Linux Routing
This is a discussion on Linux Routing within the Linux Networking forums, part of the Linux Forums category; Tim Owen wrote: > Please can you help. I am in trouble with a Linux box. If you have any ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-09-2005
|
|||
|
|||
Re: Linux Routing
Tim Owen wrote:
> Please can you help. I am in trouble with a Linux box. If you have any time > to look over this and give me an opinion it would be appreciated. > > I have installed a copy of Mandrake 10.? onto an old dell pc with three > network cards in it (192.168.32.35, 192.168.0.35 & 10.101.101.35). I need to > get the Linux box to route traffic between all three networks seamlessly. > The network structure is shown on the work doc bellow. Which I can't make much sense of. I am getting that you have 3 networks: 192.168.0/24 192.168.32/24 10/8 Maybe the last one has a longer netmask? Doesn't matter... Setting interfaces allows router to ping all networks... echo "1" > /proc/sys/net/ipv4/ip_forward Tells the box to allow forwarding. route add default gw xx.xx.xx.xx Allows all nets to get out assuming they are using this box as a gateway. If any of the computers use default gateways other than this router you need to route add -net xxx.xxx.xxx.0 netmask 255.x.x.x gw router_ip Pings will go bad if either box cannot route to the other. > Problem 1 > --------------- > The router can ping a pc placed onto each network. The pc cannot ping the > router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but .0.153 > cannot ping .0.35. > > Likewise router (10.101.101.35) can ping pc(10.101.101.153) but .101.153 > cannot ping .101.35 > > Also router (192.168.32.35) can ping pc (192.168.32.7 and pull pages from > the web) but .32.7 cannot ping .32.35 > > For some reason the router box is working but will not reply to pings. Maybe it doesn't respond to pings. Is a firewall running? Unfortunately I only know of the one way to turn off pings (firewall) so can't be of more help there. Can the router ping itself? > > Problem 2 > --------------- > From a pc on the any of the networks I cannot ping any of the other > networks. Is this because the router isn't accepting pings. How do I check > that forwarding is turned on? cat /proc/sys/net/ipv4/ip_forward 1 => forwarding on 0 => forwarding off 
|
|
01-09-2005
|
|||
|
|||
|
Linux Routing
Please can you help. I am in trouble with a Linux box. If you have any time
to look over this and give me an opinion it would be appreciated. I have installed a copy of Mandrake 10.? onto an old dell pc with three network cards in it (192.168.32.35, 192.168.0.35 & 10.101.101.35). I need to get the Linux box to route traffic between all three networks seamlessly. The network structure is shown on the work doc bellow. Network Structure (Lighting Control Net)------------------------------ (Electrics Router) --------------------------------------(Dimmers Net) IP: 192.168.0.? <<IP: 192.168.0.35 IP: 10.101.101.153 Gateway: 192.168.0.35 IP:10.101.101.35>> Gateway: 10.101.101.35 IP: 192.168.32.35 | (Building Network) IP: 192.168.32.? Gateway: 192.168.32.69 DNS: 192.168.32.60 Linux Route Table Destination Gateway Genmask Flags Mertic Ref Use Iface 10.101.101.0 10.101.101.35 255.255.255.0 UG 0 0 0 Eth2 10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 Eth2 192.168.32.0 192.168.32.35 255.255.255.0 UG 0 0 0 Eth0 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 Eth0 192.168.0.0 192.168.0.35 255.255.255.0 UG 0 0 0 Eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 Eth1 0.0.0.0 192.168.32.69 0.0.0.0 UG 0 0 0 Eth0 Problem 1 --------------- The router can ping a pc placed onto each network. The pc cannot ping the router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but .0.153 cannot ping .0.35. Likewise router (10.101.101.35) can ping pc(10.101.101.153) but .101.153 cannot ping .101.35 Also router (192.168.32.35) can ping pc (192.168.32.7 and pull pages from the web) but .32.7 cannot ping .32.35 For some reason the router box is working but will not reply to pings. Problem 2 --------------- From a pc on the any of the networks I cannot ping any of the other networks. Is this because the router isn't accepting pings. How do I check that forwarding is turned on? If anyone is able to help it would be great. Cheers Tim
|
|
01-10-2005
|
|||
|
|||
|
Re: Linux Routing
In article <41e1874b$0$16575$cc9e4d1f@news-text.dial.pipex.com>, Tim Owen
wrote: >The network structure is shown on the work doc bellow. Your picture is unreadable. Remember that most news readers are going to wrap at 80 characters or so. >Linux Route Table [Cleaned up and put back into the original format] >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use Iface >10.101.101.0 10.101.101.35 255.255.255.0 UG 0 0 0 eth2 >10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 >192.168.32.0 192.168.32.35 255.255.255.0 UG 0 0 0 eth0 >192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >192.168.0.0 192.168.0.35 255.255.255.0 UG 0 0 0 eth1 >192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 1. The three routes with gateways (flag UG) are unwanted. Find out where these are being set (somewhere in /etc/sysconfig/network-scripts most likely) and get rid of them. 2. There should also be a loopback interface. This means your routing table should look like this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo I think your routing setup is a result of a misunderstanding. In *nix, you need a gateway to talk to hosts that are not on the same network. Conversely, if they _are_ on the same network, you don't need a gateway. Microsoft uses the term 'gateway' to identify the interface, as Linux uses 'ethX' or 'lo'. >Problem 1 >--------------- >The router can ping a pc placed onto each network. The pc cannot ping the >router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but .0.153 >cannot ping .0.35. You have set a firewall that blocks responses. Fix that. >Problem 2 >--------------- >From a pc on the any of the networks I cannot ping any of the other >networks. Is this because the router isn't accepting pings. This _could_ be because of that firewall, and it's also probable that you are not forwarding. >How do I check that forwarding is turned on? cat /proc/sys/net/ipv4/ip_forward There should be a 'one' in there. This is set up by a variable in /etc/sysconfig/network (FORWARD_IPV4= set to 'true' or 'yes') Old guy
|
|
01-11-2005
|
|||
|
|||
|
Re: Linux Routing
Thank you both for your help with these problems. I think I have it all
working now, or at least I can ping hosts across the router. Hopefully I will have more time later this week to test it more thoroughly. "Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message news:slrncu5s7q.boq.ibuprofin@compton.phx.az.us... > In article <41e1874b$0$16575$cc9e4d1f@news-text.dial.pipex.com>, Tim Owen > wrote: > >>The network structure is shown on the work doc bellow. > > Your picture is unreadable. Remember that most news readers are > going to wrap at 80 characters or so. > >>Linux Route Table > > [Cleaned up and put back into the original format] > >>Kernel IP routing table >>Destination Gateway Genmask Flags Metric Ref Use Iface >>10.101.101.0 10.101.101.35 255.255.255.0 UG 0 0 0 eth2 >>10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 >>192.168.32.0 192.168.32.35 255.255.255.0 UG 0 0 0 eth0 >>192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >>192.168.0.0 192.168.0.35 255.255.255.0 UG 0 0 0 eth1 >>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > 1. The three routes with gateways (flag UG) are unwanted. Find out where > these are being set (somewhere in /etc/sysconfig/network-scripts most > likely) > and get rid of them. > 2. There should also be a loopback interface. > > This means your routing table should look like this: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > I think your routing setup is a result of a misunderstanding. In *nix, you > need a gateway to talk to hosts that are not on the same network. > Conversely, > if they _are_ on the same network, you don't need a gateway. Microsoft > uses > the term 'gateway' to identify the interface, as Linux uses 'ethX' or > 'lo'. > >>Problem 1 >>--------------- >>The router can ping a pc placed onto each network. The pc cannot ping the >>router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but >>.0.153 >>cannot ping .0.35. > > You have set a firewall that blocks responses. Fix that. > >>Problem 2 >>--------------- >>From a pc on the any of the networks I cannot ping any of the other >>networks. Is this because the router isn't accepting pings. > > This _could_ be because of that firewall, and it's also probable that you > are not forwarding. > >>How do I check that forwarding is turned on? > > cat /proc/sys/net/ipv4/ip_forward > > There should be a 'one' in there. This is set up by a variable in > /etc/sysconfig/network (FORWARD_IPV4= set to 'true' or 'yes') > > Old guy >
