[Wylug-help] Linux gateway not a gatewat

Steven Dodd steve-wylug at gant-dodd.co.uk
Thu Nov 10 19:52:50 UTC 2011 

On 10/11/2011 10:14, Gary Stainburn wrote:
> Hi folks.
> 
> A linux VPN router I set up a couple of weeks back has stopped forwarding 
> traffic.
> 
> It can still access the internet and the remote end of the VPN itself, but 
> computers behind it can't. I've even turned the iptables off and it doesn't 
> seem to make any difference. ip_forwarding is still turned on, and the 

What about the per interface values

/proc/sys/net/ipv4/conf/*/forwarding ?

> computers behind the gateway can still access it okay.
> 
> Can anyone suggest what to try next.
>

Probably not the cause of the problem, but you are using different masks
on the gateway and client for the 10.10 subnet - is that deliberate?

Can you do a traceroute to eddie on the gateway to show the route from
there?

> [gateway]
> [root at gate ~]# ifconfig 
> eth0      Link encap:Ethernet  HWaddr 00:08:02:42:33:ED  
>           inet addr:192.168.7.12  Bcast:192.168.7.255  Mask:255.255.255.0
>           inet6 addr: fe80::208:2ff:fe42:33ed/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:29626 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:21500 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:9736795 (9.2 MiB)  TX bytes:2638807 (2.5 MiB)
> 
> eth1      Link encap:Ethernet  HWaddr 00:0D:88:27:9A:1F  

Mask here is /24
>           inet addr:10.10.1.1  Bcast:10.10.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::20d:88ff:fe27:9a1f/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:135026 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:185651 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:9587356 (9.1 MiB)  TX bytes:22807867 (21.7 MiB)
>           Interrupt:16 Base address:0xc000 
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:49652 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:49652 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:94914670 (90.5 MiB)  TX bytes:94914670 (90.5 MiB)
> 
> ppp0      Link encap:Point-to-Point Protocol  
>           inet addr:192.168.128.2  P-t-P:192.168.128.1  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:10513 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11835 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:3 
>           RX bytes:2019104 (1.9 MiB)  TX bytes:910555 (889.2 KiB)
> 
> [root at gate ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 80.40.145.67    192.168.128.1   255.255.255.255 UGH   0      0        0 ppp0
> 192.168.128.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
> 80.40.144.67    192.168.128.1   255.255.255.255 UGH   0      0        0 ppp0
> 192.168.7.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 10.10.1.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 10.2.0.0        192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 172.24.0.0      192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 10.1.0.0        192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 172.30.0.0      192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 10.7.0.0        192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 10.5.0.0        192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 136.9.0.0       192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 10.8.0.0        192.168.128.1   255.255.0.0     UG    0      0        0 ppp0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
> 0.0.0.0         192.168.7.11    0.0.0.0         UG    0      0        0 eth0
> [root at gate ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         

Any rules in the PRE and POSTROUTING chains?

> [root at gate ~]# ping eddie
> PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
> 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=1 ttl=63 time=68.7 
> ms
> 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=2 ttl=63 time=68.1 
> ms
> ^C
> --- eddie.ringways.co.uk ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
> rtt min/avg/max/mdev = 68.158/68.446/68.734/0.288 ms
> [root at gate ~]# 
> 
> [client]
> [root at dcomp5 ~]# ifconfig 
> eth0      Link encap:Ethernet  HWaddr 00:21:70:F2:38:9A  
>           inet addr:10.10.1.123  Bcast:10.10.255.255  Mask:255.255.0.0

Mask here is /16.

>           inet6 addr: fe80::221:70ff:fef2:389a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:197973 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:127755 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:23954046 (22.8 MiB)  TX bytes:8987081 (8.5 MiB)
>           Interrupt:46 
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:11257 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11257 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:1574170 (1.5 MiB)  TX bytes:1574170 (1.5 MiB)
> 
> wlan0     Link encap:Ethernet  HWaddr 00:22:5F:82:03:6C  
>           inet6 addr: fe80::222:5fff:fe82:36c/64 Scope:Link
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Interrupt:19 
> 
> [root at dcomp5 ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 10.10.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
> 0.0.0.0         10.10.1.1       0.0.0.0         UG    0      0        0 eth0
> [root at dcomp5 ~]# ping -c 1 10.10.1.1
> PING 10.10.1.1 (10.10.1.1) 56(84) bytes of data.
> 64 bytes from 10.10.1.1: icmp_req=1 ttl=64 time=0.299 ms
> 
> --- 10.10.1.1 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.299/0.299/0.299/0.000 ms
> [root at dcomp5 ~]# ping -c 1 eddie
> PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
> 
> --- eddie.ringways.co.uk ping statistics ---
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
> 
> [root at dcomp5 ~]# traceroute eddie
> traceroute to eddie (10.1.1.115), 30 hops max, 60 byte packets
>  1  10.10.1.1 (10.10.1.1)  0.303 ms  0.246 ms  0.199 ms
>  2  * * *
>  3  * * *
>  4  * * *
>  5  * * *
>  6  * * *
>  7  *^C
> [root at dcomp5 ~]# 
> 
>

More information about the Wylug-help mailing list