[CentOS] Routing problem

Wed Jul 19 15:50:50 UTC 2006
Aleksandar Milivojevic <alex at milivojevic.org>

Quoting Marc Breslow <marc at radiusIM.com>:

> Jeff,
>
> I think we are on to something here.  I added a static route on the
> 192.168.1.1 router to the 192.168.1.224 with the gateway address equal to
> the eth1 IP address on the firewall.  I can now ping 192.168.1.1 from behind
> the firewall but I still can't ping 209.73.186.238 (yahoo) from behind the
> firewall.  I can ping yahoo from the firewall.
>
> Any other thoughts?

Couple of questions.

Is your firewall (the CentOS box with 192.168.1.224 and 192.168.202.1  
interfaces) configured to perform NAT?  Or is the firewall on it  
completely turned off?

What is exactly the route you added to your external router?  That  
router probably has two network interfaces and therefore two routes  
with link scope associted with them.  One telling it how to reach the  
router at the ISP end, and second one for your 192.168.1.0/24 network.  
  Everything else will be routed to the default route (meaning  
outside).  You want to add static route on your external router for  
192.168.202.0/24 pointing to 192.168.1.224.  Is that what you did?

If that is what you did, you might want to check configuration of your  
external router, and see how firewalling is configured on it.  Many of  
those small devices have some firewalling enabled by default in them.   
Maybe it considers only 192.168.1.0/24 to be internal network, and  
drops everything else from inside.

Try doing traceroute from 192.168.202.10.  Also, running tcpdump on  
your firewall's eth1 and eth3 interfaces in parallel (for example from  
two terminal windows) while you are doing traceroute or simply  
attempting to ping outside world and comparing the outputs might give  
you an idea what is going on.

-- 
See Ya' later, alligator!
http://www.8-P.ca/