This is mildly off topic since it has more to do with TCP/IP networking than with CentOS per se. However, at the risk of ruffling a few feathers I would like some advice on how to resolve the following routing problem:
Given: dual homed host running CentOS-5.2 with eth0 = 2xx.yyy.zzz.23 eth1 = 192.168.219.1
and a Cisco gateway at 2xx.1xx.y7y.1 with the following networks:
interface FastEthernet0/1 description connected to EthernetLAN ip address 10.0.0.1 255.0.0.0 secondary ip address 172.16.0.1 255.240.0.0 secondary ip address 192.168.71.1 255.255.255.0 secondary ip address 192.168.0.1 255.255.0.0 secondary ip address 2xx.yyy.zzz.1 255.255.255.0 ip access-group 101 in ip inspect FastEthernet_0_1 in speed 100 full-duplex ! router rip version 2 passive-interface FastEthernet0/0 network 10.0.0.0 network 172.16.0.0 network 192.168.0.0 network 2xx.yyy.zzz.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
and with the following routes on the CentOS host:
# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.219.0 * 255.255.255.0 U 0 0 0 eth1 2xx.yyy.zzz.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default gw-fibrewire 0.0.0.0 UG 0 0 0 eth0 # ip route 192.168.219.0/24 dev eth1 proto kernel scope link src 192.168.219.1 2xx.yyy.zzz.0/24 dev eth0 proto kernel scope link src 2xx.yyy.zzz.23 169.254.0.0/16 dev eth1 scope link default via 2xx.yyy.zzz.1 dev eth0
The situation is this.
From the host itself I can ping 192.168.218.102 on 192.168.219.0/24
From any other host on 2xx.1xx.y7y.0/24 I can ping 192.168.219.1
From any other host on 2xx.1xx.y7y.0/24 I cannot ping 192.168.219.102
What setup steps on the CentOS host have I overlooked or what configuration errors have I committed?
As I am a digest subscriber please use "reply all" so that I get an immediate copy of any replies.
Regards,
James B. Byrne wrote:
From any other host on 2xx.1xx.y7y.0/24 I cannot ping 192.168.219.102
What setup steps on the CentOS host have I overlooked or what configuration errors have I committed?
Seems like your trying to route through the linux box? Have you enabled ip forwarding and checked your iptables ruleset to make sure that either the default policy is ACCEPT or that you have specific rules in there that allow forwarding?
[root@dc1-rhel5-32build001:~]# cat /proc/sys/net/ipv4/ip_forward 0 [root@dc1-rhel5-32build001:~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@dc1-rhel5-32build001:~]#
In the above case ip forwarding is disabled and the default policy is ACCEPT.
nate
On Tue, October 21, 2008 15:12, nate wrote:
Seems like your trying to route through the linux box? Have you enabled ip forwarding and checked your iptables ruleset to make sure that either the default policy is ACCEPT or that you have specific rules in there that allow forwarding?
I believe so.
# cat /proc/sys/net/ipv4/ip_forward 1 # iptables -L -n ... blah blah ... ACCEPT all -- 0.0.0.0/0 192.168.219.0/24 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
#
To be sure that the firewall was not the source of trouble I temporarily turned it off and observed no change in behaviour from that previously reported.
Another correspondent pointed out that I may need to run routed to propagate the routing information from the host to the network.
On: Tue, Oct 21, 2008 at 3:20 PM, Ross Walker rswwalker@gmail.com wrote:
From any other host on 2xx.1xx.y7y.0/24 I cannot ping 192.168.219.102
You need to have a route in the Cisco's table for 192.168.219.0/24 or you need to get RIP working between 2xx.yyy.zzz.23 and 2xx.yyy.zzz.1
What setup steps on the CentOS host have I overlooked or what configuration errors have I committed?
Probably getting routed/gated running, setting active/passive interfaces, broadcast or multicast RIP, host routes/default routes, etc.
So, I will look into this.
Thanks for the help.
James B. Byrne wrote:
Seems like your trying to route through the linux box? Have you enabled ip forwarding and checked your iptables ruleset to make sure that either the default policy is ACCEPT or that you have specific rules in there that allow forwarding?
I believe so.
# cat /proc/sys/net/ipv4/ip_forward 1 # iptables -L -n ... blah blah ... ACCEPT all -- 0.0.0.0/0 192.168.219.0/24 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Do you permit returning packets somewhere?
To be sure that the firewall was not the source of trouble I temporarily turned it off and observed no change in behaviour from that previously reported.
Another correspondent pointed out that I may need to run routed to propagate the routing information from the host to the network.
Or apply static routes on the other network - or NAT to the connecting interface address on the way out.
I have discovered quagga and installed it on the dual-homed CentOS-5.2 box that I am attempting to configure as a router.
