> On Sunday 11 April 2004 12:33 am, Jee J.Z. wrote: > > > Hi Antony, > > Thanks for getting the spelling right - lots of people round here don't :) Because I try not to annoy you in the very beginning. :) > > > Look at the routing table of each machine the packets are going through, > > > and then the replies trying to get back again, and see if (a) there is a > > > path, and (b) it makes sense. > > > > Both PC2 and PC3's routing look like: > > Destination Gateway Genmask > > Flags Metric Ref Iface > > 192.168.0.0 0.0.0.0 255.255.255.0 > > U 0 0 eth1 > > 144.32.xxx.0 0.0.0.0 255.255.254.0 > > U 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 > > U 0 0 lo > > 0.0.0.0 144.32.xxx.yyy 0.0.0.0 > > UG 0 0 eth0 > > Okay, I'm assuming that 144.32.xxx.yyy is not the address of PC1 - it's > something else which is connected to your switch - however that's not too > important here. Right. 144.32.xxx.yyy should be a router on the 144.32.xxx.0/24 network. > Here's what I think is going on: > > PC1 has a simple routing table saying "network 144.32.xxx.0/23 is on eth0, and > the deafult gateway is 144.32.xxx.yyy". That means if you ping 192.168.0.2 > from PC1 it will send the packets to the default gateway :( Oh, sorry to get you confused. I am not trying to ping from PC1 to PC3. I am trying to ping from PC2 to PC3 or from PC3 to PC2 to test their connectivity (between PC2 and PC3). Besides the routing table, I am also considering whether my configurations for setting up two NICs on one box are problematic or not at this moment. > Set a network route on PC1 to tell it how to find the 192.168.0.0/24 network, > via PC2 as a router: > > route add -net 192.168.0.0 netmask 255.255.255.0 gw 144.32.xxx.b > > where 144.32.xxx.b is the IP address on PC2/eth0 > > Once you have done that I think the pings will work, however they will not > work the way you would like them to :) > > An echo request packet will come from 144.32.xxx.a (PC1/eth0) to 192.168.0.2 > and get routed (by your new routing table entry on PC1) via 144.32.xxx.b, > where PC2 will decide "192.168.0.2? Oh, that's on my eth1", and will send it > to PC2. > > However, if PC2/eth0 is still operational and plugged in, it will think "I > have to send an echo response packet to 144.32.xxx.a, and that's on this > subnet connected to my eth0", so it will send the reply packet out through > eth0. > > This will actually work for pings, but it's not the way you want TCP packets > to flow (remember that pings are ICMP packets), and it certainly won't work > once you start doing nat on PC2 (which I assume, for some reason, that you do > want to do?). Your descriptions above make sense. And right, I will do filtering and nat on PC2 after I sort the current problem out. Once I set up filter and nat on PC2, PC1 does not need "route add -net 192.168.0.0 netmask 255.255.255.0 gw 144.32.xxx.b " any more, and PC1 should not know there is a 192.168.0.0 network behind PC2, right? > However, I still remain puzzled about why you have this crazy setup in the > first place, and what you're trying to achieve by sending pings from PC1 to > PC3 via PC2, so add the routing table entry to PC1, check whether a ping > works (with all the cables plugged in, so all the paths shown on your > original diagram are available), and then try to explain to us why you are > doing things this way and what you want to achieve. OK, I am trying to set up a simple firewall (just do filtering and nat) between PC3 and the outside world. PC2 is where the firewall locates. And PC1 is just a traffic sender for testing after the firewall is built up. At this moment, the first thing I need to figure out is why the connectivity between PC2/eth1 and PC3/eth1 seems not working. I think the reasons lie in either routing table setup (on PC2 and PC3) or dual NIC configurations. Any suggestions? Many thanks, Jee > Regards, > > Antony. > > -- > If at first you don't succeed, destroy all the evidence that you tried. > > Please reply to the list; > please don't CC me. > > >
