Re: network routing.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

not sure what you're saying...I just have a default route defined on
the machine I'd like routed. The router has all the iptables stuff.
When I type route on the non router it hangs, then after some time
comes back with the default route to the router and canNOT get beyond
the subnet. To my knowledge you need to define a default route on
every machine in the subnet that is using the router, at least that is
how I've had them setup for the last 15 years and it worked fine.

to summerize I have 2 machine linked by a single patch cable, one of
the machine (the linux router) has a second interface to a bigger lan
on campus.
the ips: router 192.168.0.1 othermachine 192.168.0.11 (default route
to 192.168.0.1)
iptables: router has natted/masq 192.168.0.0 net, othermachine is wide
open, all iptable rules flushed and accepting everything

This should work and worked in the passed, must be something I did or
the router or othermachine is missing some software. Tomorrow I'll try
tracing the route.



On Mon, Mar 11, 2013 at 8:31 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>> client hang on route command
>
> what the hell are you doing?
>
> the client does not need anything to know about routing
> your router is the standard-gateway of the clients and
> has to do anyhting with affeactes NAT/masquerading/routing
> because that is why it is called router
>
> Am 12.03.2013 04:20, schrieb Gary Artim:
>> I tried postrouting/masquerade in iptables on the router and still the
>> client hang on route command. Its like the client cant see the router.
>> But ping works fine in both directions. If I try and ping a known
>> address on the greater internet, nothing. So there is no route beyond
>> the subnet of 192.168.0.0. I know its something dumb cause I've done
>> this 10..12 times before and it aways worked or is working now on some
>> servers.
>>
>> On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>>> you do NOT need this on the client.
>>> and it is NOT enough if your machine works as NAT-router
>>>
>>> postrouting/masquerade is at least needed
>>>
>>> Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes)
>>>  pkts bytes target     prot opt in     out     source               destination
>>>    80  7964 MASQUERADE  all  --  *      eth1    192.168.2.0/24       0.0.0.0/0
>>>
>>> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source               destination
>>>    48  2820 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS
>>> clamp to PMTU
>>>     0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:0
>>>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:0
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x17
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x01
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
>>> ctstate NEW
>>>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>>>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>>>     0     0 DROP       all  --  eth1   *       84.113.45.179        0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       0.0.0.0/8            0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       10.0.0.0/8           0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       169.254.0.0/16       0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       172.16.0.0/12        0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       192.0.0.0/24         0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       192.0.2.0/24         0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       192.88.99.0/24       0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       192.168.0.0/16       0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       198.18.0.0/15        0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       198.51.100.0/24      0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       203.0.113.0/24       0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       224.0.0.0/4          0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       240.0.0.0/4          0.0.0.0/0
>>>     0     0 DROP       all  --  eth1   *       255.255.255.255      0.0.0.0/0
>>>  8734 4397K ACCEPT     all  --  eth1   br0     0.0.0.0/0            192.168.2.0/24       ctstate RELATED,ESTABLISHED
>>>  8698 3215K ACCEPT     all  --  br0    eth1    192.168.2.0/24       0.0.0.0/0
>>>     4  2304 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
>>>
>>> Am 12.03.2013 03:07, schrieb Gary Artim:
>>>> thanks, I forgot to mention I do have this set on both the client and
>>>> router, still doesnt work. something is fishie, I went home frustrated
>>>> and used my 2 laptops, one running mint linux, wirelessly, with a
>>>> ethernet port (as the router) and one running fedora 18 as the client
>>>> and got it to route -- ie ping yahoo.com. Go figure.
>>>>
>>>> On Mon, Mar 11, 2013 at 5:55 PM, zoom itman <rummymobile@xxxxxxxxx> wrote:
>>>>> On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim <gartim@xxxxxxxxx> wrote:
>>>>>> I have a problems using a patch cable and trying to route though
>>>>>> another machine
>>>>>
>>>>>
>>>>> This might help, on the machine doing the forwarding:
>>>>>
>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>>
>>>>> Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists
>>>>> over reboots
>>>
>>>
>>> --
>>> users mailing list
>>> users@xxxxxxxxxxxxxxxxxxxxxxx
>>> To unsubscribe or change subscription options:
>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>> Have a question? Ask away: http://ask.fedoraproject.org
>>>
>
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / CISO / Software-Development
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>
>
> --
> users mailing list
> users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux