Hello All
First, sorry by my poor english, hope you understand me :-)
I have a problem, i don't understand or don't know how to solve
I need to interconnect 2 networks with different numbers. One is 192.168.236.0/24 the other 192.168.1.0/24. Mainly i need to access services in the 236. from the 1. one.
I have a CentOS 5.5 machine with 2 nics each one configured to work in one of the nets. The CentOS also uses a router for Internet access that is 192.168.1.1.
192.168.1.0/24 >-----192.168.1.100--[CentOS Machine]--192.168.236.74 --------< 192.168.236.0/24
So, i enable forwarding in the CentOS box
echo '1' > /proc/sys/net/ipv4/ip_forward
And in one machine of the 1. network (this is Fedora14) I add the route:
route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0
Since this moment i can ping or access (ssh/http) another CentOS machine in the 236 network ping 192.168.236.74 PING 192.168.236.74 (192.168.236.74) 56(84) bytes of data. 64 bytes from 192.168.236.74: icmp_req=1 ttl=64 time=0.281 ms
But can't access or ping other machines (NOT Linux ones), ie, printers, Win servers, etc...
Also tried adding: route add 192.168.1.100 eth0
before the route add -net, but no efect.
This fails even if i flush IPTables.
In the CentOS box that replies, i did nothing, it 'just' works.
Can anyone tell what is happening / help me with this? Something to do missing in the CentOS router that joins the networks?
Best,
On 12/19/10 11:07 AM, Jose Maria Terry Jimenez wrote:
Hello All
First, sorry by my poor english, hope you understand me :-)
I have a problem, i don't understand or don't know how to solve
I need to interconnect 2 networks with different numbers. One is 192.168.236.0/24 the other 192.168.1.0/24. Mainly i need to access services in the 236. from the 1. one.
I have a CentOS 5.5 machine with 2 nics each one configured to work in one of the nets. The CentOS also uses a router for Internet access that is 192.168.1.1.
192.168.1.0/24 >-----192.168.1.100--[CentOS Machine]--192.168.236.74 --------< 192.168.236.0/24
So, i enable forwarding in the CentOS box
echo '1' > /proc/sys/net/ipv4/ip_forward
And in one machine of the 1. network (this is Fedora14) I add the route:
route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0
Since this moment i can ping or access (ssh/http) another CentOS machine in the 236 network ping 192.168.236.74 PING 192.168.236.74 (192.168.236.74) 56(84) bytes of data. 64 bytes from 192.168.236.74: icmp_req=1 ttl=64 time=0.281 ms
But can't access or ping other machines (NOT Linux ones), ie, printers, Win servers, etc...
Also tried adding: route add 192.168.1.100 eth0
before the route add -net, but no efect.
This fails even if i flush IPTables.
In the CentOS box that replies, i did nothing, it 'just' works.
Can anyone tell what is happening / help me with this? Something to do missing in the CentOS router that joins the networks?
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
El 19/12/2010, a las 19:01, Les Mikesell escribió:
On 12/19/10 11:07 AM, Jose Maria Terry Jimenez wrote:
Hello All
First, sorry by my poor english, hope you understand me :-)
I have a problem, i don't understand or don't know how to solve
I need to interconnect 2 networks with different numbers. One is 192.168.236.0/24 the other 192.168.1.0/24. Mainly i need to access services in the 236. from the 1. one.
I have a CentOS 5.5 machine with 2 nics each one configured to work in one of the nets. The CentOS also uses a router for Internet access that is 192.168.1.1.
192.168.1.0/24 >-----192.168.1.100--[CentOS Machine]--192.168.236.74 --------< 192.168.236.0/24
So, i enable forwarding in the CentOS box
echo '1' > /proc/sys/net/ipv4/ip_forward
And in one machine of the 1. network (this is Fedora14) I add the route:
route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0
Since this moment i can ping or access (ssh/http) another CentOS machine in the 236 network ping 192.168.236.74 PING 192.168.236.74 (192.168.236.74) 56(84) bytes of data. 64 bytes from 192.168.236.74: icmp_req=1 ttl=64 time=0.281 ms
But can't access or ping other machines (NOT Linux ones), ie, printers, Win servers, etc...
