Re: network routing.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



why should you need a default-route set MANUALLY?

configure the standrad-gateway which is your router
in the network-configuration and you are done

nobody on this world ever needed the route-command
on a ordinary client and if the client si using DHCP
it would even get the standard-gateway

[root@buildserver:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
TYPE=Ethernet
MODE=Managed
IPADDR=10.0.0.103
NM_CONTROLLED=no
IPV6INIT=no
NETMASK=255.255.255.0
GATEWAY=10.0.0.1
USERCTL=no
MTU=1472

nobody needed to add this route at all

[root@buildserver:~]$ LANG=C; route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0





Am 12.03.2013 05:11, schrieb Gary Artim:
> not sure what you're saying...I just have a default route defined on
> the machine I'd like routed. The router has all the iptables stuff.
> When I type route on the non router it hangs, then after some time
> comes back with the default route to the router and canNOT get beyond
> the subnet. To my knowledge you need to define a default route on
> every machine in the subnet that is using the router, at least that is
> how I've had them setup for the last 15 years and it worked fine.
> 
> to summerize I have 2 machine linked by a single patch cable, one of
> the machine (the linux router) has a second interface to a bigger lan
> on campus.
> the ips: router 192.168.0.1 othermachine 192.168.0.11 (default route
> to 192.168.0.1)
> iptables: router has natted/masq 192.168.0.0 net, othermachine is wide
> open, all iptable rules flushed and accepting everything
> 
> This should work and worked in the passed, must be something I did or
> the router or othermachine is missing some software. Tomorrow I'll try
> tracing the route.
> 
> On Mon, Mar 11, 2013 at 8:31 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>>> client hang on route command
>>
>> what the hell are you doing?
>>
>> the client does not need anything to know about routing
>> your router is the standard-gateway of the clients and
>> has to do anyhting with affeactes NAT/masquerading/routing
>> because that is why it is called router
>>
>> Am 12.03.2013 04:20, schrieb Gary Artim:
>>> I tried postrouting/masquerade in iptables on the router and still the
>>> client hang on route command. Its like the client cant see the router.
>>> But ping works fine in both directions. If I try and ping a known
>>> address on the greater internet, nothing. So there is no route beyond
>>> the subnet of 192.168.0.0. I know its something dumb cause I've done
>>> this 10..12 times before and it aways worked or is working now on some
>>> servers.
>>>
>>> On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>>>> you do NOT need this on the client.
>>>> and it is NOT enough if your machine works as NAT-router
>>>>
>>>> postrouting/masquerade is at least needed
>>>>
>>>> Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes)
>>>>  pkts bytes target     prot opt in     out     source               destination
>>>>    80  7964 MASQUERADE  all  --  *      eth1    192.168.2.0/24       0.0.0.0/0
>>>>
>>>> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>>>>  pkts bytes target     prot opt in     out     source               destination
>>>>    48  2820 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS
>>>> clamp to PMTU
>>>>     0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:0
>>>>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:0
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x17
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x01
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
>>>> ctstate NEW
>>>>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>>>>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>>>>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>>>>     0     0 DROP       all  --  eth1   *       84.113.45.179        0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       0.0.0.0/8            0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       10.0.0.0/8           0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       169.254.0.0/16       0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       172.16.0.0/12        0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       192.0.0.0/24         0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       192.0.2.0/24         0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       192.88.99.0/24       0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       192.168.0.0/16       0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       198.18.0.0/15        0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       198.51.100.0/24      0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       203.0.113.0/24       0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       224.0.0.0/4          0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       240.0.0.0/4          0.0.0.0/0
>>>>     0     0 DROP       all  --  eth1   *       255.255.255.255      0.0.0.0/0
>>>>  8734 4397K ACCEPT     all  --  eth1   br0     0.0.0.0/0            192.168.2.0/24       ctstate RELATED,ESTABLISHED
>>>>  8698 3215K ACCEPT     all  --  br0    eth1    192.168.2.0/24       0.0.0.0/0
>>>>     4  2304 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
>>>>
>>>> Am 12.03.2013 03:07, schrieb Gary Artim:
>>>>> thanks, I forgot to mention I do have this set on both the client and
>>>>> router, still doesnt work. something is fishie, I went home frustrated
>>>>> and used my 2 laptops, one running mint linux, wirelessly, with a
>>>>> ethernet port (as the router) and one running fedora 18 as the client
>>>>> and got it to route -- ie ping yahoo.com. Go figure.
>>>>>
>>>>> On Mon, Mar 11, 2013 at 5:55 PM, zoom itman <rummymobile@xxxxxxxxx> wrote:
>>>>>> On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim <gartim@xxxxxxxxx> wrote:
>>>>>>> I have a problems using a patch cable and trying to route though
>>>>>>> another machine
>>>>>>
>>>>>>
>>>>>> This might help, on the machine doing the forwarding:
>>>>>>
>>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>>>
>>>>>> Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists
>>>>>> over reboots

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux