[Gllug] Please fix my network (reward offered)

Jan Minar jjminar at FastMail.FM
Thu Dec 16 21:22:48 UTC 2004 

We have 3 IPs:

| 1) From home I can see machines on the backup network
| 
| bucket:~# ping 10.1.1.1                                        [1]
| PING 10.1.1.1 (10.1.1.1): 56 data bytes
| 64 bytes from 10.1.1.1: icmp_seq=0 ttl=63 time=61.2 ms
| 64 bytes from 10.1.1.1: icmp_seq=1 ttl=63 time=43.5 ms
| 
| bucket:~# ping 10.1.1.110                                      [2]
| PING 10.1.1.110 (10.1.1.110): 56 data bytes
| 64 bytes from 10.1.1.110: icmp_seq=0 ttl=253 time=52.4 ms
| 64 bytes from 10.1.1.110: icmp_seq=1 ttl=253 time=42.4 ms

[...]

| 3) I cannot see flump's 10.0.1.110 interface
| from home (the problem)
| 
| bucket:~# ping 10.0.1.110                                      [3]
| PING 10.0.1.110 (10.0.1.110): 56 data bytes
| <NOTHING>

(ping -n could give You more useful results, as DNS lookups and timeouts
are not involved.)

2 of them are routed thru the VPN:

       | [E11] home firewall - 10.0.0.1 (ipcop 1.4)
       | root at e11:~ # route -n
       | Kernel IP routing table
       | Destination     Gateway         Genmask         Flags [...] Iface
       | 217.155.117.160 0.0.0.0         255.255.255.248 U     [...] eth1
       | 217.155.117.160 0.0.0.0         255.255.255.248 U     [...] ipsec0
       | 10.0.0.0        0.0.0.0         255.255.255.0   U     [...] eth0
[1][2] | 10.1.1.0        217.155.117.166 255.255.255.0   UG    [...] ipsec0
       | 0.0.0.0         217.155.117.166 0.0.0.0         UG    [...] eth1

The 3rd one should go thru the 10.0.0.0/24 route to eth0, but goes
whoknowswhy to the default gateway 217.155.117.166.  Maybe that's how it
should be.  Nevertheless, the problem is not why it chose the other
wrong route, our problem is how to tell it to chose the right one:

You need to add the route to 10.0.1.0/24 or probably switch the route to
10.0.0.0/8 to ipsec0 and add bucket as a host route.

ip route add 10.0.0.0/24 dev ipsec0

or, better:

ip route add 10.0.0.100/32 dev ipsec0
ip route del 10.0.0.0/8
ip route add 10.0.0.0/8 dev ipsec0

If this doesn't help, feel free to contact me thru the venues mentioned
in my sig.

Cheers,
-- 
 )^o-o^|    jabber: rdancer at NJS.NetLab.Cz
 | .v  K    e-mail: jjminar FastMail FM
 `  - .'     phone: +44(0)7981 738 696
  \ __/Jan     icq: 345 355 493
 __|o|__Minář  irc: rdancer at IRC.FreeNode.Net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041216/d213e18b/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list