Also tried adding: route add 192.168.1.100 eth0
before the route add -net, but no efect.
This fails even if i flush IPTables.
In the CentOS box that replies, i did nothing, it 'just' works.
Can anyone tell what is happening / help me with this? Something to do missing in the CentOS router that joins the networks?
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
-- Les Mikesell lesmikesell@gmail.com
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
Best
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
-- Les Mikesell lesmikesell@gmail.com
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
Best
Hello Again,
I forgot: I made a mistake in my original post, the ping is to a diferent CentOS box in the 236. network (192.168.236.80) and it replies and i can access it from the Fedora machine in the 1. net.
Why the other CentOS box (in the 236. net) works (reply, can be accessed) without adding any route?
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
The CentOS box (both networks): [jose@puente ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 [jose@puente ~]$ /sbin/ifconfig eth1 | grep -i 'inet addr' inet addr:192.168.236.74 Bcast:192.168.236.255 Mask:255.255.255.0
The CentOS box (236. network); [jose@control ~]$ /sbin/ifconfig eth1 | grep -i 'inet addr' inet addr:192.168.236.80 Bcast:192.168.236.255 Mask:255.255.255.0
Best
On 12/19/10 12:31 PM, Jose Maria Terry Jimenez wrote:
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
-- Les Mikesell lesmikesell@gmail.com
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
Best
Hello Again,
I forgot: I made a mistake in my original post, the ping is to a diferent CentOS box in the 236. network (192.168.236.80) and it replies and i can access it from the Fedora machine in the 1. net.
Why the other CentOS box (in the 236. net) works (reply, can be accessed) without adding any route?
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
El 19/12/2010, a las 20:34, Les Mikesell escribió:
On 12/19/10 12:31 PM, Jose Maria Terry Jimenez wrote:
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
-- Les Mikesell lesmikesell@gmail.com
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
Best
Hello Again,
I forgot: I made a mistake in my original post, the ping is to a diferent CentOS box in the 236. network (192.168.236.80) and it replies and i can access it from the Fedora machine in the 1. net.
Why the other CentOS box (in the 236. net) works (reply, can be accessed) without adding any route?
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
Sure, here it is:
From fresh reboot of the Fedora14 box:
[jose@IDi ~]$ su - Contraseña: [root@IDi ~]# route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0 [root@IDi ~]# logout
[jose@IDi ~]$ traceroute 192.168.236.80 traceroute to 192.168.236.80 (192.168.236.80), 30 hops max, 60 byte packets 1 puente (192.168.1.100) 0.286 ms 0.260 ms 0.239 ms 2 192.168.236.80 (192.168.236.80) 0.963 ms !X 0.949 ms !X 0.930 ms !X [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=0.668 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.599 ms 64 bytes from 192.168.236.80: icmp_req=3 ttl=64 time=0.566 ms ^C --- 192.168.236.80 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.566/0.611/0.668/0.042 ms
[jose@IDi ~]$ ssh 192.168.236.80 jose@192.168.236.80's password: Last login: Sun Dec 19 20:44:44 2010 from 192.168.1.3 [jose@control ~]$
On 12/19/10 1:45 PM, Jose Maria Terry Jimenez wrote:
El 19/12/2010, a las 20:34, Les Mikesell escribió:
On 12/19/10 12:31 PM, Jose Maria Terry Jimenez wrote:
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
-- Les Mikesell lesmikesell@gmail.com
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
Best
Hello Again,
I forgot: I made a mistake in my original post, the ping is to a diferent CentOS box in the 236. network (192.168.236.80) and it replies and i can access it from the Fedora machine in the 1. net.
Why the other CentOS box (in the 236. net) works (reply, can be accessed) without adding any route?
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
Sure, here it is:
From fresh reboot of the Fedora14 box:
[jose@IDi ~]$ su - Contraseña: [root@IDi ~]# route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0 [root@IDi ~]# logout
[jose@IDi ~]$ traceroute 192.168.236.80 traceroute to 192.168.236.80 (192.168.236.80), 30 hops max, 60 byte packets 1 puente (192.168.1.100) 0.286 ms 0.260 ms 0.239 ms 2 192.168.236.80 (192.168.236.80) 0.963 ms !X 0.949 ms !X 0.930 ms !X
We know why it works this direction.
[jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=0.668 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.599 ms 64 bytes from 192.168.236.80: icmp_req=3 ttl=64 time=0.566 ms ^C --- 192.168.236.80 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.566/0.611/0.668/0.042 ms
[jose@IDi ~]$ ssh 192.168.236.80 jose@192.168.236.80's password: Last login: Sun Dec 19 20:44:44 2010 from 192.168.1.3 [jose@control ~]$
I wanted the reverse path. Traceroute from the 192.168.236.80 box back to the fedora address. It doesn't make sense that it can return packets without a route going through the Centos box.
Hi,
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
Sure, here it is:
From fresh reboot of the Fedora14 box:
[jose@IDi ~]$ su - Contraseña: [root@IDi ~]# route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0 [root@IDi ~]# logout
[jose@IDi ~]$ traceroute 192.168.236.80 traceroute to 192.168.236.80 (192.168.236.80), 30 hops max, 60 byte packets 1 puente (192.168.1.100) 0.286 ms 0.260 ms 0.239 ms 2 192.168.236.80 (192.168.236.80) 0.963 ms !X 0.949 ms !X 0.930 ms !X
We know why it works this direction.
[jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=0.668 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.599 ms 64 bytes from 192.168.236.80: icmp_req=3 ttl=64 time=0.566 ms ^C --- 192.168.236.80 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.566/0.611/0.668/0.042 ms
[jose@IDi ~]$ ssh 192.168.236.80 jose@192.168.236.80's password: Last login: Sun Dec 19 20:44:44 2010 from 192.168.1.3 [jose@control ~]$
I wanted the reverse path. Traceroute from the 192.168.236.80 box back to the fedora address. It doesn't make sense that it can return packets without a route going through the Centos box.
Yes it does make sense, if the machine in the 192.168.236.0/24 has the centos box in the middle (the one with two LAN cards) as a default route, then you wouldn't need a seperate route. Packets would come back. Can you give the network settings for 192.168.236.80 ?
Can you tell us more about the network setup ? routers in both networks ? Maybe a quick drawing should make things more clear.
If you cannot set a route on the various devices it might help to use proxy-arp.
regards,
Michel
El 19/12/10 21:17, Michel van Deventer escribió:
Hi,
The Fedora box (1. network): [jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=1.61 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.684 ms [jose@IDi ~]$ ifconfig eth0 | grep -i 'inet addr' inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
Sure, here it is:
From fresh reboot of the Fedora14 box:
[jose@IDi ~]$ su - Contraseña: [root@IDi ~]# route add -net 192.168.236.0 netmask 255.255.255.0 gw 192.168.1.100 dev eth0 [root@IDi ~]# logout
[jose@IDi ~]$ traceroute 192.168.236.80 traceroute to 192.168.236.80 (192.168.236.80), 30 hops max, 60 byte packets 1 puente (192.168.1.100) 0.286 ms 0.260 ms 0.239 ms 2 192.168.236.80 (192.168.236.80) 0.963 ms !X 0.949 ms !X 0.930 ms !X
We know why it works this direction.
[jose@IDi ~]$ ping 192.168.236.80 PING 192.168.236.80 (192.168.236.80) 56(84) bytes of data. 64 bytes from 192.168.236.80: icmp_req=1 ttl=64 time=0.668 ms 64 bytes from 192.168.236.80: icmp_req=2 ttl=64 time=0.599 ms 64 bytes from 192.168.236.80: icmp_req=3 ttl=64 time=0.566 ms ^C --- 192.168.236.80 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.566/0.611/0.668/0.042 ms
[jose@IDi ~]$ ssh 192.168.236.80 jose@192.168.236.80's password: Last login: Sun Dec 19 20:44:44 2010 from 192.168.1.3 [jose@control ~]$
I wanted the reverse path. Traceroute from the 192.168.236.80 box back to the fedora address. It doesn't make sense that it can return packets without a route going through the Centos box.
Yes it does make sense, if the machine in the 192.168.236.0/24 has the centos box in the middle (the one with two LAN cards) as a default route, then you wouldn't need a seperate route. Packets would come back. Can you give the network settings for 192.168.236.80 ?