|
|
01-12-2005
|
|||
|
|||
|
Re: Linux Routing
hi i use following in my iptables to route traffic
add route -net 10.1.1.0/24 dev eth1 (belongs to the another network subnet ) add route -net 10.1.3.0/24 dev eth2 (belongs to the another network subnet ) imran "Tim Owen" <timowen001@yahoo.co.uk> wrote in message news:41e1874b$0$16575$cc9e4d1f@news-text.dial.pipex.com... > Please can you help. I am in trouble with a Linux box. If you have any time > to look over this and give me an opinion it would be appreciated. > > I have installed a copy of Mandrake 10.? onto an old dell pc with three > network cards in it (192.168.32.35, 192.168.0.35 & 10.101.101.35). I need to > get the Linux box to route traffic between all three networks seamlessly. > The network structure is shown on the work doc bellow. > > Network Structure > (Lighting Control Net)------------------------------ > (Electrics Router) > --------------------------------------(Dimmers Net) > > IP: 192.168.0.? > <<IP: 192.168.0.35 > IP: 10.101.101.153 > > Gateway: 192.168.0.35 > IP:10.101.101.35>> > Gateway: 10.101.101.35 > > > IP: 192.168.32.35 > > > > | > > > > (Building Network) > > > > IP: 192.168.32.? > > > > Gateway: 192.168.32.69 > > > > DNS: 192.168.32.60 > > > > > Linux Route Table > Destination > Gateway > Genmask > Flags > Mertic > Ref > Use > Iface > > 10.101.101.0 > 10.101.101.35 > 255.255.255.0 > UG > 0 > 0 > 0 > Eth2 > > 10.101.101.0 > 0.0.0.0 > 255.255.255.0 > U > 0 > 0 > 0 > Eth2 > > 192.168.32.0 > 192.168.32.35 > 255.255.255.0 > UG > 0 > 0 > 0 > Eth0 > > 192.168.32.0 > 0.0.0.0 > 255.255.255.0 > U > 0 > 0 > 0 > Eth0 > > 192.168.0.0 > 192.168.0.35 > 255.255.255.0 > UG > 0 > 0 > 0 > Eth1 > > 192.168.0.0 > 0.0.0.0 > 255.255.255.0 > U > 0 > 0 > 0 > Eth1 > > 0.0.0.0 > 192.168.32.69 > 0.0.0.0 > UG > 0 > 0 > 0 > Eth0 > > > > Problem 1 > --------------- > The router can ping a pc placed onto each network. The pc cannot ping the > router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but ..0.153 > cannot ping .0.35. > > Likewise router (10.101.101.35) can ping pc(10.101.101.153) but .101.153 > cannot ping .101.35 > > Also router (192.168.32.35) can ping pc (192.168.32.7 and pull pages from > the web) but .32.7 cannot ping .32.35 > > For some reason the router box is working but will not reply to pings. > > Problem 2 > --------------- > From a pc on the any of the networks I cannot ping any of the other > networks. Is this because the router isn't accepting pings. How do I check > that forwarding is turned on? > > If anyone is able to help it would be great. > > Cheers > > Tim > >
|
|
01-15-2005
|
|||
|
|||
|
Re: Linux Routing
Hello all you really helpful folks,
Here is an update for you, if you are interested. --------------------------------------------- + I have now a routing table that looks like this: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 Default 192.168.32.69 255.0.0.0 U 0 0 0 eth0 + I have run the command "cat /proc/sys/net/ipv4/ip_forward" and got the response "1", so i am asuming that ip forwarding is on. + I can now ping a device on each network (ie 192.168.0.71) from the router (192.168.0.35) + I can now ping the router from a device on network. + I have changed the secuity permisions of the box to allow it to respond to echos (it was off by default?). + I have told the devices on on the networks that their default gateway is the IP addess of the network card in the router connected to their network (ie Device 192.168.32.29 has a Dgw of 192.168.32.35, also device 192.168.0.71 knows that its gateway is 192.168.0.35). As yet I haven't done anything to the 10.101.101.? network, I want to get the others going first. + I have run the command "iptables -L" and there are no rules or chains or whatever they are called? + I have ensured that the firewall is off. Now here is what doesn't work: -------------------------------- - From a device 192.168.32.29 I cannot ping 192.168.0.71 (or anything on the 0.? network) and likewise, from 192.168.0.29 I cannot ping 192.168.32.7 (or anything on the 32.? network) - Therefore I cannot open a web page on .0.71 from .32.29. (I know the .0.71 device is already wokring correctly). - From a pc on the .32.? network I can happily browse the internet. A pc on the .0.? network will not. Questions: ---------- 1. I thought Linux was going to be easy, although I suppose I don't have a clue what I am doing. However I am learning a lot? 2. Do these problems have anything to do with Iptables? If so, how does the Iptables command work 3. Does anyone have any ideas? If anyone can offer more help I would be very grateful. Cheers Tim "Tim Owen" <timowen001@yahoo.co.uk> wrote in message news:41e45218$0$16588$cc9e4d1f@news-text.dial.pipex.com... > Thank you both for your help with these problems. I think I have it all > working now, or at least I can ping hosts across the router. Hopefully I > will have more time later this week to test it more thoroughly. > > "Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message > news:slrncu5s7q.boq.ibuprofin@compton.phx.az.us... >> In article <41e1874b$0$16575$cc9e4d1f@news-text.dial.pipex.com>, Tim Owen >> wrote: >> >>>The network structure is shown on the work doc bellow. >> >> Your picture is unreadable. Remember that most news readers are >> going to wrap at 80 characters or so. >> >>>Linux Route Table >> >> [Cleaned up and put back into the original format] >> >>>Kernel IP routing table >>>Destination Gateway Genmask Flags Metric Ref Use >>>Iface >>>10.101.101.0 10.101.101.35 255.255.255.0 UG 0 0 0 eth2 >>>10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 >>>192.168.32.0 192.168.32.35 255.255.255.0 UG 0 0 0 eth0 >>>192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >>>192.168.0.0 192.168.0.35 255.255.255.0 UG 0 0 0 eth1 >>>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 >> >> 1. The three routes with gateways (flag UG) are unwanted. Find out where >> these are being set (somewhere in /etc/sysconfig/network-scripts most >> likely) >> and get rid of them. >> 2. There should also be a loopback interface. >> >> This means your routing table should look like this: >> >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 >> 10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 >> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo >> >> I think your routing setup is a result of a misunderstanding. In *nix, >> you >> need a gateway to talk to hosts that are not on the same network. >> Conversely, >> if they _are_ on the same network, you don't need a gateway. Microsoft >> uses >> the term 'gateway' to identify the interface, as Linux uses 'ethX' or >> 'lo'. >> >>>Problem 1 >>>--------------- >>>The router can ping a pc placed onto each network. The pc cannot ping the >>>router. I.e a pc (192.168.0.153) can be pinged from 192.168.0.35, but >>>.0.153 >>>cannot ping .0.35. >> >> You have set a firewall that blocks responses. Fix that. >> >>>Problem 2 >>>--------------- >>>From a pc on the any of the networks I cannot ping any of the other >>>networks. Is this because the router isn't accepting pings. >> >> This _could_ be because of that firewall, and it's also probable that you >> are not forwarding. >> >>>How do I check that forwarding is turned on? >> >> cat /proc/sys/net/ipv4/ip_forward >> >> There should be a 'one' in there. This is set up by a variable in >> /etc/sysconfig/network (FORWARD_IPV4= set to 'true' or 'yes') >> >> Old guy >> > >
|
|
01-16-2005
|
|||
|
|||
|
Re: Linux Routing
In article <41e8ec89$0$19165$cc9e4d1f@news-text.dial.pipex.com>,
Tim Owen wrote: >+ I have now a routing table that looks like this: >Destination Gateway Genmask Flags Metric Ref Use Iface >192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 >10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 >Default 192.168.32.69 255.0.0.0 U 0 0 0 eth0 The first three look fine - that last is bogus (a default should have a mask of 0.0.0.0 and the flag should be 'UG') but this isn't your problem. >+ I have run the command "cat /proc/sys/net/ipv4/ip_forward" and got the >response "1", so i am asuming that ip forwarding is on. >+ I can now ping a device on each network (ie 192.168.0.71) from the router >(192.168.0.35) >+ I can now ping the router from a device on network. OK >+ I have changed the secuity permisions of the box to allow it to respond to >echos (it was off by default?). Normally, that's done with firewall rules. I suspect you are trying to use a distribution specific tool. >+ I have told the devices on on the networks that their default gateway