network 192.168.3.0 broadcast 192.168.3.255 auto ath0 iface ath0 inet static address 192.168.1.12 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.254 wireless_mode managed wireless_essid wireless_rate auto wireless_key -----xx -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing-Problem
Gerhard Engler schrieb: Hallo Mailingliste, ich habe ein Problem mit dem Routing meines Netzwerks. Das Netzwerk ist folgendermaßen aufgebaut: Rechner1 hat drei Netzwerkkarten: * ath0 (funklan): 192.168.1.12 --- hier hängen weitere Clients z. B. 192.168.1.2 und der Einwahlrechner zum Internet (192.168.1.254) dran * eth0: 192.168.2.1 --- hier hängen weitere Clients z. B. 192.168.2.2 dran * eth1: 192.168.3.1 --- hier hängen weitere Clients z. B. 192.168.3.2 dran Ich kann vom Rechner1 zu jedem Client (z. B. 192.168.1.2, 192.168.2.2, 192.168.2.3) pingen. Auch die Pings von den Clients zum Rechner1 gehen. Leider geht jedoch kein Ping über die Netzwerkrenzen hinweg, also z. B. von 192.168.1.2 auf 192.168.2.2. Hat jemand eine Idee, woran das liegen könnte? wurde Forwarding eingschaltet? echo 1 /proc/sys/net/ipv4/ip_forward -- /// HTH (..) - stefan oo0-\/-0oo--- http://www.sbsbavaria.de/ -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing-Problem
Am Sonntag 18 Juli 2004 14:52 schrieb Gerhard Engler: Hallo Mailingliste, ich habe ein Problem mit dem Routing meines Netzwerks. Das Netzwerk ist folgendermaßen aufgebaut: Rechner1 hat drei Netzwerkkarten: * ath0 (funklan): 192.168.1.12 --- hier hängen weitere Clients z. B. 192.168.1.2 und der Einwahlrechner zum Internet (192.168.1.254) dran * eth0: 192.168.2.1 --- hier hängen weitere Clients z. B. 192.168.2.2 dran * eth1: 192.168.3.1 --- hier hängen weitere Clients z. B. 192.168.3.2 dran Ich kann vom Rechner1 zu jedem Client (z. B. 192.168.1.2, 192.168.2.2, 192.168.2.3) pingen. Auch die Pings von den Clients zum Rechner1 gehen. Leider geht jedoch kein Ping über die Netzwerkrenzen hinweg, also z. B. von 192.168.1.2 auf 192.168.2.2. [..] Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 * 255.255.255.0 U 0 0 0 eth1 192.168.2.0 * 255.255.255.0 U 0 00 eth0 localnet* 255.255.255.0 U 0 00 ath0 default micky 0.0.0.0 UG0 00 ath0 Das sind nur die Routen für deine zwei Netzwerkkarten. Das macht aber noch nix. Wenn du jetzt von Client1 auf Client2 willst mußt du zwei Routen legen. 1. Auf dem Client im Netz 192.168.3.0 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.2 damit kommst du in das Netz 192.168.2.0 2. Auf dem Client im Netz 192.168.2.0 route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.2 damit kommst du in das Netz 192.168.3.0 Du brauchst immer zwei Routen. Eine für 'hin' und eine für 'zurück' Natürlich solltes du IP-Forwarding einschalten. Siehe Mail von Stephan. cu -- Roland Kruggel mailto: [EMAIL PROTECTED] System: Intel 3.2Ghz, Debian sid, 2.6.7, KDE 3.2.2
Re: Routing-Problem
Stefan Blechschmidt schrieb: Gerhard Engler schrieb: Hallo Mailingliste, ich habe ein Problem mit dem Routing meines Netzwerks. Das Netzwerk ist folgendermaßen aufgebaut: Rechner1 hat drei Netzwerkkarten: * ath0 (funklan): 192.168.1.12 --- hier hängen weitere Clients z. B. 192.168.1.2 und der Einwahlrechner zum Internet (192.168.1.254) dran * eth0: 192.168.2.1 --- hier hängen weitere Clients z. B. 192.168.2.2 dran * eth1: 192.168.3.1 --- hier hängen weitere Clients z. B. 192.168.3.2 dran Ich kann vom Rechner1 zu jedem Client (z. B. 192.168.1.2, 192.168.2.2, 192.168.2.3) pingen. Auch die Pings von den Clients zum Rechner1 gehen. Leider geht jedoch kein Ping über die Netzwerkrenzen hinweg, also z. B. von 192.168.1.2 auf 192.168.2.2. Hat jemand eine Idee, woran das liegen könnte? wurde Forwarding eingschaltet? echo 1 /proc/sys/net/ipv4/ip_forward Vielen Dank für die Info. Ich wuste bisher gar nicht, dass ich das einschalten muss. Reicht das einmal oder muss ich es jedesmal eingeben (somit evtl. in die init-scripte einbinden)? Danke! Gerhard -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing-Problem
Hallo, wurde Forwarding eingschaltet? echo 1 /proc/sys/net/ipv4/ip_forward Vielen Dank für die Info. Ich wuste bisher gar nicht, dass ich das einschalten muss. Reicht das einmal oder muss ich es jedesmal eingeben (somit evtl. in die init-scripte einbinden)? ipforwarding wird in dem beschriebenen fall über das proc-verz eingeschaltet, das heißt Du schaltest das in den laufenden kernel, also nur temporär, beim nächsten systemstart muss das wieder gesetzt werden. Also irgendein script schreiben, oder was noch sicherer ist: in eine firewall einbauen... thomas -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing-Problem
Thomas Bartholomäus writes wurde Forwarding eingschaltet? echo 1 /proc/sys/net/ipv4/ip_forward Vielen Dank für die Info. Ich wuste bisher gar nicht, dass ich das einschalten muss. Reicht das einmal oder muss ich es jedesmal eingeben (somit evtl. in die init-scripte einbinden)? ipforwarding wird in dem beschriebenen fall über das proc-verz eingeschaltet, das heißt Du schaltest das in den laufenden kernel, also nur temporär, beim nächsten systemstart muss das wieder gesetzt werden. Also irgendein script schreiben, oder was noch sicherer ist: in eine firewall einbauen... /etc/network/options: ip_forward=yes -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing-Problem
Gruesse! * Gerhard Engler [EMAIL PROTECTED] schrieb am [18.07.04 18:44]: wurde Forwarding eingschaltet? echo 1 /proc/sys/net/ipv4/ip_forward Vielen Dank für die Info. Ich wuste bisher gar nicht, dass ich das einschalten muss. Reicht das einmal oder muss ich es jedesmal eingeben (somit evtl. in die init-scripte einbinden)? Ändere den Eintrag in /etc/network/options auf ip_forward=yes sollte genügen. Kontrollieren kannst du es ja z.B. nach einem Neustart mit: cat /proc/sys/net/ipv4/ip_forward Sollte dann 1 ergeben. Danke! Gerhard Gruß Gerhard
Re: Routing Problem mit Freeswan
Hallo und danke für die Antwort. 1. welche FreeS/WAN Version? Super-FreeS/WAN 1.99 2. welches BS? Debian Woody 3. Output von plutodebug=all Ist sehr viel, aber sieht alles i.O. aus, er akzeptiert die Verbingung sa complete aber wenn ich aus der Gegenseite was im Privaten Netz anpinge kommt da keine Antwort. Wie gesagt, ich vermute ein Routing Problem, kann mir selber auch nicht mehr weiterhelfen. Grüsse! Markus -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing Problem mit Freeswan
Hallo MArkus, Markus Litz schrieb: Hallo! Ich habe ein routingproblem mit Freeswan. Und zwar gestaltet es sich wie folgt: das hat aber nicht wirklich etwas mit Debian zu tun. Trotzdem, zum Beantworten sind evt. mehr Angaben notwendig: 1. welche FreeS/WAN Version? 2. welches BS? 3. Output von plutodebug=all Ein Freeswan Server hat folgende Netzwerkconfig: eth0: 172.16.0.0/16 (Internes Netz) eth2: 197.35.2.8/24 (externer Real-IP). Nun ist freeswan konfiguriert mit: # basic configuration config setup interfaces=ipsec0=eth2 ^ aber versuch hier erstmal %defaultroute [config] -- Das IPSEC0-Device ist also auch 197.35.2.8. 172.16.10.1 ist der Interne Router. Wenn die IPSEC verbindung nun aufgebaut wird (das klappt wunderbar) dann steht in der auth.log: roadwarrior[1] 197.35.2.8 #2: route-client output: SIOCADDRT: Network is unreachable roadwarrior[1] 197.35.2.8 #2: route-client output: /usr/local/lib/ipsec _updown: `route add -net 197.35.2.8 netmask 255.255.255.255 dev ipsec0 gw 172.16.10.1' failed roadwarrior[1] 197.35.2.8 #2: route-client output: /usr/local/lib/ipsec _updown: (incorrect or missing nexthop setting??) Da muss doch was mit demRouting falsch sein, aber ich versteh einfach nicht was. Falls es hier jemanden gibt der sich mehr damit auskennt wäre ich für eine Antwort sehr dankbar!! Viele Dank schonmal! Markus HTH Reinhold -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Routing Problem mit Freeswan
Hallo! Ich habe ein routingproblem mit Freeswan. Und zwar gestaltet es sich wie folgt: Ein Freeswan Server hat folgende Netzwerkconfig: eth0: 172.16.0.0/16 (Internes Netz) eth2: 197.35.2.8/24 (externer Real-IP). Nun ist freeswan konfiguriert mit: # basic configuration config setup interfaces=ipsec0=eth2 klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=1 disablearrivalcheck=no authby=rsasig leftrsasigkey=%cert rightrsasigkey=%cert leftcert=gatecert.pem leftnexthop=172.16.10.1 leftupdown=/usr/local/lib/ipsec/_updown conn roadwarrior right=%any left=197.35.2.8 leftsubnet=172.16.0.0/16 rightid=C=DE, ST=NRW, L=Düsseldorf, O=UFP, OU=xXx, CN=markus, [EMAIL PROTECTED] auto=add pfs=yes -- Das IPSEC0-Device ist also auch 197.35.2.8. 172.16.10.1 ist der Interne Router. Wenn die IPSEC verbindung nun aufgebaut wird (das klappt wunderbar) dann steht in der auth.log: roadwarrior[1] 197.35.2.8 #2: route-client output: SIOCADDRT: Network is unreachable roadwarrior[1] 197.35.2.8 #2: route-client output: /usr/local/lib/ipsec _updown: `route add -net 197.35.2.8 netmask 255.255.255.255 dev ipsec0 gw 172.16.10.1' failed roadwarrior[1] 197.35.2.8 #2: route-client output: /usr/local/lib/ipsec _updown: (incorrect or missing nexthop setting??) Da muss doch was mit demRouting falsch sein, aber ich versteh einfach nicht was. Falls es hier jemanden gibt der sich mehr damit auskennt wäre ich für eine Antwort sehr dankbar!! Viele Dank schonmal! Markus -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: routing problem
Cosmin [EMAIL PROTECTED] writes: 1. (*) text/plain ( ) text/html (Please don't post to the list in HTML; plain text is fine.) (Summary: external router machine has external address 82.77.83.33/27, with routable internal network 81.196.166.97/29 and internal NAT network 192.168.0.0/24.) I have configured the file /etc/init.d/firewall like this: iptables -t nat -I POSTROUTING -s 81.196.166.96/29 -o eth0 -j MASQUERADE iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE Both of the networks here use as a gatway the IP 81.196.166.97 given to eth1. There's two problems here: (1) You're telling the firewall to NAT both networks, where presumably you want the 81.196.166.97/29 network to be directly routed. You don't need special firewall rules for this, though you do need to have IP forwarding enabled. (2) You've told the machines on the 192.168.1.0/24 network that their gateway machine is on a different network, so they don't know how to reach it. You probably need to give the gateway machine an address on the NAT network (like 192.168.1.1) and tell the NAT machines to use that as their gateway. Do you have a solution to this problem?? ( I mention that all my computers are using WIN98 ) ...so install Debian on them. :-) -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ Theoretical politics is interesting. Politicking should be illegal. -- Abra Mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
Cosmin wrote: [...] I have received only five ip-s to use on my LAN: 81.196.166.98 - 102 on netmask 255.255.255.248 but I have 15 computers. The rest of them use IP-s like 192.168.1.1 to 15 I have configured the file /etc/init.d/firewall like this: iptables -t nat -I POSTROUTING -s 81.196.166.96/29 -o eth0 -j MASQUERADE iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE So why don't you just configure *all* the machines on your local network to use IP addresses on the range 192.168.1.0/24? You're masquerading all the outbound traffic anyway. -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.eng.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
Hy I`m using the latest version of Debian Linux installed on a computer which has as a main role router for internet. I have a special configuration that was given to me by my ISP: The eth0 has the following specifications (and it is used as a interface to my ISP) IP: 82.77.83.35 Netmask: 255.255.255.224 Gateway:82.77.83.33 The eth1 (used for my Local Area Network) has the following: IP: 81.196.166.97 Netmask: 255.255.255.248 I have received only five ip-s to use on my LAN: 81.196.166.98 - 102 on netmask 255.255.255.248 but I have 15 computers. The rest of them use IP-s like 192.168.1.1 to 15 I have configured the file /etc/init.d/firewall like this: iptables -t nat -I POSTROUTING -s 81.196.166.96/29 -o eth0 -j MASQUERADE iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE Both of the networks here use as a gatway the IP 81.196.166.97 given to eth1. The problem is that the only IP-s thatare goingon the internet are 81.196.166.98 - 102, the ohers with 192.168.1.1 - 15 are not!! Do you have a solution to this problem?? ( I mention that all my computers are using WIN98 )
Re: routing problem
Do the computers with network 192.168.1.0/24 has gateway 81.196.166.97 So if it has your problem is here. You need use the gateway in the same network of yours computers. Ex: IP 192.168.1.10 GW 192.168.1.1 I recomend to you add a new network card in your server with this IP (192.168.1.1). Hugs Gilberto Em Fri, 9 Jan 2004 11:45:53 +0200 Cosmin [EMAIL PROTECTED] escreveu: Hy I`m using the latest version of Debian Linux installed on a computer which has as a main role router for internet. I have a special configuration that was given to me by my ISP: The eth0 has the following specifications (and it is used as a interface to my ISP) IP: 82.77.83.35 Netmask: 255.255.255.224 Gateway:82.77.83.33 The eth1 (used for my Local Area Network) has the following: IP: 81.196.166.97 Netmask: 255.255.255.248 I have received only five ip-s to use on my LAN: 81.196.166.98 - 102 on netmask 255.255.255.248 but I have 15 computers. The rest of them use IP-s like 192.168.1.1 to 15 I have configured the file /etc/init.d/firewall like this: iptables -t nat -I POSTROUTING -s 81.196.166.96/29 -o eth0 -j MASQUERADE iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE Both of the networks here use as a gatway the IP 81.196.166.97 given to eth1. The problem is that the only IP-s that are going on the internet are 81.196.166.98 - 102, the ohers with 192.168.1.1 - 15 are not!! Do you have a solution to this problem?? ( I mention that all my computers are using WIN98 ) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing-problem forts
Anders Wallenquist wrote: Har problem med en brandväggskonfiguration (Woody + Shorewall). Problemet är att routingen inte sätter ingång. Netstat -r ser korrekt ut, har gjort echo 1 /proc/sys/net/ipv4/ip_forward. Vad har jag glömt? /Anders W Skiss över konfigurationen: Internet | Telias router | net | * /\ locdmz loc = dmz OK dmz = net fungerar ej * = net OK Telias router är konfigurerad som default gateway i * 16 RIPE-adresserna är delade i två nät med nätmasken 255.255.255.248 loke:/home/aw# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface dmz * 255.255.255.248 U 0 00 eth1 net *255.255.255.248 U 0 00 eth0 loc* 255.255.255.0 U 0 00 eth2 default h1.kreawit.se 0.0.0.0 UG0 00 eth0 Misstänker att nätmasken i teliaroutern är 255.255.255.240 istället för 255.255.255.248, dvs pekar ut hela nätet med de 16 RIPE-adresserna. Är det tillräckligt för att ställa till ovastående problem? Är det någon annan inställning som måste göras i Telias router, t ex peka på min fw/gw (* i skissen ovan)? Var i kontakt med deras prolain-grupp, men de hävdade att deras grejer var korrekt inställda och var mest upprörd över att jag hade valt Debian/netfilter för brandväggen/dmz istället för Cisco/vlan. Tror inte att teknikern iddes logga in på routern för att kontrollera inställningen. Det skulle vara skönt att veta att jag inte gjort fel innan jag gnäller för mycket på Telia. Har en handfull liknande maskiner i drift men med shorewall från Debian stable (1.2?). Denna gång hämtade jag shorewalls eget debianpaket med shorewall 1.4 och var tungen att även uppdatera iptables med en från testing för att hålla Shorewall nöjd. Kan problemen finns här? Någon på listan har jag för mig rekommenderade att hänga med till 1.4 och det känns ofta tryggare att ha det senast när det gäller denna typ av grejer. /Anders W
Anfänger Routing Problem
Hallo Linux Welt! Ich habe auf 120MHz/48MB Woody installiert und möchte diesen PC als Router für mein LAN einsetzten. Meine Harware Konfiguration sieht wie folgt aus: Internet - Kabel-Modem - Linux-Router - HUB - Windows-/Mac-Rechner Debian eth0: wird via DHCP konfiguriert - Verbindung ins Netz problemlos möglich. eth1: ifconfig eth1 192.168.0.1 netmask 255.255.255.0 route add -net 192.168.0.0 netmask 255.255.255.0 eth1 Weiter im Kernel (v2.4.18) habe ich unter Network Options TCP/IP networking bzw. IP multicasting aktiviert. anschliessend make dep ausgeführt. Windows TCP/IP: 192.168.0.2, 192.168.0.3, ..., Gateway 192.168.0.1, DNS x.x.x.x - Verbindungen innerhalb LAN besteht, Ping funktioniert. Leider kann ich mit diesen Einstellungen von meinen Windows Rechnern noch nicht ins Netz pingen bzw. surfen. Die fehlende Praxis im Umgang mit Linux hindert mich nun, dieses doch eher unkomplizierte Problem zu lösen. Google und Routing HOWTOs konnten mir dabei noch nicht weiterhelfen. Im Kernel unter IP multicast routing stehen u.a. zwei Protokolle zu Verfügung. Was bringt mir PIM-SM version 1 und PIM-SM version 2? Was muss ferner in der Routing Table stehen ? Über jeden nützlichen Tipp wäre ich sehr dankbar. Gruss! dominique -- Häufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Anfänger Routing Problem
Hallo Ich habe auf 120MHz/48MB Woody installiert und möchte diesen PC als Router für mein LAN einsetzten. Ich führe dazu auf dem Rechner der als Router dienen soll folgendes Script aus. #!/bin/sh modprobe iptable_nat iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 /proc/sys/net/ipv4/ip_forward Mfg Mark -- Häufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Anfänger Routing Problem
Schau dir mal http://www.netfilter.org/documentation/HOWTO/de/NAT-HOWTO-4.html#ss4.1 an. Dir fehlt wahrscheinlich nur # Das NAT-Modul laden (dies zieht all die andern mit). modprobe iptable_nat iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # IP-Forwarding aktivieren echo 1 /proc/sys/net/ipv4/ip_forward mfg Johannes On Tue, 2003-01-21 at 20:10, Dominique Zurkinden wrote: Hallo Linux Welt! Ich habe auf 120MHz/48MB Woody installiert und möchte diesen PC als Router für mein LAN einsetzten. Meine Harware Konfiguration sieht wie folgt aus: Internet - Kabel-Modem - Linux-Router - HUB - Windows-/Mac-Rechner Debian eth0: wird via DHCP konfiguriert - Verbindung ins Netz problemlos möglich. eth1: ifconfig eth1 192.168.0.1 netmask 255.255.255.0 route add -net 192.168.0.0 netmask 255.255.255.0 eth1 Weiter im Kernel (v2.4.18) habe ich unter Network Options TCP/IP networking bzw. IP multicasting aktiviert. anschliessend make dep ausgeführt. Windows TCP/IP: 192.168.0.2, 192.168.0.3, ..., Gateway 192.168.0.1, DNS x.x.x.x - Verbindungen innerhalb LAN besteht, Ping funktioniert. Leider kann ich mit diesen Einstellungen von meinen Windows Rechnern noch nicht ins Netz pingen bzw. surfen. Die fehlende Praxis im Umgang mit Linux hindert mich nun, dieses doch eher unkomplizierte Problem zu lösen. Google und Routing HOWTOs konnten mir dabei noch nicht weiterhelfen. Im Kernel unter IP multicast routing stehen u.a. zwei Protokolle zu Verfügung. Was bringt mir PIM-SM version 1 und PIM-SM version 2? Was muss ferner in der Routing Table stehen ? Ãber jeden nützlichen Tipp wäre ich sehr dankbar. Gruss! dominique -- Häufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Anfnger Routing Problem
On Tue, 21 Jan 2003 the mental interface of Dominique Zurkinden told: Hallo Linux Welt! [...] Leider kann ich mit diesen Einstellungen von meinen Windows Rechnern noch nicht ins Netz pingen bzw. surfen. Sieht nach einem DNS Problem aus? Um 'raus zu kommen, brauchst Du einen Nameserver (von Deinem Provider bzw. bei einem konfigurierten LAN einen der erst die internen IP's checkt und dann erst ein forwarding nach draussen macht) Die fehlende Praxis im Umgang mit Linux hindert mich nun, dieses doch eher unkomplizierte Problem zu lösen. Google und Routing HOWTOs konnten mir dabei noch nicht weiterhelfen. [...] Über jeden nützlichen Tipp wäre ich sehr dankbar. Gruss! dominique Ciao Elimar -- .~. /V\ L I N U X /( )\ Phear the Penguin ^^-^^ msg33244/pgp0.pgp Description: PGP signature
Routing Problem
Hi, hope, my question is not offtopic. Here is my situation: On Server (with debian 3.0 ofcourse, kernel 2.4.20 ) has got two network-adapter. The ip's on this adapters are in seperated subnets. NIC A ist the def.gw. The machine is running two webservers (apache). A forwarding between the NIC should not be done. Now the problem: If i connect the webserver bound to NIC B, the packets recieves the apache but no packets returns to my client. I think, this is a routing-probelm. All packets will be send back using NIC A. The client's ip-stack will not recognize the packet with the ?wrong? ip-address. Is there any possibility to do an source-destination routing without an default gateway? thnx Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing Problem
