Thanks for the suggestions. I noticed that traceroute just gives me a timeout on the first hop (the local gateway). In a similar test on the working machine, the local gateway responds perfectly well. Same result is given with "lft" tracing agent. Furthermore, in a frenzy to try to correct this problem, I ended up removing iptables/ipchains from the server. I won't be able to try your suggestions now... but I spoke to the hosting company and they suggested that I should request a Firewall change on their security appliance. I think that there was a configuration change on their firewall, that's going to be handled later, for now there's not much I can do. Thanks again, Eduard > I'll take a stab at this . . . > > Try a traceroute to your ISP's DNS server or even the ISP's gateway to > you. (This is the next hop beyond your onsite gateway to the world.) > This will tell you what interface your stuff chooses when you want to > go out to the public Internet. Also check your firewall rules on this > box (iptables -L -v -n) to see if you're blocking anything. And also > look to see if you have any alternate routing tables going on (ip rule > list and stuff like that). > > - Greg Scott > > > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] > On Behalf Of eduard@xxxxxxxxxxxx > Sent: Friday, January 30, 2004 3:06 AM > To: lartc@xxxxxxxxxxxxxxx > Cc: eduard@xxxxxxxxxxxx > Subject: Multihome routing question > > > Hello, > > I am new to network routing and I need help configuring a linux box > with two ethernet cards. In this case it's a Linux RH 7.3 box, in a > cabinet that already has a couple of Windows servers. The Windows > server routing is below as an example. > > The Linux box has an out-of-band interface at 10.130.36.38 and a public > eth at 62.50.8.84. I had to add a route for the private interface so I > could access its ports. However, since I did that, the Linux box cannot > access the internet. The incoming requests to 62.50.8.84 are fine, I > can hit the web service fine, but the net is not visible from the linux > box. I think it's just a matter of adding a route but am not sure how. > > Interestingly enough I can ping the outside machines but cannot browse > over the net. I remember that this worked fine before I added the route > to the private interface, so it must be a routing problem and not some > other issue. > > The Linux routing table: > > [root@sylvester root]# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 62.50.8.80 0.0.0.0 255.255.255.248 U 0 0 0 > eth0 > 10.130.36.32 0.0.0.0 255.255.255.240 U 0 0 0 > eth1 > 172.17.1.0 10.130.36.34 255.255.255.240 UG 0 0 0 > eth1 > 10.0.0.0 10.130.36.33 255.0.0.0 UG 0 0 0 > eth1 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 > lo > 0.0.0.0 62.50.8.81 0.0.0.0 UG 0 0 0 > eth0 > > [root@sylvester root]# ip route > 62.50.8.80/29 dev eth0 scope link > 10.130.36.32/28 dev eth1 scope link > 172.17.1.0/28 via 10.130.36.34 dev eth1 > 10.0.0.0/8 via 10.130.36.33 dev eth1 > 127.0.0.0/8 dev lo scope link > default via 62.50.8.81 dev eth0 > > > The Windows server routing, which works fine: > > [c:\4nt]route PRINT > ======================================================================== > === > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter 0x1000004 > ...00 0b cd 1c 99 84 ...... Compaq NC7780 Gigabit Server Adapter > 0x1000005 ...00 0b cd 1c 96 95 ...... Compaq NC7780 Gigabit Server > Adapter > ======================================================================== > === > > ======================================================================== > === > Active Routes: > Network Destination Netmask Gateway Interface > Metric > 0.0.0.0 0.0.0.0 62.50.8.81 62.50.8.83 > 1 > 10.0.0.0 255.0.0.0 10.130.36.33 10.130.36.36 > 1 > 10.130.36.32 255.255.255.240 10.130.36.36 10.130.36.36 > 1 10.130.36.36 255.255.255.255 127.0.0.1 127.0.0.1 > 1 > 10.255.255.255 255.255.255.255 10.130.36.36 10.130.36.36 > 1 > 62.50.0.221 255.255.255.255 10.130.36.33 10.130.36.36 > 1 62.50.0.222 255.255.255.255 10.130.36.33 10.130.36.36 1 > 62.50.8.80 255.255.255.248 62.50.8.83 62.50.8.83 > 1 62.50.8.83 255.255.255.255 127.0.0.1 127.0.0.1 1 > 62.255.255.255 255.255.255.255 62.50.8.83 62.50.8.83 > 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 > 1 > 172.17.1.0 255.255.255.240 10.130.36.34 10.130.36.36 > 1 > 224.0.0.0 224.0.0.0 10.130.36.36 10.130.36.36 > 1 224.0.0.0 224.0.0.0 62.50.8.83 62.50.8.83 1 > 255.255.255.255 255.255.255.255 62.50.8.83 2 > 1 > Default Gateway: 62.50.8.81 > ======================================================================== > === > Persistent Routes: > Network Address Netmask Gateway Address Metric > 10.0.0.0 255.0.0.0 10.130.36.33 1 > 62.50.0.221 255.255.255.255 10.130.36.33 1 > 62.50.0.222 255.255.255.255 10.130.36.33 1 > 172.17.1.0 255.255.255.240 10.130.36.34 1 > > Any help would be appreciated. > Eduard > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/