simple routing problem

Hi all,

the following scenario:

lan1: 192.168.1.0/24
lan2: 10.200.30/24
eth0 = 192.168.1.1/24
eth1 = 10.200.3.254/24

a dualhomed linux-box (debian-woody stable, custom kernel 2.4.20 from
kernel.org) should route between the two networks. i activated
ip_forwarding with 'echo 1 > /proc/sys/net/ip_forwarding' and the
routing table looks like the following:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.200.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0


i can ping both interfaces from the according lan and interestingly
i'm able to ping 192.168.1.1 from a machine inside the 10.200.3.0-lan,
but that's it. i cannot ping other machines in the 192.168.1.0 net
from 10.200.3.x and vice versa it's the same.

i would be glad about any hints what could be going on, since as far
as i know there is nothing more to do except activating ip-forwarding
for a linux box to act as a simple router between two lans. gated or
routed is only neccessary for dynamic routing, correct me if i am
wrong!

greetings,
martin

Are your linux box running IPTABLES? If yes, disable it first, then tighten
it up step by step.

Ida Young
Support of ITShield firewall
http://www.itshield.com

"Martin Baumann" <mrbaumann@gmx.de> wrote in message
news:a6743618.0306240626.5f351ee8@posting.google.c om...
> Hi all,
>
> the following scenario:
>
> lan1: 192.168.1.0/24
> lan2: 10.200.30/24
> eth0 = 192.168.1.1/24
> eth1 = 10.200.3.254/24
>
> a dualhomed linux-box (debian-woody stable, custom kernel 2.4.20 from
> kernel.org) should route between the two networks. i activated
> ip_forwarding with 'echo 1 > /proc/sys/net/ip_forwarding' and the
> routing table looks like the following:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.200.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>
>
> i can ping both interfaces from the according lan and interestingly
> i'm able to ping 192.168.1.1 from a machine inside the 10.200.3.0-lan,
> but that's it. i cannot ping other machines in the 192.168.1.0 net
> from 10.200.3.x and vice versa it's the same.
>
> i would be glad about any hints what could be going on, since as far
> as i know there is nothing more to do except activating ip-forwarding
> for a linux box to act as a simple router between two lans. gated or
> routed is only neccessary for dynamic routing, correct me if i am
> wrong!
>
> greetings,
> martin

> i can ping both interfaces from the according lan and interestingly
> i'm able to ping 192.168.1.1 from a machine inside the 10.200.3.0-lan,
> but that's it. i cannot ping other machines in the 192.168.1.0 net
> from 10.200.3.x and vice versa it's the same.

Do the boxes on the 10.200.3 net have your 10.200.3.254 box set as their
gateway?

unruh@string.physics.ubc.ca (Bill Unruh) wrote in message news:<bda1ej$81t$1@nntp.itservices.ubc.ca>...
> mrbaumann@gmx.de (Martin Baumann) writes:
>
> ]Hi all,
>
> ]the following scenario:
>
> ]lan1: 192.168.1.0/24
> ]lan2: 10.200.30/24
> ^^ Is this what youactually have?

no sorry this is a typo, it has to be 10.200.3.0/24 ...

> ]eth0 = 192.168.1.1/24
> ]eth1 = 10.200.3.254/24
>
> ]a dualhomed linux-box (debian-woody stable, custom kernel 2.4.20 from
> ]kernel.org) should route between the two networks. i activated
> ]ip_forwarding with 'echo 1 > /proc/sys/net/ip_forwarding' and the
> ]routing table looks like the following:
>
> ]Kernel IP routing table
> ]Destination Gateway Genmask Flags Metric Ref Use Iface
> ]10.200.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> ]192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>
>
> What is the IP address of the dual homed box on each of the nets?
> What are the routing tables on eachof the machines on the subnets? Do
> they know that they ahve to send stuff to the woody machine for the
> other addresses?
>

the ip-addresses on the linux-box are 192.168.1.1 and 10.200.3.254

the clients in the 192.168.1.0 subnet use 192.168.1.1 as their gateway
and the clients in the 10.200.3.0 subnet use 10.200.3.254, each client
is able to ping it´s gateway, i can even ping the other lan-card, e.g.
from a box with the ip-adress 192.168.1.100 i can ping 10.200.3.254,
but no other ip in the 10.200.3.0 subnet. it´s the same when pinging
from e.g. 10.200.3.100 to 192.168.1.1, the client gets a reply, but
only when pinging the gateway´s ip in the other net.

what i did now is to activate ipmasquerading (with iptables) and with
the help of this the box is routing, but this is not what i want. i
want to act the machine as a router without the help of iptables.

> ]i can ping both interfaces from the according lan and interestingly
> ]i'm able to ping 192.168.1.1 from a machine inside the 10.200.3.0-lan,
> ]but that's it. i cannot ping other machines in the 192.168.1.0 net
> ]from 10.200.3.x and vice versa it's the same.
>
> ]i would be glad about any hints what could be going on, since as far
> ]as i know there is nothing more to do except activating ip-forwarding
> ]for a linux box to act as a simple router between two lans. gated or
> ]routed is only neccessary for dynamic routing, correct me if i am
> ]wrong!
>
> ]greetings,
> ]martin

still hoping there´s a solution,
martin

Martin Baumann <mrbaumann@gmx.de> wrote:
> Hi all,

> the following scenario:

> lan1: 192.168.1.0/24
> lan2: 10.200.30/24
> eth0 = 192.168.1.1/24
> eth1 = 10.200.3.254/24

> a dualhomed linux-box (debian-woody stable, custom kernel 2.4.20 from
> kernel.org) should route between the two networks. i activated
> ip_forwarding with 'echo 1 > /proc/sys/net/ip_forwarding' and the

That isn't the right thing to do to enable IP forewarding. Instead use

echo -n 1 > /proc/sys/net/ipv4/ip_forward

The ip_forward proc file must exist already, or you aren't using a
kernel with IP forwarding compiled in.

Of course, it could just be mistake in recalling what you did to enable
IP forwarding and, if so, then something else is wrong.

---
Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/