[Wylug-help] Linux gateway not a gatewat
Gary Stainburn
gary.stainburn at ringways.co.uk
Fri Nov 11 10:54:30 UTC 2011
I have a number of issues with this setup. Firstly, it seems to stop working
during the night, but I have no idea why.
The VPN stays up, and I can connect to the remote gateway over the VPN.
From the remote gateway I can access both the internet and my network.
However, the computers behind the gateway lose access to my network and also
sometimes lose access to the internet.
Rebooting the Linux boxes at both ends of the VPN seems to get it working
again but I have no idea why.
I'll check the net channel values etc. next time it fails.
On Thursday 10 November 2011 19:52:43 Steven Dodd wrote:
>
> Probably not the cause of the problem, but you are using different masks
> on the gateway and client for the 10.10 subnet - is that deliberate?
>
Yes this is deliberate. I have tried changing iptables scopes to
increase/decrease coverage to see if this affects things. The NAT bit is
required for certain parts of my network as I do not manage all of it and
cannot add route entries to some routers.
> Can you do a traceroute to eddie on the gateway to show the route from
> there?
From the gateway I can always access eddie. Ping, traceroute, ssh etc. all
work fine. Traceroute shows the correct route, i.e. remote end of the VPN and
then to eddie.
From a client PC, traceroute works fine when everything is working, but only
shows the first hop, i.e. to the remote gateway when it is down. To me, this
means that either the gateway or the remote end of the VPN is blocking it.
The following are when it is working.
Traceroute from the gateway:
[root at gate ~]# traceroute eddie
traceroute to eddie (10.1.1.115), 30 hops max, 60 byte packets
1 192.168.128.1 (192.168.128.1) 62.019 ms 61.614 ms 61.402 ms
2 eddie.ringways.co.uk (10.1.1.115) 61.221 ms 68.555 ms 68.229 ms
[root at gate ~]#
From a client:
C:\Users\JB>tracert eddie
Tracing route to eddie.ringways.co.uk [10.1.1.115]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.10.1.1
2 66 ms 129 ms 82 ms 192.168.128.1
3 65 ms 67 ms 65 ms eddie.ringways.co.uk [10.1.1.115]
Trace complete.
C:\Users\JB>
> >
> > eth1 Link encap:Ethernet HWaddr 00:0D:88:27:9A:1F
>
> Mask here is /24
Yes. I have a quite large (as in subnets) network. The whole network is based
on the 10. range with 10.x being physical sites, i.e. logically routed at WAN
level with 10.x.x being departmental, building, VLAN etc., and 10.x.x.x being
individual hosts. 10.10.1.2 is the first host in building 1 on site 10.
>
> > inet addr:10.10.1.1 Bcast:10.10.1.255 Mask:255.255.255.0
> > inet6 addr: fe80::20d:88ff:fe27:9a1f/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:135026 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:185651 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:9587356 (9.1 MiB) TX bytes:22807867 (21.7 MiB)
> > Interrupt:16 Base address:0xc000
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:49652 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:49652 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:94914670 (90.5 MiB) TX bytes:94914670 (90.5 MiB)
> >
> > ppp0 Link encap:Point-to-Point Protocol
> > inet addr:192.168.128.2 P-t-P:192.168.128.1
> > Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
> > Metric:1 RX packets:10513 errors:0 dropped:0 overruns:0 frame:0 TX
> > packets:11835 errors:0 dropped:0 overruns:0 carrier:0 collisions:0
> > txqueuelen:3
> > RX bytes:2019104 (1.9 MiB) TX bytes:910555 (889.2 KiB)
> >
> > [root at gate ~]# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface 80.40.145.67 192.168.128.1 255.255.255.255 UGH 0 0
> > 0 ppp0 192.168.128.1 0.0.0.0 255.255.255.255 UH 0 0
> > 0 ppp0 80.40.144.67 192.168.128.1 255.255.255.255 UGH 0
> > 0 0 ppp0 192.168.7.0 0.0.0.0 255.255.255.0 U 0
> > 0 0 eth0 10.10.1.0 0.0.0.0 255.255.255.0 U
> > 0 0 0 eth1 10.2.0.0 192.168.128.1 255.255.0.0 UG
> > 0 0 0 ppp0 172.24.0.0 192.168.128.1 255.255.0.0
> > UG 0 0 0 ppp0 10.1.0.0 192.168.128.1 255.255.0.0
> > UG 0 0 0 ppp0 172.30.0.0 192.168.128.1
> > 255.255.0.0 UG 0 0 0 ppp0 10.7.0.0
> > 192.168.128.1 255.255.0.0 UG 0 0 0 ppp0 10.5.0.0
> > 192.168.128.1 255.255.0.0 UG 0 0 0 ppp0 136.9.0.0
> > 192.168.128.1 255.255.0.0 UG 0 0 0 ppp0
> > 10.8.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
> > ppp0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0
> > 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0
> > 0 eth1 0.0.0.0 192.168.7.11 0.0.0.0 UG 0 0
> > 0 eth0 [root at gate ~]# iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
>
> Any rules in the PRE and POSTROUTING chains?
>
> > [root at gate ~]# ping eddie
> > PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
> > 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=1 ttl=63
> > time=68.7 ms
> > 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=2 ttl=63
> > time=68.1 ms
> > ^C
> > --- eddie.ringways.co.uk ping statistics ---
> > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
> > rtt min/avg/max/mdev = 68.158/68.446/68.734/0.288 ms
> > [root at gate ~]#
> >
> > [client]
> > [root at dcomp5 ~]# ifconfig
> > eth0 Link encap:Ethernet HWaddr 00:21:70:F2:38:9A
> > inet addr:10.10.1.123 Bcast:10.10.255.255 Mask:255.255.0.0
>
> Mask here is /16.
>
> > inet6 addr: fe80::221:70ff:fef2:389a/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:197973 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:127755 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:23954046 (22.8 MiB) TX bytes:8987081 (8.5 MiB)
> > Interrupt:46
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:11257 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:11257 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:1574170 (1.5 MiB) TX bytes:1574170 (1.5 MiB)
> >
> > wlan0 Link encap:Ethernet HWaddr 00:22:5F:82:03:6C
> > inet6 addr: fe80::222:5fff:fe82:36c/64 Scope:Link
> > UP BROADCAST MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> > Interrupt:19
> >
> > [root at dcomp5 ~]# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0
> > 0 eth0 0.0.0.0 10.10.1.1 0.0.0.0 UG 0 0
> > 0 eth0 [root at dcomp5 ~]# ping -c 1 10.10.1.1
> > PING 10.10.1.1 (10.10.1.1) 56(84) bytes of data.
> > 64 bytes from 10.10.1.1: icmp_req=1 ttl=64 time=0.299 ms
> >
> > --- 10.10.1.1 ping statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 0.299/0.299/0.299/0.000 ms
> > [root at dcomp5 ~]# ping -c 1 eddie
> > PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
> >
> > --- eddie.ringways.co.uk ping statistics ---
> > 1 packets transmitted, 0 received, 100% packet loss, time 0ms
> >
> > [root at dcomp5 ~]# traceroute eddie
> > traceroute to eddie (10.1.1.115), 30 hops max, 60 byte packets
> > 1 10.10.1.1 (10.10.1.1) 0.303 ms 0.246 ms 0.199 ms
> > 2 * * *
> > 3 * * *
> > 4 * * *
> > 5 * * *
> > 6 * * *
> > 7 *^C
> > [root at dcomp5 ~]#
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/wylug-help
--
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk
More information about the Wylug-help
mailing list