Given my previous requirements and configuration:
dual-homed host running CentOS-5.2 with eth0 = 2xx.yyy.zzz.23 eth1 = 192.168.219.1
and given that our Cisco 2605 uses ripv2 I infer that my /etc/quagga/ripd.conf file needs to look something like this:
hostname myhost.domain.tld password somepassword
router rip network eth0 <--- is this correct? network 192.168.219.0/24
Can anyone provide me with some further guidance on this together with any recommendations respecting zebra.conf?
Regards,
behalf of; James B. Byrne [byrnejb@harte-lyne.ca]
router rip network eth0 <--- is this correct? network 192.168.219.0/24 ##################################### JohnStanley Writes: Did you bother to check the documentation?
On Tue, Oct 21, 2008 at 3:02 PM, James B. Byrne byrnejb@harte-lyne.ca wrote:
This is mildly off topic since it has more to do with TCP/IP networking than with CentOS per se. However, at the risk of ruffling a few feathers I would like some advice on how to resolve the following routing problem:
Given: dual homed host running CentOS-5.2 with eth0 = 2xx.yyy.zzz.23 eth1 = 192.168.219.1
and a Cisco gateway at 2xx.1xx.y7y.1 with the following networks:
interface FastEthernet0/1 description connected to EthernetLAN ip address 10.0.0.1 255.0.0.0 secondary ip address 172.16.0.1 255.240.0.0 secondary ip address 192.168.71.1 255.255.255.0 secondary ip address 192.168.0.1 255.255.0.0 secondary ip address 2xx.yyy.zzz.1 255.255.255.0 ip access-group 101 in ip inspect FastEthernet_0_1 in speed 100 full-duplex ! router rip version 2 passive-interface FastEthernet0/0 network 10.0.0.0 network 172.16.0.0 network 192.168.0.0 network 2xx.yyy.zzz.0 no auto-summary
Assuming that this Cisco box is for routing your Internet traffic, I would NOT put any private network routing, or any dynamic routing at all on it and use NAT on the CentOS box.
! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
and with the following routes on the CentOS host:
# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.219.0 * 255.255.255.0 U 0 0 0 eth1 2xx.yyy.zzz.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default gw-fibrewire 0.0.0.0 UG 0 0 0 eth0 # ip route 192.168.219.0/24 dev eth1 proto kernel scope link src 192.168.219.1 2xx.yyy.zzz.0/24 dev eth0 proto kernel scope link src 2xx.yyy.zzz.23 169.254.0.0/16 dev eth1 scope link default via 2xx.yyy.zzz.1 dev eth0
The situation is this.
From the host itself I can ping 192.168.218.102 on 192.168.219.0/24
Was that a typo 192.168.218.102?
From any other host on 2xx.1xx.y7y.0/24 I can ping 192.168.219.1
Yes, cause it a local interface on router 2xx.yyy.zzz.23, discoverable by ICMP.
From any other host on 2xx.1xx.y7y.0/24 I cannot ping 192.168.219.102
You need to have a route in the Cisco's table for 192.168.219.0/24 or you need to get RIP working between 2xx.yyy.zzz.23 and 2xx.yyy.zzz.1
What setup steps on the CentOS host have I overlooked or what configuration errors have I committed?
Probably getting routed/gated running, setting active/passive interfaces, broadcast or multicast RIP, host routes/default routes, etc.
As I am a digest subscriber please use "reply all" so that I get an immediate copy of any replies.
List always strips off the members email :-(
-Ross
The solution to this proved quite simple, once I grasped the fact that all routers on a common network have to route for that network (duhh!!!) as well as any others that they may handle.
So the ripd.conf file looks like this:
---> ! -*- rip -*- ! ! RIPd configuration file ! hostname a.b.domain.tld password xxxxxxxx enable password xxxxxxxx
router rip network 2aa.bbb.ccc.0/24 network 192.168.219.0/24
log stdout <---
And it works.
James B. Byrne wrote:
The solution to this proved quite simple, once I grasped the fact that all routers on a common network have to route for that network (duhh!!!) as well as any others that they may handle.
So the ripd.conf file looks like this:
---> ! -*- rip -*- ! ! RIPd configuration file ! hostname a.b.domain.tld password xxxxxxxx enable password xxxxxxxx
router rip network 2aa.bbb.ccc.0/24 network 192.168.219.0/24
log stdout <---
And it works.
It's been a while since I set one of those up, but I believe the network statements control the interfaces where the route announcements are sent as well as the address ranges that will be routed. So if you omitted the 2aa.bbb.ccc.0/24 network, it wouldn't send any routes out that interface.
-
James B. Byrne -
John -
Les Mikesell -
nate -
Ross Walker