Hi I was wondering if foks would be willing to take a look a setup I am working on for a multi-segment (sub network) router that I am setting up. I've worked on this for a while now and am still stumped even after much internet research. Essentially I want to be able to have a few networks running through the router and be able to give internet access to most of them (except for a few that I want to set up as testing or experimental networks). My internet connection is up and firewall allows for internet access from everything getting a IP from the Firewall DHCP server. The computer I’m on now is plugged directly into the firewall and getting and IP from it but eventually I’d like to move this computer onto one of the networks serviced by the main router. I’ve included most of what I hope is relevant config info to allow for diagnostics. The main problem is that nothing plugged into networks serviced off the <main router> can get to the internet or even past the router to things like the firewall or external-router. The main router itself can get to the internet just not the other nics serving other networks off the router. I think that the problem is probably that the main router is not currently forwarding packets as I can ping the gateway NIC of the router from outside the router and I can ping the LAN side of the router and sub networks when logged into the main router itself. Also I’ve wondered if it’s a problem with my routing table on the main router as I am suspicious of not having a entry that explicitly names 192.168.2.2 but I am not sure here. Basically, while everything getting an IP address from the <Firewall> 192.168.2.0 is working to connect the internet, routing is not working on the Main Router. However, I can set up IP addresses that the router can talk to on its physical eth interfaces. For instance, things on eth1 192.168.10.0 can ping hosts on that address and also eth0 but nothing else. I’ve tried to layout the configuration info and some basic testing and diagnostic. I realize that is a bit lengthy but I figured if I’m going to ask for help I should try to get you the info that would be meaningful in diagnostics (a bit more then just help, its broken I hope). I have a sinking feeling that I'm missing the obvious but I haven't been able to get this to work. Thanks, JLK Basic Network Schematic <Internet> | | <Cable Modem> 69.204.138.0 | | <Edge Router> (an SMC gateway router) WAN IP: 69.204.138.7 LAN IP: 192.168.1.1 (running DHCP Server) | | <Firewall> guardian.minvera.local WAN IP: 192.168.1.177 LAN: 192.168.2.1 (DHCP Server) | | <main router> xroads.minveral.local 5 Nics installed Eth0: 192.168.2.2 Eth1:192.168.10.1 | | LAPTOP Testing Client 192.168.10.10 NOTE: The Laptop client can ping itself, eth0 and eth1 on the router but nothing else. Nothing else on 192.168.2.0 (such as another computer at 192.168.2.200), the <Firewall> at 192.168.2.1 or anything else towards the internet or on the internet itself. With the main router, I have debian sarge installed. The following Ethernet adapters physically installed: eth0 Eth1 Eth2 Eth3 Eth4 I have been able to attach a laptop and bring up each adapter and get a small network running on each network. Eventually I want to have Eth0 192.168.2.2 as Default Gateway to the internet Eth1 192.168.10.0 Eth2 192.168.20.0 Eth3 192.168.30.0 Eth4 192.168.40.0 On the <Main Router> xroads I have the following for the ifconfig: eth0 Link encap:Ethernet HWaddr 00:A0:C9:B7:10:55 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2574 errors:0 dropped:0 overruns:0 frame:0 TX packets:2310 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:324812 (317.1 KiB) TX bytes:262564 (256.4 KiB) Interrupt:9 Base address:0xdc00 Memory:ed9ff000-ed9ff038 eth1 Link encap:Ethernet HWaddr 00:A0:C97:45:8A inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1115 errors:61 dropped:0 overruns:0 frame:61 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124769 (121.8 KiB) TX bytes:5748 (5.6 KiB) Interrupt:11 Base address:0xda00 Memory:ed9fe000-ed9fe038 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:26 errors:0 dropped:0 overruns:0 frame:0 TX packets:26 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2072 (2.0 KiB) TX bytes:2072 (2.0 KiB) My routing Table looks like: xroads:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet * 255.255.255.0 U 0 0 0 eth0 192.168.10.0 * 255.255.255.0 U 0 0 0 eth1 default guardian.minver 0.0.0.0 UG 0 0 0 eth0 Same with no name resolution: xroads:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0 When logged into xroads, the main router I can ping a laptop setup with the ip address 192.168.10.10: xroads:~# ping -c2 192.168.10.1 PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data. 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.082 ms 64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.043 ms --- 192.168.10.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.043/0.062/0.082/0.021 ms xroads:~# ping -c2 192.168.10.10 PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 64 bytes from 192.168.10.10: icmp_seq=1 ttl=128 time=0.443 ms 64 bytes from 192.168.10.10: icmp_seq=2 ttl=128 time=0.405 ms --- 192.168.10.10 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.405/0.424/0.443/0.019 ms xroads:~# ping -c2 google.com PING google.com (72.14.207.99) 56(84) bytes of data. 64 bytes from 72.14.207.99: icmp_seq=1 ttl=235 time=43.5 ms 64 bytes from 72.14.207.99: icmp_seq=2 ttl=235 time=41.1 ms --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1010ms rtt min/avg/max/mdev = 41.171/42.362/43.553/1.191 ms Here however is the key. When I am using the laptop plugged into eth1 on the router, I can ping the following IP addresses: 192.168.10.1 (of course since the laptop IP address is 192.168.10.10) I can also ping 192.168.2.2 from the laptop, the IP of eth0. I can not however ping 192.168.2.1 from the laptop the IP address of the <firewall> (but I can ping it from other computers plugged directly into the firewall and also on the internet including the main router) And I can’t ping anything on the internet from the router. So it would seem that anything plugged into the firewall (192.168.2.0) network is working as it should. And things plugged into the router are working but the <main router> isn’t forwarding packets from its internal cards (eth 1 etc) on to the internet. Oh yes, I also ran: xroads:~# cat /proc/sys/net/ipv4/ip_forward When I run: xroads:~# cat /proc/sys/net/ipv4/ip_forward 1 So I believe that forwarding should be running. I haven’t messed with Ipchains or IPtables but that’s because mostly I’m used to setting that up for NAT but what I’m doing really isn’t nat even though private IP address space is being used. If you would be willing and able to provide any insight that would be very helpful. Thanks, JL Kane
I think the problem is that you use two routers (with NAT). NATting works only with one router, not with more...
Routing Issue Thanks for the reply, however, I think this is a basic routing problem. Essentially the issue is that I can't ping 192.168.2.200 when logged into 192.168.10.10 Both these systems are on networks connected to the router at 192.168.2.2 and 192.168.10.1 respectively. The router can ping everything and when I am logged into 192.168.2.200 I can ping 192.168.10.10. The problem is though, when I am logged into 192.168.10.10 I can't ping 192.168.2.200. JLK
What's the output of Code: ifconfig , Code: route -nee , and Code: iptables -L on xroads.minveral.local?