Can you tell us more about the network setup ? routers in both networks ? Maybe a quick drawing should make things more clear.
If you cannot set a route on the various devices it might help to use proxy-arp.
regards,
Michel
Hope it helps (all addresses are 192.168. Trimmed to compact the schema):
---------- ---------- ----------- ! 1.3 !------!1.100 ! !gw 236.21! ! gw 1.1 ! ! ! 236.74!-----! 236.80 ! ---------- ! ! gw 1.1 ! ! ----------- ! ---------- ! ! ! [Router1] [Router2]
Router 1 is a PFSense and its IP is 192.168.1.1 Router 2 is "something" (it is managed by other person, and i think is somekind of win server) and IP is 192.168.236.21
Best
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.95.2/12415 - Sun Dec 19 04:26:57 2010 by Markus Madlener @ http://www.copfilter.org
On 12/19/10 2:30 PM, Jose Maria Terry Jimenez wrote:
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there?
Hope it helps (all addresses are 192.168. Trimmed to compact the schema):
! 1.3 !------!1.100 ! !gw 236.21! ! gw 1.1 ! ! ! 236.74!-----! 236.80 ! ---------- ! ! gw 1.1 ! ! ----------- ! ---------- ! ! ! [Router1] [Router2]
Router 1 is a PFSense and its IP is 192.168.1.1 Router 2 is "something" (it is managed by other person, and i think is somekind of win server) and IP is 192.168.236.21
This still doesn't explain why the 192.168.236.80 box can return packets to the fedora at 192.168.1.3 when you said it didn't have a route going through 192.168.236.74. Can you check what routes you do have on 192.168.236.80 and traceroute from there to 192.168.1.3?
Les Mikesell escribió:
On 12/19/10 2:30 PM, Jose Maria Terry Jimenez wrote:
This doesn't make much sense without a route. Can you try a traceroute to the fedora box address from the 192.168.236.80 box to see how/why it gets there
Hope it helps (all addresses are 192.168. Trimmed to compact the schema):
! 1.3 !------!1.100 ! !gw 236.21! ! gw 1.1 ! ! ! 236.74!-----! 236.80 ! ---------- ! ! gw 1.1 ! ! ----------- ! ---------- ! ! ! [Router1] [Router2]
Router 1 is a PFSense and its IP is 192.168.1.1 Router 2 is "something" (it is managed by other person, and i think is somekind of win server) and IP is 192.168.236.21
This still doesn't explain why the 192.168.236.80 box can return packets to the fedora at 192.168.1.3 when you said it didn't have a route going through 192.168.236.74. Can you check what routes you do have on 192.168.236.80 and traceroute from there to 192.168.1.3?
Apologies by confusing you. I forgot that "the other" CentOS had 2 NICs, this is the machine where i began these tests. It's in a remote site and now when listing the routes remembered that.
It's conected to the 1. network with a second NIC and IP: 192.168.1.102. Replies must be return by that iface, really? [root@control ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.236.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 192.168.236.21 0.0.0.0 UG 0 0 0 eth0
I Configured a printer in the 236. network to use 192.168.236.74 as gateway and now i can access it from 1. Thanks. [jose@IDi ~]$ ping 192.168.236.74 PING 192.168.236.74 (192.168.236.74) 56(84) bytes of data. 64 bytes from 192.168.236.74: icmp_req=1 ttl=64 time=0.276 ms 64 bytes from 192.168.236.74: icmp_req=2 ttl=64 time=0.245 ms
Thanks again
Best
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.95.2/12415 - Sun Dec 19 04:26:57 2010 by Markus Madlener @ http://www.copfilter.org
On 12/19/10 4:08 PM, José María Terry Jiménez wrote:
Les Mikesell escribió:
On 12/19/10 2:30 PM, Jose Maria Terry Jimenez wrote:
> This doesn't make much sense without a route. Can you try a traceroute to the > fedora box address from the 192.168.236.80 box to see how/why it gets there
> Hope it helps (all addresses are 192.168. Trimmed to compact the schema): > > > ---------- ---------- ----------- > ! 1.3 !------!1.100 ! !gw 236.21! > ! gw 1.1 ! ! ! 236.74!-----! 236.80 ! > ---------- ! ! gw 1.1 ! ! ----------- > ! ---------- ! > ! ! > [Router1] [Router2] > > Router 1 is a PFSense and its IP is 192.168.1.1 > Router 2 is "something" (it is managed by other person, and i think is > somekind of win server) and IP is 192.168.236.21 > >
This still doesn't explain why the 192.168.236.80 box can return packets to the fedora at 192.168.1.3 when you said it didn't have a route going through 192.168.236.74. Can you check what routes you do have on 192.168.236.80 and traceroute from there to 192.168.1.3?