On 11 Dec 2002, 11:57:01, [EMAIL PROTECTED] wrote: On Server (with debian 3.0 ofcourse, kernel 2.4.20 ) has got two network-adapter. The ip's on this adapters are in seperated subnets. NIC A ist the def.gw. The machine is running two webservers (apache). A forwarding between the NIC should not be done. Now the problem: If i connect the webserver bound to NIC B, the packets recieves the apache but no packets returns to my client. I think, this is a routing-probelm. All packets will be send back using NIC A. The client's ip-stack will not recognize the packet with the ?wrong? ip-address. I assume that your client and NIC B are on different subnets? The reason this happens is that the web-server looks at your client's IP address, and compares it to it's two IP addresses for subnet-mask bits and determines that your client IP is NOT on the same network as either NIC, so it sends it to the default gateway. The ugly but simple way to fix this is with a Static Route route add net client.ip.address.here mask whatever.is.appropriate.here gateway ip.address.NICB.shoulduse This will work fine for a small number of networks, but becomes a headache if you can's specify the network NICB should route to efficiently. madmac Is there any possibility to do an source-destination routing without an default gateway? thnx Marc -- Doug MacFarlane [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Routing Problem
Doug MacFarlane schreibt: On 11 Dec 2002, 11:57:01, [EMAIL PROTECTED] wrote: On Server (with debian 3.0 ofcourse, kernel 2.4.20 ) has got two network-adapter. The ip's on this adapters are in seperated subnets. NIC A ist the def.gw. The machine is running two webservers (apache). A forwarding between the NIC should not be done. Now the problem: If i connect the webserver bound to NIC B, the packets recieves the apache but no packets returns to my client. I think, this is a routing-probelm. All packets will be send back using NIC A. The client's ip-stack will not recognize the packet with the ?wrong? ip-address. I assume that your client and NIC B are on different subnets? The reason this happens is that the web-server looks at your client's IP address, and compares it to it's two IP addresses for subnet-mask bits and determines that your client IP is NOT on the same network as either NIC, so it sends it to the default gateway. Right, The client uses different ip addresses. The ugly but simple way to fix this is with a Static Route route add net client.ip.address.here mask whatever.is.appropriate.here gateway ip.address.NICB.shoulduse This will work fine for a small number of networks, but becomes a headache if you can's specify the network NICB should route to efficiently. Yes, if there are only a few clients with known ip's AND they are only using server-A or server-B (not both), this will work. In my senario, there are ca. 25.000 different (dial-in)ip's and they uses both webservers. I want to do this because of security-reason. I dont want to use two (physikaly) servers but devide the two servers by using two nic's, two subnets and two apaches. Greetz Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi ich hab ein kleines routing problem: ein rechner: pe soll als internet router dienen. ip: 192.168.11.4 er muss isdn (ppp0 glaub ich) routen. er muss die route nach 192.168.11.7 (firewall). denn hinter der firewall befindet sich das haup netz (192.168.10.0) jetzt meine frage: welche routes muss ich auf dem pe einrichten? ich hab mal alle gelöscht, damit ich keine konfliket bekomme! Micha Mutschler I-NET --- pe firewall ---haup_netz -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE98fgLNsc/VkJDvL0RAn2DAJ9hUFN8rvpcFjjBEbNIbUezwNv1KgCePfPM 7zA8wcdda5ZoHFEJvqmqWeo= =1uby -END PGP SIGNATURE- -- Häufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: routing problem
On Sat, 7 Dec 2002 14:30:48 +0100 Micha Mutschler [EMAIL PROTECTED] wrote: welche routes muss ich auf dem pe einrichten? ich hab mal alle gelöscht, damit ich keine konfliket bekomme! ... I-NET --- pe firewall ---haup_netz Device zum Inet: ppp0 (oder ippp0) Device zur firewall: eth0 route add -net 192.168.11.0 netmask 255.255.255.0 dev eth0 route add default dev ppp0 Das sollte es gewesen sein und danach sollte deine Routingtabelle ungefaehr so aussehen: Ziel RouterGenmask Flags Metric RefUse Iface 192.168.11.0 0.0.0.0 255.255.255.0 UH0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 UH0 00 ppp0 Zusaetzlich muss ipforwarding aktiviert sein und du musst NAT konfiguriert habe, damit der Router die externe Adresse in eine interne umsetzen kann. Gruss Jens -- Häufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: routing problem
On 04 Oct 2002, 19:35:14, Kourosh wrote: On Fri, Oct 04, 2002 at 08:24:51PM -0600, dave mallery wrote: Have you enabled IP forwarding on buster? Do you have firewalling enabled on buster? The answer is that you need to configure Buster to function as a router. Just configuring Buster to be a part of both networks does NOT mean that Buster will automagically send packets originating on one network to the other network. There are several ways to accomplish this. You can enable IP Forwarding, as suggested, or you can run routed, an IP routing daemon. Since you only need to forward/route the one segment, IP Forwarding will be much more straight-forward, although every host on your 10.42.42 subnet will need a static route to buster for the 10.42.43 subnet, otherwise, they will send everything to the firewall, and the firewall will put it back on the 10.42.42 subnet addressed to buster (provided you have that rule configured on the firewall). madmac (i realize that i will have to add a route to the firewall to the cluster but that can wait till c0n1 can ping bilbo!) The cluster doesn't need a route to the firewall, it only needs a default route to buster and buster can forward connections to the firewall. is this a routing problem, or am i looking endlessly in the wrong place? i am at a dead stop. i would so appreciate some pointers. thanks in advance. dave Hope this helps. Kourosh -- Doug MacFarlane [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
On Sat, Oct 05, 2002 at 04:30:58PM +, Doug MacFarlane wrote: On 04 Oct 2002, 19:35:14, Kourosh wrote: On Fri, Oct 04, 2002 at 08:24:51PM -0600, dave mallery wrote: Have you enabled IP forwarding on buster? Do you have firewalling enabled on buster? The answer is that you need to configure Buster to function as a router. Just configuring Buster to be a part of both networks does NOT mean that Buster will automagically send packets originating on one network to the other network. There are several ways to accomplish this. You can enable IP Forwarding, as suggested, or you can run routed, an IP routing daemon. Since you only need to forward/route the one segment, IP Forwarding will be much more straight-forward, although every host on your 10.42.42 subnet will need a static route to buster for the 10.42.43 subnet, otherwise, they will send everything to the firewall, and the firewall will put it back on the 10.42.42 subnet addressed to buster (provided you have that rule configured on the firewall). madmac thanks very much guys! the truth is that buster needs to route. i have routing configured in the kernel, but have not really looked at the problem directly. due to other complications (not enuf disk space) i will have to re-work buster, probably tomorrow, with a much larger disk. (the cluster has 16 nodes and that's a lot of nfs roots!) the story behind the cluster: we have some great surplus auctions here in NM. last month, i became the owner of two alta cluster boxen from los alamos. (2 0f 8.. the others scrapped) each has 8 dual pii 333s on a nice asus mobo with antek power. all assembled into these beautiful nearly cubic yard boxen. so rather than scrap them to ebay, i decided to see if i could make em run again. (all the hi-power interconnect had been removed) now i don't need to do nuclear calculations at home, but i have done a lot of seti (1) and at this level, i need a boost in production! so the individual nodes need to get out to send results and get work units. thanks again, what a great list! dave -- Dave Mallery, K5EN (debian testing woody) PO Box 520 .~._ Ramah, NM 87321 /V\ -o) no gates... /( )\ /\\ running Debian GNU/Linux no windows! ^ _\_vfree at last! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
