From: S Vertigan on 9 Feb 2010 09:35 I have a fedora server with eth0 on a 178.18.10.0/24 local network with an internet gateway of 172.18.10.254 and eth1 is on another local network of 192.168.242.0/24. All traffic from the second network is NAT'd and the PCs have 192.168.242.110 (eth1's IP addr) as their gateway. These machines can ping addresses on the internet but they can't reach any IP's on eth0's network except for eth0 (172.18.10.2) itself. I assume there's a tweak with route would fix this but I've tried route add -net 172.18.10.0 eth0 but that route was already in there. I only need one host (172.18.10.1) to be reachable from the other network so maybe something like route add -host 172.18.10.1 gw 192.168.242.110 except that would surely be wrong from the servers perspective. Any ideas?
From: David Schwartz on 9 Feb 2010 10:24 On Feb 9, 6:35 am, S Vertigan <steve-n...(a)vertigan.wattle.id.au> wrote: > I have a fedora server with eth0 on a 178.18.10.0/24 local network with > an internet gateway of 172.18.10.254 and eth1 is on another local network > of 192.168.242.0/24. All traffic from the second network is NAT'd and > the PCs have 192.168.242.110 (eth1's IP addr) as their gateway. These > machines can ping addresses on the internet but they can't reach any IP's > on eth0's network except for eth0 (172.18.10.2) itself. Does their gateway know how to reach those machines? > I assume there's a tweak with route would fix this but I've tried > route add -net 172.18.10.0 eth0 > but that route was already in there. I only need one host (172.18.10.1) > to be reachable from the other network so maybe something like > route add -host 172.18.10.1 gw 192.168.242.110 > except that would surely be wrong from the servers perspective. Any ideas? Troubleshoot. "I can't ping" doesn't narrow down the problem. Do the ping packets go out? What machine are they addressed to? Do they get to the destination machine? Where does the destination machine send its ping replies? Does that machine know how to reach the original source? And so on. DS
From: Tauno Voipio on 9 Feb 2010 12:35 David Schwartz wrote: > On Feb 9, 6:35 am, S Vertigan <steve-n...(a)vertigan.wattle.id.au> > wrote: > >> I have a fedora server with eth0 on a 178.18.10.0/24 local network with >> an internet gateway of 172.18.10.254 and eth1 is on another local network >> of 192.168.242.0/24. All traffic from the second network is NAT'd and >> the PCs have 192.168.242.110 (eth1's IP addr) as their gateway. These >> machines can ping addresses on the internet but they can't reach any IP's >> on eth0's network except for eth0 (172.18.10.2) itself. > > Does their gateway know how to reach those machines? > >> I assume there's a tweak with route would fix this but I've tried >> route add -net 172.18.10.0 eth0 >> but that route was already in there. I only need one host (172.18.10.1) >> to be reachable from the other network so maybe something like >> route add -host 172.18.10.1 gw 192.168.242.110 >> except that would surely be wrong from the servers perspective. Any ideas? > > Troubleshoot. "I can't ping" doesn't narrow down the problem. Do the > ping packets go out? What machine are they addressed to? Do they get > to the destination machine? Where does the destination machine send > its ping replies? Does that machine know how to reach the original > source? And so on. > > DS You have to tweak the NAT rules so that the destination to 172.18.10.0/24 is excepted from the NAT. (I hope that the 178.18.10.0/24 address above is a typo). -- Tauno Voipio
From: Bill Marcum on 9 Feb 2010 12:40 On 2010-02-09, S Vertigan <steve-news(a)vertigan.wattle.id.au> wrote: > I have a fedora server with eth0 on a 178.18.10.0/24 local network with > an internet gateway of 172.18.10.254 and eth1 is on another local network > of 192.168.242.0/24. All traffic from the second network is NAT'd and > the PCs have 192.168.242.110 (eth1's IP addr) as their gateway. These > machines can ping addresses on the internet but they can't reach any IP's > on eth0's network except for eth0 (172.18.10.2) itself. > > I assume there's a tweak with route would fix this but I've tried > route add -net 172.18.10.0 eth0 > but that route was already in there. I only need one host (172.18.10.1) > to be reachable from the other network so maybe something like > route add -host 172.18.10.1 gw 192.168.242.110 > except that would surely be wrong from the servers perspective. Any ideas? > The server needs to know how to reach the 192.168 lan. route add -net 192.168.242.0/24 gw 172.18.10.2
From: Moe Trin on 9 Feb 2010 14:49 On Tue, 09 Feb 2010, in the Usenet newsgroup comp.os.linux.networking, in article <j7adndQ4pvRU7-zWnZ2dnUVZ_j5i4p2d(a)westnet.com.au>, S Vertigan wrote: >I have a fedora server with eth0 on a 178.18.10.0/24 local network >with an internet gateway of 172.18.10.254 and eth1 is on another >local network of 192.168.242.0/24. .... OK, typ0 - >All traffic from the second network is NAT'd and the PCs have >192.168.242.110 (eth1's IP addr) as their gateway. These machines >can ping addresses on the internet but they can't reach any IP's on >eth0's network except for eth0 (172.18.10.2) itself. Something wrong with the NAT rules - can everyone on 172.18.10.0/24 speak to everyone else on 172.18.10.0/24? >I assume there's a tweak with route would fix this but I've tried >route add -net 172.18.10.0 eth0 >but that route was already in there. All systems on 192.168.242.0/24 will appear on the 172.18.10.0/24 wire as if they were 172.18.10.2 - so other hosts need only talk to 172.18.10.0/24 (192.168.242.0/24 doesn't exist on that wire). Systems on 192.168.242.0/24 can _initiate_ connections to the world, and it will appear that 172.18.10.2 is talking a lot. Systems on 172.18.10.0/24 CAN NOT INITIATE connections to 192.168.242.0/24 because it doesn't exist. All that is there is 172.18.10.2. Now you can set 172.18.10.2 to forward certain ports to specific hosts on 192.168.242.0/24, but 172.18.10.0/24 won't know that the packets are being forwarded. http://www.netfilter.org/documentation/HOWTO/ [TXT] NAT-HOWTO.txt 25-Sep-2008 07:04 25K [TXT] netfilter-double-nat-HOWTO.txt 25-Sep-2008 07:04 9.4K [TXT] networking-concepts-HOWTO.txt 25-Sep-2008 07:04 28K [TXT] packet-filtering-HOWTO.txt 25-Sep-2008 07:04 52K Carefully review the firewall rules (/sbin/iptables -L) Old guy
|
Next
|
Last
Pages: 1 2 Prev: how to zero nfs counters Next: Slow networking between windows and Linux |