[Preston] Routing problem

Ernie Hayes preston at mailman.lug.org.uk
Mon Jun 2 09:54:00 2003 

James Green wrote:

>Hiya.
>
>This is probably going to turn out to be a really dumb question, and
>I'll have missed something obvious, but.. well, here goes. Hopefully
>someone here will be able to help :-)
>
>I have two hosts, a and b, connecting to a VPN which includes host c.
>The VPN is built up of lots of point-to-point links, one of which exists
>between b and c, and another between a and b. So far, so hoopy. B can
>connect to other hosts on the VPN just fine.
>
>A, however, can only ping or connect to b. Presumably I'm missing
>something in the routing config on b - I'm fairly sure I've told a to
>use b as the gateway for hosts in the VPN's IP subnet. From c, I can
>ping b fine, but again can't ping a.
>
>The output of some relevant commands:
>
>"ifconfig", on b:
>
>sapphire:/etc/cipe# ifconfig
>cipcb0    Link encap:IPIP Tunnel  HWaddr
>          inet addr:10.1.9.1  P-t-P:10.1.2.1  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP  MTU:1442  Metric:1
>          RX packets:113 errors:2 dropped:0 overruns:0 frame:2
>          TX packets:300 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:16000 (15.6 KiB)  TX bytes:42020 (41.0 KiB)
>
>cipcb1    Link encap:IPIP Tunnel  HWaddr
>          inet addr:10.1.9.1  P-t-P:10.1.9.2  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP  MTU:1442  Metric:1
>          RX packets:29 errors:2 dropped:0 overruns:0 frame:2
>          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:2784 (2.7 KiB)  TX bytes:5524 (5.3 KiB)
>
>eth0      Link encap:Ethernet  HWaddr 00:50:FC:24:16:CE
>          inet addr:192.168.0.7  Bcast:192.168.0.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:196727 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:256850 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:61723922 (58.8 MiB)  TX bytes:258500251 (246.5 MiB)
>          Interrupt:11
>
>"route", on b:
>sapphire:/etc/cipe# route
>Kernel IP routing table
>Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>munchkin.cipe   *               255.255.255.255 UH    0      0        0 cipcb0
>sapphire.cipe   sapphire        255.255.255.255 UGH   0      0        0 lo
>emerald.cipe    *               255.255.255.255 UH    0      0        0 cipcb1
>192.168.0.0     sapphire.house	255.255.255.0   UG    0      0        0 eth0
>192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
>10.0.0.0        munchkin.cipe   255.240.0.0     UG    0      0        0 cipcb0
>default         gateway.house	0.0.0.0         UG    0      0        0 eth0
>
>(munchkin is host C, emerald is host A, above. sapphire is, obviously, B)
>
>A has a route for 10.0.0.0/12 with the gateway set to 10.1.9.1, and C
>has a route for 10.1.9.0/24, also with the gateway 10.1.9.1.
>
>(A, sadly, runs win2k. Thought cipe-win32 doesn't seem too broken, so
>far. It was, at least, easier to install than the debian cipe-source
>package, which until recently was sufficiently broken that the kernel
>modules wouldn't compile at all...)
>
>Can anyone tell me what I've missed? I've been banging my head against
>this for a while now.
>
>Cheers,
>
>James.
>
>  
>
Hi James,

Make sure that ip forwarding is enabled, the value in

/proc/sys/net/ipv4/ip_forward

should be 1.
If it is 0 you need to add a line to one of your startup scrips like:

echo 1 > /proc/sys/net/ipv4/ip_forward

You should also check your firewall rules (ipchains/iptables). There 
could be a rule that is denying the packets. This may show up in the 
system logs.

Hope this helps


Ernie