Apologies by confusing you. I forgot that "the other" CentOS had 2 NICs, this is the machine where i began these tests. It's in a remote site and now when listing the routes remembered that.
It's conected to the 1. network with a second NIC and IP: 192.168.1.102. Replies must be return by that iface, really?
Yes, with rare exceptions routing always happens with each hop making the decision to use the interface that has the best route towards the destination, and that would have a route automatically added for anything within the netmask.
El 19/12/2010, a las 23:15, Les Mikesell lesmikesell@gmail.com escribió:
On 12/19/10 4:08 PM, José María Terry Jiménez wrote:
Les Mikesell escribió:
On 12/19/10 2:30 PM, Jose Maria Terry Jimenez wrote:
>> This doesn't make much sense without a route. Can you try a traceroute to the >> fedora box address from the 192.168.236.80 box to see how/why it gets there
>> Hope it helps (all addresses are 192.168. Trimmed to compact the schema): >> >> >> ---------- ---------- ----------- >> ! 1.3 !------!1.100 ! !gw 236.21! >> ! gw 1.1 ! ! ! 236.74!-----! 236.80 ! >> ---------- ! ! gw 1.1 ! ! ----------- >> ! ---------- ! >> ! ! >> [Router1] [Router2] >> >> Router 1 is a PFSense and its IP is 192.168.1.1 >> Router 2 is "something" (it is managed by other person, and i think is >> somekind of win server) and IP is 192.168.236.21 >> >>
This still doesn't explain why the 192.168.236.80 box can return packets to the fedora at 192.168.1.3 when you said it didn't have a route going through 192.168.236.74. Can you check what routes you do have on 192.168.236.80 and traceroute from there to 192.168.1.3?
Apologies by confusing you. I forgot that "the other" CentOS had 2 NICs, this is the machine where i began these tests. It's in a remote site and now when listing the routes remembered that.
It's conected to the 1. network with a second NIC and IP: 192.168.1.102. Replies must be return by that iface, really?
Yes, with rare exceptions routing always happens with each hop making the decision to use the interface that has the best route towards the destination, and that would have a route automatically added for anything within the netmask.
Thanks by your help, now i understand this a bit better,
Best
Les Mikesell escribió:
On 12/19/10 1:45 PM, Jose Maria Terry Jimenez wrote:
I wanted the reverse path. Traceroute from the 192.168.236.80 box back to the fedora address. It doesn't make sense that it can return packets without a route going through the Centos box.
Hello
This arrived as spam, and i found it now. Even it seem yesterday the mistery was discovered, here is what you asked me:
[jose@control ~]$ traceroute 192.168.1.3 traceroute to 192.168.1.3 (192.168.1.3), 30 hops max, 40 byte packets 1 192.168.1.3 (192.168.1.3) 1.429 ms !X 1.438 ms !X 1.440 ms !X
I suppose that goes by the second NIC on the "other" Centos.
Best,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.95.2/12419 - Mon Dec 20 17:17:01 2010 by Markus Madlener @ http://www.copfilter.org
On 12/19/10 12:15 PM, Jose Maria Terry Jimenez wrote:
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
The only other way to get the packets to return to the right place would be to use iptables to NAT routed packets to the 192.168.236.74 interface. If you only need to establish connections in one direction, that should work.