routing problem
hi now i believe myself to be a fairly experienced deb user. this is humiliating: i have a home network (10.42.42.0) which has a floppyfw gateway to the world at 10.42.42.254. works. i have been building a cluster (actually, resuscitating one, but that's another story). the cluster network is 10.42.43.0. its gateway is called buster and has 2 nics, 10.42.42.112 (eth0) and 10.42.43.254 (eth1). the cluster nodes (only 3 running now) are c0n1 c0n2 and c0n3. they are served their roots by buster (etherboot). works. that was hard. this is easy? too bad i can't ping in or out. from inside out: c0n1:/home/dmallery route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.42.43.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.42.43.2540.0.0.0 UG0 0 0 eth0 cluster member c0n1 can ping buster, but no further. next here's buster: buster:/etc/init.d route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.42.43.0 0.0.0.0 255.255.255.0 U 0 00 eth1 10.42.42.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 00 eth0 buster can ping into the cluster and outwards into 10.42.42.0 land. buster is happy. buster can even ping debian.org! next (and last) here's bilbo, a sarge machine on the home front: bilbo:/ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.42.43.0 10.42.42.112255.255.255.0 UG0 0 0 eth0 10.42.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 0 0 eth0 bilbo can ping the world and buster but not into the cluster. (i realize that i will have to add a route to the firewall to the cluster but that can wait till c0n1 can ping bilbo!) is this a routing problem, or am i looking endlessly in the wrong place? i am at a dead stop. i would so appreciate some pointers. thanks in advance. dave -- Dave Mallery, K5EN (debian testing woody) PO Box 520 .~._ Ramah, NM 87321 /V\ -o) no gates... /( )\ /\\ running Debian GNU/Linux no windows! ^ _\_vfree at last! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
On Fri, Oct 04, 2002 at 08:24:51PM -0600, dave mallery wrote: hi now i believe myself to be a fairly experienced deb user. this is humiliating: Not really, these things happen to everyone =) 10.42.42.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 00 eth0 buster can ping into the cluster and outwards into 10.42.42.0 land. buster is happy. buster can even ping debian.org! Have you enabled IP forwarding on buster? Do you have firewalling enabled on buster? (i realize that i will have to add a route to the firewall to the cluster but that can wait till c0n1 can ping bilbo!) The cluster doesn't need a route to the firewall, it only needs a default route to buster and buster can forward connections to the firewall. is this a routing problem, or am i looking endlessly in the wrong place? i am at a dead stop. i would so appreciate some pointers. thanks in advance. dave Hope this helps. Kourosh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
hiya dave quick glance... and some guesswork - a machine should always be able to ping itself ( 10.32.32.x or 10.42.43.x ( evben with the nic cable disconnected ) - c0n1 does not have a 10.42.42.0 routes and it has 10.42.43.* gateway ( wrong ?? ) - i think either eth1(43.*) or eth0(42.*) must go to the outside world lets say *.42.8 is internal - if c0n1 and c0n3 has only one nic.. you have extra routes listed - i say change all of the cluster to be 10.42.42.* - buster, if its the one to go tothe outside world needs to have one wire to the outside world gateway is the ip# of your router or isp 10.42.43.1 lets say and you should be all set c ya alvin On Fri, 4 Oct 2002, dave mallery wrote: hi now i believe myself to be a fairly experienced deb user. this is humiliating: i have a home network (10.42.42.0) which has a floppyfw gateway to the world at 10.42.42.254. works. i have been building a cluster (actually, resuscitating one, but that's another story). the cluster network is 10.42.43.0. its gateway is called buster and has 2 nics, 10.42.42.112 (eth0) and 10.42.43.254 (eth1). the cluster nodes (only 3 running now) are c0n1 c0n2 and c0n3. they are served their roots by buster (etherboot). works. that was hard. this is easy? too bad i can't ping in or out. from inside out: c0n1:/home/dmallery route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.42.43.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.42.43.2540.0.0.0 UG0 0 0 eth0 cluster member c0n1 can ping buster, but no further. next here's buster: buster:/etc/init.d route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.42.43.0 0.0.0.0 255.255.255.0 U 0 00 eth1 10.42.42.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 00 eth0 buster should be at 10.42.42.254 ( its ip# ) for talking to c0n1 and bilbo buster should have another ip# say 10.42.43.254 as its other ip# fix the gateway above to 10.42.43.1 of the real router from isp - buster can ping into the cluster and outwards into 10.42.42.0 land. buster is happy. buster can even ping debian.org! next (and last) here's bilbo, a sarge machine on the home front: bilbo:/ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.42.43.0 10.42.42.112255.255.255.0 UG0 0 0 eth0 10.42.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 0 0 eth0 remove 10.42.43 routes bilbo can ping the world and buster but not into the cluster. (i realize that i will have to add a route to the firewall to the cluster but that can wait till c0n1 can ping bilbo!) is this a routing problem, or am i looking endlessly in the wrong place? i am at a dead stop. i would so appreciate some pointers. thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
