At work we have a debian sarge as Proxy running Squid with three nics (eth0 -10.0.0.3, eth1 - 10.4.102.2 and eth2 - 10.14.8.2). The idea is that traffic to 10.2.0.0 and 10.10.0.0 pass trough 10.4.102.2, and internet traffic trough 10.0.0.3. Problem is that entire LAN cannot reach a remote host (10.2.0.4) needed for accounting applications. Below is routing table Code: Destination Gateway Genmask Flags Metric Ref Use Iface 10.4.102.0 10.4.102.1 255.255.255.0 UG 0 0 0 eth1 10.4.102.0 * 255.255.255.0 U 0 0 0 eth1 localnet * 255.255.248.0 U 0 0 0 eth2 10.2.0.0 10.4.102.1 255.255.0.0 UG 0 0 0 eth1 10.10.0.0 10.4.102.1 255.255.0.0 UG 0 0 0 eth1 10.0.0.0 * 255.0.0.0 U 0 0 0 eth0 default 10.0.0.2 0.0.0.0 UG 0 0 0 eth0 Code: 10.14.8.0 10.14.8.2 10.2.0.4 LAN SQUID Remote Host There are no iptables rules neither Code: firewall:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination If I ping 10.2.0.4 get a response but from LAN, no way. Any hint will be appreciated.
Goverment agencies are interconnected trough fiber optics ring here, that's why everyone has a proxy/firewall between ring and internal network. That's the reason I mentioned 10.2.0.4 as a remote host, because reach there trough the fiber optics ring. For a better explanation...