[Sussex] Having fun with routing
steve at krasnegar.demon.co.uk
steve at krasnegar.demon.co.uk
Wed Oct 22 21:29:21 UTC 2003
Hi Guys
I know that there are a few of you out there with some good network admin
skills and I need to tap into that knowledge base. :-)
I've just got myself a nice little box with 3 NIC interfaces that is now
to be my firewall. As a result I'm re-vamping my network. The new
design looks like this:
+--------+
192.168.1.1/24 ) ) ) . . . ( ( ( 192.168.1.2/24 -+ laptop |
wlan0 (WiFi) eth0 (WiFi) +--------+
|
+----+----+ +----------+
| | 192.168.0.2/24 192.168.0.1/24 | |
| hub +================x================+ firewall +
| | eth0 eth1 | | eth2
+----+----+ +----+-----+
| |
ppp0 eth0
194.222.168.155/32 10.0.0.1/8
| +---------+ 10.0.0.2/8 |
| | mail +----------------+
158.152.1.222/32 +---------+ eth0 |
| |
+----+----+ +---------+ 10.0.0.3/8 |
| Demon | | ssh +----------------+
| My ISP | +---------+ eth0 |
+---------+
Between "hub" and "firewall" there is a cross over cable, and on
the 10.x.x.x network there is my 8-port switch. When (if) I get
ADSL the ADSL router will be pluged in to eth2 on the firewall
with a cross over cable. Both "hub" and "firewall" are running
routed(8). The laptop has a static route with a default gateway
of 192.168.1.1. Likewise the servers on the 10.x.x.x network have
static routing with 10.0.0.1 as their default gateway.
I can ping any machine on my networks (10.0.0.2 <-> 192.168.1.2)
but my problem is that while the laptop can talk to the outside
world (this e-mail is an example) the servers on the 10.x.x.x network
can't.
I know there are rules for not routing private networks over public
routers by my ping test suggests that the "firewall" is forwarding
192.168.x.x packets to "hub" suggest to me that that isn't the issue.
Just to complete the picture here are the routing tables for the
two routers.
Hub
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
158.152.1.222 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
194.222.168.155 127.0.0.1 255.255.255.255 UGH 0 0 0 lo
192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.0.0 192.168.0.2 255.255.255.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 192.168.0.1 255.0.0.0 UG 1 0 0 eth0
0.0.0.0 158.152.1.222 0.0.0.0 UG 0 0 0 ppp0
Firewall
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.0.2 255.255.255.0 UG 1 0 0 eth1
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 10.0.0.1 255.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
These look right to me - but then again I'm no expert.
Any ideas why 10.0.0.2 can't ping an Internet address when at the same moment
the laptop can?
Ta
Steve
--
Tomorrow, this will be part of the unchangeable past but fortunately,
it can still be changed today.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20031022/50be0d0b/attachment.pgp
More information about the Sussex
mailing list