On Fri, Oct 04, 2002 at 07:40:37PM -0700, Alvin Oga wrote: hiya dave quick glance... and some guesswork - a machine should always be able to ping itself ( 10.32.32.x or 10.42.43.x ( evben with the nic cable disconnected ) - c0n1 does not have a 10.42.42.0 routes and it has 10.42.43.* gateway ( wrong ?? ) The cluster cimputers don't necessaruly need to know any other routes. That's the function of the default route. - i think either eth1(43.*) or eth0(42.*) must go to the outside world lets say *.42.8 is internal Doesn't necessarily have to. The cluster computer uses buster as it's gateway and that's all it needs to know. Buster sends any packets to nets it doesn't know about to _it's_ default gateway, i.e. the firewall. - if c0n1 and c0n3 has only one nic.. you have extra routes listed - i say change all of the cluster to be 10.42.42.* Having the cluster be on it's own network with access only through the gateway computer had benefits. The cluster is more secure and they don't have to waste any processor time ignoring packets that aren't relevent to them. Also, if you make any changes to your own network, you don't need to reconfigure the cluster. Again, this isn't much of an issue until the cluster starts to get bigger. - buster, if its the one to go tothe outside world needs to have one wire to the outside world gateway is the ip# of your router or isp 10.42.43.1 lets say Buster is a private network and it's gateway is the firewall. and you should be all set c ya alvin Regards. Kourosh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
hi ya yuppers.. agree on all point you make.. problem is the gw is slight misconfigured .. based on the routes listed... a cluster on its own private lan needs its own ip#.. ( say 10.42.42.* ) and one of them (buster) goes to the fw on say 10.42.43.* in its current config... that is not the case.. and as someone else pointed out, make sure buster has forwarding turned on and that the fw is passing its data to buster too c ya alvin On Fri, 4 Oct 2002, Kourosh Ghassemieh wrote: On Fri, Oct 04, 2002 at 07:40:37PM -0700, Alvin Oga wrote: hiya dave quick glance... and some guesswork - a machine should always be able to ping itself ( 10.32.32.x or 10.42.43.x ( evben with the nic cable disconnected ) - c0n1 does not have a 10.42.42.0 routes and it has 10.42.43.* gateway ( wrong ?? ) The cluster cimputers don't necessaruly need to know any other routes. That's the function of the default route. - i think either eth1(43.*) or eth0(42.*) must go to the outside world lets say *.42.8 is internal Doesn't necessarily have to. The cluster computer uses buster as it's gateway and that's all it needs to know. Buster sends any packets to nets it doesn't know about to _it's_ default gateway, i.e. the firewall. - if c0n1 and c0n3 has only one nic.. you have extra routes listed - i say change all of the cluster to be 10.42.42.* Having the cluster be on it's own network with access only through the gateway computer had benefits. The cluster is more secure and they don't have to waste any processor time ignoring packets that aren't relevent to them. Also, if you make any changes to your own network, you don't need to reconfigure the cluster. Again, this isn't much of an issue until the cluster starts to get bigger. - buster, if its the one to go tothe outside world needs to have one wire to the outside world gateway is the ip# of your router or isp 10.42.43.1 lets say Buster is a private network and it's gateway is the firewall. and you should be all set c ya alvin Regards. Kourosh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
dave mallery wrote: snipo / next (and last) here's bilbo, a sarge machine on the home front: bilbo:/ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.42.43.0 10.42.42.112255.255.255.0 UG0 0 0 eth0 10.42.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.42.42.2540.0.0.0 UG0 0 0 eth0 bilbo can ping the world and buster but not into the cluster. Why the 10.42.43.0 route on bilbo and on same eth0? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2002.06.12.0412 +0200]: Looking at that routing table, it looks like you have the same (well, overlapping) subnet on 2 interfaces. Linux doesn't like having multiple interfaces on the same subnet, unless you do channel bonding. My guess is that that is causing the weirdness in your routing. i currently think it's the boxes on the subnet not knowing about the gateway and trying direct routing into the network and failing because of unanswered ARP requests. The routing table itself it okay. things like this do work with linux. 192.168.1.64/26 - eth1 192.168.1.0/24 - eth0 has the result to route .64-.127 via eth1 and the rest via eth0. essentially, the default route is not different. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] linux or windows :: gpl or gpf pgpIZXg5OefMx.pgp Description: PGP signature
routing problem
hi wizards! any clue on this one: gw2:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface xx.xxx.239.144 0.0.0.0 255.255.255.240 U 0 00 eth0 xx.xxx.239.00.0.0.0 255.255.255.0 U 0 00 eth1 0.0.0.0 xx.xxx.239.253 0.0.0.0 UG0 00 eth1 (don't ask about that routing table, it's not mine...) gw2:~# tcpdump -ni any icmp tcpdump: listening on any 22:18:58.278359 xx.xxx.239.239 xx.xxx.239.146: icmp: echo request (DF) 22:18:58.278720 xx.xxx.239.239 xx.xxx.239.146: icmp: echo request (DF) 22:18:58.279334 xx.xxx.239.146 xx.xxx.239.239: icmp: echo reply 22:18:59.278331 xx.xxx.239.239 xx.xxx.239.146: icmp: echo request (DF) 22:18:59.278720 xx.xxx.239.239 xx.xxx.239.146: icmp: echo request (DF) 22:18:59.279331 xx.xxx.239.146 xx.xxx.239.239: icmp: echo reply this shows an echo-request coming in through eth1 and then leaving through eth0, before the reply is received by eth0. the return packets are not routed, it never leaves eth1. i've checked ip_forward (it's obviously on), tried setting rp_filter to 0, but no success... what else would you check? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] you work very hard. don't try to think as well. pgptCc6x7pnJ5.pgp Description: PGP signature
Re: routing problem
On Tue, Jun 11, 2002 at 11:11:57PM +0200, martin f krafft wrote: | hi wizards! | | any clue on this one: | | gw2:~# route -n | Kernel IP routing table | Destination Gateway Genmask Flags Metric Ref Use Iface | xx.xxx.239.144 0.0.0.0 255.255.255.240 U 0 00 eth0 | xx.xxx.239.00.0.0.0 255.255.255.0 U 0 00 eth1 | 0.0.0.0 xx.xxx.239.253 0.0.0.0 UG0 00 eth1 | | (don't ask about that routing table, it's not mine...) | | gw2:~# tcpdump -ni any icmp | this shows an echo-request coming in through eth1 and then leaving | through eth0, before the reply is received by eth0. the return packets | are not routed, it never leaves eth1. i've checked ip_forward (it's | obviously on), tried setting rp_filter to 0, but no success... | | what else would you check? Looking at that routing table, it looks like you have the same (well, overlapping) subnet on 2 interfaces. Linux doesn't like having multiple interfaces on the same subnet, unless you do channel bonding. My guess is that that is causing the weirdness in your routing. -D -- Consider what God has done: Who can straighten what He has made crooked? Ecclesiastes 7:13 Jabber ID : [EMAIL PROTECTED] GnuPG key : http://dman.ddts.net/~dman/public_key.gpg pgpltkVOavQS7.pgp Description: PGP signature
Re: Routing Problem bei ISDN-DialIn
