[Gllug] Please fix my network (reward offered)

Jan Minar jjminar at FastMail.FM
Thu Dec 16 21:37:15 UTC 2004 

On Thu, Dec 16, 2004 at 09:22:48PM +0000, Jan Minar wrote:
>        | [E11] home firewall - 10.0.0.1 (ipcop 1.4)
>        | root at e11:~ # route -n
>        | Kernel IP routing table
>        | Destination     Gateway         Genmask         Flags [...] Iface
>        | 217.155.117.160 0.0.0.0         255.255.255.248 U     [...] eth1
>        | 217.155.117.160 0.0.0.0         255.255.255.248 U     [...] ipsec0
>        | 10.0.0.0        0.0.0.0         255.255.255.0   U     [...] eth0
> [1][2] | 10.1.1.0        217.155.117.166 255.255.255.0   UG    [...] ipsec0
>        | 0.0.0.0         217.155.117.166 0.0.0.0         UG    [...] eth1
> 
> The 3rd one should go thru the 10.0.0.0/24 route to eth0, but goes
> whoknowswhy to the default gateway 217.155.117.166.  Maybe that's how it
> should be.  Nevertheless, the problem is not why it chose the other
> wrong route, our problem is how to tell it to chose the right one:
> 
> You need to add the route to 10.0.1.0/24 or probably switch the route to
> 10.0.0.0/8 to ipsec0 and add bucket as a host route.
> 
> ip route add 10.0.0.0/24 dev ipsec0
> 
> or, better:
> 
> ip route add 10.0.0.100/32 dev ipsec0

  ip route add 10.0.0.100/32 dev eth0
                                 ^^^^ of course; sorry.
> ip route del 10.0.0.0/8
> ip route add 10.0.0.0/8 dev ipsec0

  ip route add 10.0.0.0/8 via 217.155.117.166 dev ipsec0
                          ^^^^^^^^^^^^^^^^^^^ of course...


Now as I look at it it seems strange.  You have 2 routes thru the same
IP but different devices, which doesn't make much sense:

| 10.1.1.0        217.155.117.166 255.255.255.0   UG    [...] ipsec0
| 0.0.0.0         217.155.117.166 0.0.0.0         UG    [...] eth1
                  ^^^^^^^^^^^^^^^                             ^^^^^^

Can You ping addresses outside the 10.0.0.0/8 range?

HTH.
-- 
 )^o-o^|    jabber: rdancer at NJS.NetLab.Cz
 | .v  K    e-mail: jjminar FastMail FM
 `  - .'     phone: +44(0)7981 738 696
  \ __/Jan     icq: 345 355 493
 __|o|__Minář  irc: rdancer at IRC.FreeNode.Net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041216/10df5ae2/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list