Sarge routing problems

Discussion in 'Installation/Configuration' started by daniel_rodriguez, Jan 13, 2006.

  1. At work we have a debian sarge as Proxy running Squid with three nics (eth0 -10.0.0.3, eth1 - 10.4.102.2 and eth2 - 10.14.8.2). The idea is that traffic to 10.2.0.0 and 10.10.0.0 pass trough 10.4.102.2, and internet traffic trough 10.0.0.3.

    Problem is that entire LAN cannot reach a remote host (10.2.0.4) needed for accounting applications.

    Below is routing table
    Code:
    Destination	Gateway		Genmask			Flags	Metric	Ref	Use	Iface
    10.4.102.0	10.4.102.1	255.255.255.0		UG	0	0	0	eth1
    10.4.102.0	*		255.255.255.0		U	0	0	0	eth1
    localnet	*		255.255.248.0		U	0	0	0	eth2
    10.2.0.0	10.4.102.1	255.255.0.0		UG	0	0	0	eth1
    10.10.0.0	10.4.102.1	255.255.0.0		UG	0	0	0	eth1
    10.0.0.0	*		255.0.0.0		U	0	0	0	eth0
    default		10.0.0.2	0.0.0.0			UG	0	0	0	eth0
    
    Code:
    10.14.8.0		10.14.8.2		10.2.0.4
    LAN			SQUID		Remote Host
    
    There are no iptables rules neither
    Code:
    firewall:~# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    If I ping 10.2.0.4 get a response but from LAN, no way.


    Any hint will be appreciated.
     
    Last edited: Jan 13, 2006
  2. falko

    falko Super Moderator Howtoforge Staff

    But 10.2.0.4 is an IP address from your LAN, not from the internet...
     
  3. Goverment agencies are interconnected trough fiber optics ring here, that's why everyone has a proxy/firewall between ring and internal network.
    That's the reason I mentioned 10.2.0.4 as a remote host, because reach there trough the fiber optics ring.

    For a better explanation...
    [​IMG]
     
    Last edited: Jan 13, 2006
  4. falko

    falko Super Moderator Howtoforge Staff

    Can you make sure that 10.2.0.4's firewall isn't blocking requests?
     
  5. well, certainly yes
     

Share This Page