Moin Moin Hmm.. bei meiner Antwort scheint was schiefgelaufen zu sein.. also nochmal: Beschreib' doch mal eure KOnfiguration ein wenig. hmm.. welche config meinst du? ich habe den verdacht, das es an der ipppd.ippp0, device.ippp0 und evtl. an der /etc/ip-up/00-xxx liegen könnte. auch beim routing kanns ja probs geben.. ich häng die mal dran Ist das ip-forwarding aktiviert? tipp: `echo 1 /proc/sys/net/ipv4/ip_forward` jo.. das ist gesetzt. Schönen Tag noch, Andreas -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Routing Problem bei ISDN-DialIn
Moin Moin Da gibt es doch ein klitzekleines Problem: Wir haben hier einen DialIn Router, debian 2.2, stehen. Man kann sich auch brav einwählen und den DialIn vom einwählenden Client anpingen. Aber weiter ins Netzwerk geht es nicht. Der DialIn selber kann ins Netzwerk pingen.. der Client nicht. Da wir auf debian umsteigen wollen, haben wir die Configuration so beinahe 1:1 von unserem alten DialIn übernommen.. auch das Routing etc. .. hmm.. im Moment sind wir etwas ratlos.. vieleicht hat ja einer von euch ne Idee oder weiss, das da irgendwo ein Bug steckt? :-) Schönen Tag noch, Andreas -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Routing Problem bei ISDN-DialIn
Süß, Andreas schrieb am Montag, 13. Mai 2002 um 09:02:25 +0200: Da wir auf debian umsteigen wollen, haben wir die Configuration so beinahe 1:1 von unserem alten DialIn übernommen.. auch das Routing etc. .. hmm.. im Moment sind wir etwas ratlos.. Beschreib' doch mal eure KOnfiguration ein wenig. vieleicht hat ja einer von euch ne Idee oder weiss, das da irgendwo ein Bug steckt? :-) Meine Kristallkugel fragt: Ist das ip-forwarding aktiviert? tipp: `echo 1 /proc/sys/net/ipv4/ip_forward` -- Heute ist nicht alle Tage, ich komm' wieder, keine Frage!!! Joerg Just weigh your own hurt against the hurt of all the others, and then do what's best. -- Lovers and Other Strangers -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
weird routing problem
hi debian folk, i am in desperate need of your wisdom, patience, and help! i have a network setup as follows: 212.54.xxx.12 router 192.168.14.1 | | | 192.168.14.31 fw 192.168.31.1 | | | host 192.168.31.2 the only thing doing PAT (masquerading) is the router, the firewall does *not* NAT! my probem is as follows: when i sit at the 192.168.31.2 machine, and i ping 192.168.14.1, then the echo request properly traverses the firewall (its default route), and the firewall hands it off its 192.168.14.31 IP to the router at 192.168.14.1. in order for replies to come back, i have added a static route to the router with the following command: # route add -net 192.168.31.0 netmask 255.255.255.0 \ gw 192.168.14.31 metric 1 which makes the routing table look like this: # route -n 212.54.xxx.10.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.14.00.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.31.0192.168.14.31 255.255.255.0 UG 1 0 0 eth1 0.0.0.0 212.54.xxx.10.0.0.0 UG 0 0 0 eth0 however, the echo replies never get there. and best of all, here's tcpdump's output on the router: # tcpdump -ni any tcpdump: listening on any 22:54:17.981373 192.168.31.2 192.168.14.1: icmp: echo request (DF) 22:54:17.982174 192.168.14.1 192.168.14.1: icmp: echo reply 22:54:18.981352 192.168.31.2 192.168.14.1: icmp: echo request (DF) 22:54:18.982102 192.168.14.1 192.168.14.1: icmp: echo reply *but*: sitting at the router and pinging 192.168.31.2: % ping -nc1 192.168.31.2 PING 192.168.31.2 (192.168.31.2): 56 data bytes 64 bytes from 192.168.31.2: icmp_seq=0 ttl=128 time=3.6 ms would you agree with me that there's something wrong? but in any case, would you like to tell me _what_ is wrong? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] two manic depressives named mastick had marital problems, quite drastic. her mood swings were mild, but his were quite wild. the two were not homoscedastic. pgpbhwGX1Nefi.pgp Description: PGP signature
Re: weird routing problem
also sprach martin f krafft [EMAIL PROTECTED] [2002.05.06.2302 +0200]: 212.54.xxx.12 router 192.168.14.1 | | | 192.168.14.31 fw 192.168.31.1 | | | host 192.168.31.2 oh, and before i forget, 192.168.31.2 can ping any of the one-legged hosts in 192.168.14.0/24. 192.168.31.2 can *not* ping any other fw like 192.168.14.31 in 192.168.14.0/24, even though the fw allows icmp ping requests. (the fw's are fw-1's on windoze, so debugging's like impossible) 192.168.14.17 and any other host on 192.168.14.0/24 can not ping 192.168.14.1 with the static routes in place. if i remove the static routes on the router, then everything's fine. this looks to me like a massive linux routing problem, or i really screwed up (which is hard to imagine for i've done this things many times before). the router is debian woody, custom 2.4.18 kernel with HTB+IMQ (QoS) patches. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] women love us for our defects. if we have enough of them, they will forgive us everything, even our gigantic intellects. -- oscar wilde pgpdAh8U53uNw.pgp Description: PGP signature
[SOLVED] Re: weird routing problem
the problem is solved, but i don't understand why. the reason for the weird pings from 192.168.31.2 to 192.168.14.1, which resulted in: echo request: 192.168.31.2 - 192.168.14.1 echo reply: 192.168.14.1 - 192.168.14.1 but which weren't a problem the other way: echo request: 192.168.14.1 - 192.168.31.2 echo reply: 192.168.31.2 - 192.168.14.1 are the following netfilter/iptables mangle rules: iptables -t mangle -N mark-embryo iptables -t mangle -A mark-embryo -j MARK --set-mark 192168141 iptables -t mangle -A INPUT -j mark-embryo which i use for QoS to mark all packets entering the router with the decimal mark 192168141. this caused the echo replies to be rewritten/affected somehow, which is something that i can't explain, and which definitely looks like a bug to me. the MARK netfilter target doesn't (shouldn't) have any effect on the actual IP information!!! any thoughts? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] this site has moved. we'd tell you where, but then we'd have to delete you. pgpxLH3yfEyMp.pgp Description: PGP signature
routing problem
Hello; I try to delete a routing entry but get the fallowing : tiger:/etc/samba# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface localnet* 255.255.255.0 U 0 00 eth1 localnet* 255.255.255.0 U 0 00 shaper0 195.174.32.0* 255.255.252.0 U 0 00 eth0 default 195.174.32.10.0.0.0 UG0 00 eth0 tiger:/etc/samba# route del 192.168.1.0 dev eth1 SIOCDELRT: No such process What is the correct way to delete a route ? -- Baris Metin pgpUtjp1d9IKQ.pgp Description: PGP signature
Re: routing problem
Baris Metin [EMAIL PROTECTED] writes: Hello; I try to delete a routing entry but get the fallowing : tiger:/etc/samba# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Ifa= ce localnet* 255.255.255.0 U 0 00 eth1 localnet* 255.255.255.0 U 0 00 sha= per0 195.174.32.0* 255.255.252.0 U 0 00 eth0 default 195.174.32.10.0.0.0 UG0 00 eth0 tiger:/etc/samba# route del 192.168.1.0 dev eth1 SIOCDELRT: No such process What is the correct way to delete a route ? 192.168.1.0 isn't in your routing table. Try deleting things that are in the Destination column, such as default or net 195.174.32.0. Elizabeth -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing problem