is >the IP addess of the network card in the router connected to their network >(ie Device 192.168.32.29 has a Dgw of 192.168.32.35, also device >192.168.0.71 knows that its gateway is 192.168.0.35). As yet I haven't done >anything to the 10.101.101.? network, I want to get the others going first. OK - normally, the 'default gateway' is the route to the world, but on networks without such a connection, using a default is often acceptable. I tend to prefer to use network routes in this case, but that is a personal preference. Briefly, the kernel looks at the routing table, and uses the most definitive route - a host route (UH) is best, a network route is next and is chosen based on the size of the network mask - and if none of these will do the job, use the default as a last resort. On your 192.168.32.0 net, the routing table on a host probably should look like this: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 192.168.32.35 255.255.255.0 UG 0 0 0 eth0 10.101.101.0 192.168.32.35 255.255.255.0 UG 0 0 0 eth0 0.0.0.0 192.168.32.69 0.0.0.0 UG 0 0 0 eth0 while on the 192.168.0.0 net, it would look like this: 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.35 0.0.0.0 UG 0 0 0 eth0 based on the idea that 192.168.32.69 is the gateway to the Internet, and .35 is your router. The hosts on the '.32.' net need to know about both gateways because they lead to different places. The hosts on the '.0.' net only have one router attached, so everything not going to the local net would get sent to the router and let it deal with it. In all of these tables, I'm ignoring the loopback. The 10.101.101.0 net should probably look similar to the '.0.' net, again because there is only one way off the 10.101.101.0 network, and that's through the router. >+ I have run the command "iptables -L" and there are no rules or chains or >whatever they are called? OK >+ I have ensured that the firewall is off. How? >- From a device 192.168.32.29 I cannot ping 192.168.0.71 (or anything on the >0.? network) and likewise, from 192.168.0.29 I cannot ping 192.168.32.7 (or >anything on the 32.? network) OK - what is the exact error message? If you run tcpdump on the router, do you see packets coming in? Do they go out on the correct hose? Does the pinged host respond? Does the router forward these replies out the right hose? >- Therefore I cannot open a web page on .0.71 from .32.29. (I know the .0.71 >device is already wokring correctly). >- From a pc on the .32.? network I can happily browse the internet. A pc on >the .0.? network will not. This sounds like a routing problem. For a host on the '.32.' net to use the Internet, it's got to have a default route to that system that forwards it's packets to the world. I'm under the impression that this is not the router. Thus, your hosts on the .32. net may be sending packets to that Internet gateway in the hope that they will reach your '0.71' host. That's won't work - it's got to be sent to the router instead. >1. I thought Linux was going to be easy, although I suppose I don't have a >clue what I am doing. However I am learning a lot? Easy compared to what? It took me about 300 hours of training to get my instrument rating on my pilot's license. It took less than an hour to learn how to ride a bicycle. ;-) On the other hand, I spent very little time learning Linux, because I've spent literally years learning several commercial Unix variants. So, where are you coming from? You may want to grab a copy of the "Linux Network Administrator's Guide" from the LDP (there could be a copy already on your system - look for the 'network-guide' which is the first edition, or the 'nag2' which is the second edition) at http://tldp.org/guides.html. >2. Do these problems have anything to do with Iptables? If so, how does the >Iptables command work http://www.netfilter.org/ Actually, there are several HOWTOs that talk about this too. Some of this is distribution dependent, and you'd have to at least scan through the boot scripts to see how the firewall is normally run. Many start (and configure) the firewall out of a script that is run as soon as networking is brought up. In my case, networking is started by /etc/rc.d/rc3.d/S10network, and the firewall is started by /etc/rc.d/rc3.d/S11firewall, You wrote you are using Mandrake 10.?, and that distribution does things differently. Old guy
|
Linear Mode