El 19/12/10 20:23, Les Mikesell escribió:
On 12/19/10 12:15 PM, Jose Maria Terry Jimenez wrote:
First make sure that you can ping/access those 'other' services from the centos box with 2 nics. It should source from the .236 interface and 'just work'. If not, you have firewalls or something else blocking traffic. When you route other traffic from the .1 network, the destination machines need some reason to send the return packets to the 192.168.236.74 address. You can either add the route to every machine or on the router that is currently their default router.
Thank you Les,
Yes, i can ping/access those 'other' services from the CentOS box with 2 NICs.
I understand that i need, for example in a networked printer in 236. network a 'return' route. I definitely have no access to configure network on every machine in the 236 network (only a few), nor the router...
This can't be solved any other way?
The only other way to get the packets to return to the right place would be to use iptables to NAT routed packets to the 192.168.236.74 interface. If you only need to establish connections in one direction, that should work.
Thanks,
Yes, mainly i need to connect from 1. to 236., so i'll look at that solution.
Best,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.95.2/12415 - Sun Dec 19 04:26:57 2010 by Markus Madlener @ http://www.copfilter.org
Hello Jose,
from the picture you provided the situation looks pretty simple.
- you have enabled IP forwarding on router, I recommend you to put it into /etc/sysctl.conf for persistence.
- you have configured firewall rules on router to allow forwarding traffic from left to right subnet. You can also try to set up ACCEPT policy just for testing.
- the default gateway for left subnet is 192.168.1.1 (you mentioned router for Internet access). Correct me if I'm wrong.
- the default gateway for right subnet I assume is 192.168.236.74. You don't have to do anything with routing here. Every host in right subnet knows where to send replies.
- the problem seems to be missing routing information in left subnet. Hosts don't know anything about the right subnet and thus send requests to the default gateway 192.168.1.1.
- modifying routing table on every host in left subnet can be solution in case, if there is only a few hosts which need to access right subnet
- if you need to have fully accessible subnets, put the static route to default gateway 192.168.1.1 to redirect requests to proper gateway. If it is Linux gateway, try something like this
[root@default-gw]# ip route add 192.168.236.0/24 via 192.168.236.74
Regards
Andrej
Jose Maria Terry Jimenez wrote:
I have a CentOS 5.5 machine with 2 nics each one configured to work in one of the nets. The CentOS also uses a router for Internet access that is 192.168.1.1.
192.168.1.0/24 >-----192.168.1.100--[CentOS Machine]--192.168.236.74 --------< 192.168.236.0/24
Andrej Moravcik escribió:
Hello Jose,
from the picture you provided the situation looks pretty simple.
- you have enabled IP forwarding on router, I recommend you to put it
into /etc/sysctl.conf for persistence.
- you have configured firewall rules on router to allow forwarding
traffic from left to right subnet. You can also try to set up ACCEPT policy just for testing.
- the default gateway for left subnet is 192.168.1.1 (you mentioned
router for Internet access). Correct me if I'm wrong.
- the default gateway for right subnet I assume is 192.168.236.74. You
don't have to do anything with routing here. Every host in right subnet knows where to send replies.
- the problem seems to be missing routing information in left subnet.
Hosts don't know anything about the right subnet and thus send requests to the default gateway 192.168.1.1.
- modifying routing table on every host in left subnet can be solution
in case, if there is only a few hosts which need to access right subnet
- if you need to have fully accessible subnets, put the static route to
default gateway 192.168.1.1 to redirect requests to proper gateway. If it is Linux gateway, try something like this
[root@default-gw]# ip route add 192.168.236.0/24 via 192.168.236.74
Regards
Andrej
Jose Maria Terry Jimenez wrote:
I have a CentOS 5.5 machine with 2 nics each one configured to work in one of the nets. The CentOS also uses a router for Internet access that is 192.168.1.1.
192.168.1.0/24 >-----192.168.1.100--[CentOS Machine]--192.168.236.74 --------< 192.168.236.0/24
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thank you very much, Andrej.
Today i couldn't test this, but default gateway for right subnet is 192.168.236.21 and i can't change anything in that router and many machines of that network, i only admin a few there.
Best,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.95.2/12419 - Mon Dec 20 17:17:01 2010 by Markus Madlener @ http://www.copfilter.org
-
Andrej Moravcik -
Jose Maria Terry Jimenez -
Les Mikesell -
Michel van Deventer