Have the route you're trying to delete in the routing table? -- Sincerely, David Smead http://www.amplepower.com. On Wed, 1 May 2002, Baris Metin wrote: Hello; I try to delete a routing entry but get the fallowing : tiger:/etc/samba# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface localnet* 255.255.255.0 U 0 00 eth1 localnet* 255.255.255.0 U 0 00 shaper0 195.174.32.0* 255.255.252.0 U 0 00 eth0 default 195.174.32.10.0.0.0 UG0 00 eth0 tiger:/etc/samba# route del 192.168.1.0 dev eth1 SIOCDELRT: No such process What is the correct way to delete a route ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Nach gateway routing problem
Guten Morgen, ich gehe über T-DSL ins Netz. Das klappte auch prinzipiell bisher, als meine Workstation direkt am Modem hing. Jetzt habe ich einen Router (192.168.1.20) dazwischengesetzt, der auch wunderbar tut. Mein Problem besteht nun darin meiner Workstation (192.168.1.10) beizubringen, den Router als Gateway einzusetzen. Laut der manpage von interfaces muss ich ja lediglich ein gateway eintragen, was ich auch getan haben: alex@annuminas:~ $ cat /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.20 Das funktioniert aber nicht. Nach dem booten sagt route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.20.0.0.0 255.255.255.255 UH0 00 ippp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 ippp0 Nachdem ich dann manuell ein route add default gw 192.168.1.20 ausgeführt habe klappt alles: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.20.0.0.0 255.255.255.255 UH0 00 ippp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 192.168.1.200.0.0.0 UG0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 ippp0 Wieso funktioniert das nicht? Bzw. in welcher manpage sollte ich noch nachlesen ;) -- cu Alex -- PGP public key on demand, mailto:[EMAIL PROTECTED] (automated reply) -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Nach gateway routing problem
Mein Problem besteht nun darin meiner Workstation (192.168.1.10) beizubringen, den Router als Gateway einzusetzen. Laut der manpage von interfaces muss ich ja lediglich ein gateway eintragen, was ich auch getan haben:[...] Nachdem ich dann manuell ein route add default gw 192.168.1.20 ausgeführt habe klappt alles:[...] Pingen kannst den Router aber, ja? Wieso funktioniert das nicht? Bzw. in welcher manpage sollte ich noch nachlesen ;) Hast Du dem Kernel des Routers gesagt, daß er Anfragen aus dem LAN routen soll? cat 1 /proc/sys/net/ipv4/ip_forward könnte schonmal helfen. Evtl. wäre es sinnvoll, einen neuen Kernel zu kompilieren (iptables, NAT etc.). J0chen. -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Nach gateway routing problem
- Original Message - From: Alexander Schmehl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 21, 2002 5:02 AM Subject: Nach gateway routing problem Guten Morgen, [...] alex@annuminas:~ $ cat /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.20 [...] Schönen guten Abend ;) Ich hatte selbst mal das Problem. Keine Ahnung wieso der gateway Eintrag nicht so wie anscheinend von Dir und mir gedacht umgesetzt wird. Allerdings kannst Du die Beispiele in $ zless /usr/share/doc/ifupdown/examples/network-interfaces.gz (Ich hoffe die Datei gibt es bei Dir auch) zu Hilfe nehmen. Da speziell up route add default gw ... cu -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Nach gateway routing problem
Hallo Markus, * Markus Kolb [EMAIL PROTECTED] [21-02-02 17:20]: Hast Du dem Kernel des Routers gesagt, daß er Anfragen aus dem LAN routen soll? cat 1 /proc/sys/net/ipv4/ip_forward könnte schonmal helfen. Evtl. wäre es sinnvoll, einen neuen Kernel zu kompilieren (iptables, NAT etc.). rofl. Kannst Du lesen? Er hat geschrieben, wenn er den default gw manuell setzt klappt alles. Er weiss nur nicht, wo und wie er den Eintrag für den default gw machen muss, so dass der beim boot automatisch eingetragen wird. Folgendes sollte ihm aber helfen... $ zless /usr/share/doc/ifupdown/examples/network-interfaces.gz rofl, kannst du lesen? Er schreibt, daß selbst nach manuellem Setzen das ganze nicht funktioniert. Gruss Udo -- ComputerService Müller | You want my PGP-Key? | Key: 0xAD0EEC22 Kaspersweg 11a | mail -s get pgp-key | Tel: 0441-36167578 26131 Oldenburg| AD0EEC22 is not guilty | Mobil: 0162-4365411 Registrierter Linux-User #225706 auf Debian GNU/Linux 2.4.17 msg02292/pgp0.pgp Description: PGP signature
Re: Nach gateway routing problem
On Thu, Feb 21, 2002 at 05:02:31AM +0100, Alexander Schmehl wrote: Guten Morgen, ich gehe über T-DSL ins Netz. Das klappte auch prinzipiell bisher, als meine Workstation direkt am Modem hing. Jetzt habe ich einen Router (192.168.1.20) dazwischengesetzt, der auch wunderbar tut. [...] alex@annuminas:~ $ cat /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.20 Das funktioniert aber nicht. Nach dem booten sagt route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.20.0.0.0 255.255.255.255 UH0 00 ippp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 ippp0 [...] Wozu startest du auf der Workstation isdn? Du musst den Isdnutils beibringen die bestehende Defaultroute nicht zu überschreiben. gruss fisch -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: Nach gateway routing problem
Hallo, Mit dem Eintrag im /etc/network/interfaces hast Du 192.168.1.20 als router NUR fur Netz 192.168.1.0 gesetzt. Erts mit route add default gw 192.168.1.20 sagts Du dem kernel das 192.168.1.20 dafault ist, also ALLES (ausser 10-ner Netz in deisem Fall) dorthin geroutet werden muss. Ist ippp0 interface da nicht ueberfluessig? Mit freundlichen Gruessen, Mihail Alexander Schmehl wrote: Guten Morgen, ich gehe über T-DSL ins Netz. Das klappte auch prinzipiell bisher, als meine Workstation direkt am Modem hing. Jetzt habe ich einen Router (192.168.1.20) dazwischengesetzt, der auch wunderbar tut. Mein Problem besteht nun darin meiner Workstation (192.168.1.10) beizubringen, den Router als Gateway einzusetzen. Laut der manpage von interfaces muss ich ja lediglich ein gateway eintragen, was ich auch getan haben: alex@annuminas:~ $ cat /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.20 Das funktioniert aber nicht. Nach dem booten sagt route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.20.0.0.0 255.255.255.255 UH0 00 ippp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 ippp0 Nachdem ich dann manuell ein route add default gw 192.168.1.20 ausgeführt habe klappt alles: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.20.0.0.0 255.255.255.255 UH0 00 ippp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 192.168.1.200.0.0.0 UG0 00 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 ippp0 Wieso funktioniert das nicht? Bzw. in welcher manpage sollte ich noch nachlesen ;) -- cu Alex -- PGP public key on demand, mailto:[EMAIL PROTECTED] (automated reply) -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl) -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)