> The only thing I can think of is to ask how iptables is set up. The iptables are not used (I am not familiar with them, but tried different arrangement and nothing helped). > I think you have iptables doing masquerading to the eth0 interface. > The masquerading shouldn't be the problem. Yes, masquerading is on eth0 and it works ok, Internet access as well both from inside out and from outside to the LAN via VPN (pptpd). But it doesn't work from outside to 172.17.1.50 (or so) analogously... Thank you for your help! > ------------ Původní zpráva ------------ > Od: Rick Sewill <rsewill@xxxxxxxxx> > Předmět: Re: Routing problems > Datum: 18.2.2010 11:03:31 > ---------------------------------------- > On Thu, 2010-02-18 at 07:31 +0100, j.halifax . wrote: > > Hi All, > > > > Could you please help me with routing in the LAN default GW box? > > > > I have > > eth0 connected to Internet > > eth2 to internal LAN 10.255.250.0 > > LAN default GW is 10.255.250.37 > > eth3 connected to other LAN > > > > Route in the default GW (10.255.250.37): > > > > Destination Gateway Genmask Flags Metric Ref Use > Iface > > 192.168.180.0 * 255.255.255.0 U 0 0 > 0 eth3 > > 10.255.250.0 * 255.255.255.0 U 0 0 > 0 eth2 > > link-local * 255.255.0.0 U 1003 0 > 0 eth0 > > link-local * 255.255.0.0 U 1004 0 > 0 eth2 > > link-local * 255.255.0.0 U 1005 0 > 0 eth3 > > 172.17.0.0 192.168.180.100 255.255.0.0 UG 0 0 0 > eth3 > > default dsl-router 0.0.0.0 UG 0 0 > 0 eth0 > > > > >From the LAN default GW (10.255.250.37) > > - I can ping 172.17.1.50: > > PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data. > > 64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=5.62 ms > > 64 bytes from 172.17.1.50: icmp_seq=2 ttl=253 time=3.29 ms > > > > >From other boxes in the same LAN (e.g. 10.255.250.38) > > - I cann't ping 172.17.1.50 > > - I cann't traceroute 172.17.1.50: It goes to LAN default GW > > 10.255.250.37 and then to its default GW dsl-router on eth0 > > instead of eth3 (so that the routing rule for 172.17.0.0 doesn't > > match for 172.17.1.50) > > > > Can anybody help pleasee? > > Thank you so much! > > jh > > > > Your problem has me stumped. > > The only thing I can think of is to ask how iptables is set up. > > I think you have iptables doing masquerading to the eth0 interface. > The masquerading shouldn't be the problem. > > Are you doing anything special with packets coming in eth2 in iptables? > > I assume 10.255.250.38 can ping the Internet so you have routing set up. > > I can't think of anything else to check at this moment. > > Hopefully others will have better suggestions and ideas where to look. > > > > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > > > -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines