On Sunday 11 April 2004 3:00 am, Jee J.Z. wrote:
> > Here's what I think is going on:
> >
> > PC1 has a simple routing table saying "network 144.32.xxx.0/23 is on
> > eth0, and the deafult gateway is 144.32.xxx.yyy". That means if you
> > ping 192.168.0.2 from PC1 it will send the packets to the default gateway
> > :(
>
> Oh, sorry to get you confused. I am not trying to ping from PC1 to PC3.
Ah, I read your first posting which said "I am trying to send packets from PC1
to PC3, via PC1/eth0 (global IP) --> PC2/eth0 (global IP) --> PC2/eth1
(192.168.0.1) --> PC3/eth1 (192.168.0.2)" and assumed that this was what you
were testing right now and having problems with.
I now see that later on in that first posting you did say "Currently I fail to
ping from PC3 to PC2/eth1 (192.168.0.1)", so I guess I should have started
with the simple stuff first :)
> I am trying to ping from PC2 to PC3 or from PC3 to PC2 to test their
> connectivity (between PC2 and PC3). Besides the routing table, I am also
> considering whether my configurations for setting up two NICs on one box
> are problematic or not at this moment.
Er, well, there's not much you can get wrong with that? Let's go over a few
basics:
1. Each NIC on one box has an IP address in a different subnet (correct,
according to your first posting).
2. The routing table on each box tells it how to get to each subnet, as well
as a default route (correct, according to your second posting).
3. The two NICs are connected with a crossover CAT5 cable, or straight-through
cables and a hub/switch (?).
4. There are no netfilter rules on either machine dropping packets or
redirecting them elsewhere (?).
If you can't ping between PC2 and PC3, how about from PC2 to PC1, or from PC1
to PC3? (using their public addresses this time, since PC1 doesn't know how
to route to the private addresses)
> Your descriptions above make sense. And right, I will do filtering and nat
> on PC2 after I sort the current problem out. Once I set up filter and nat
> on PC2, PC1 does not need "route add -net 192.168.0.0 netmask 255.255.255.0
> gw 144.32.xxx.b " any more, and PC1 should not know there is a 192.168.0.0
> network behind PC2, right?
That depends on what NAT you set up on PC2 (and the simplest way to understand
what I mean here is "what address would PC1 ping in order to contact PC3?").
> > However, I still remain puzzled about why you have this crazy setup in
> > the first place, and what you're trying to achieve by sending pings from
> > PC1 to PC3 via PC2, so add the routing table entry to PC1, check whether
> > a ping works (with all the cables plugged in, so all the paths shown on
> > your original diagram are available), and then try to explain to us why
> > you are doing things this way and what you want to achieve.
>
> OK, I am trying to set up a simple firewall (just do filtering and nat)
> between PC3 and the outside world. PC2 is where the firewall locates. And
> PC1 is just a traffic sender for testing after the firewall is built up.
In that case, unplug PC3/eth0 -> switch, remove the IP address from PC3/eth0,
and set the default gateway for PC3s routing table to 192.168.0.1
If you intend PC3 to communicate with the world through PC2, set it up like
that in the first place (even though you may not be able to communicate with
much of the world beyond your Internet router until you get some NAT running
on PC2) because otherwise the routing table on PC3 is just going to confuse
matters.
See if you can confirm points 3 and 4 above, and perhaps check out the
paragraph after point 4, and see where that gets you.
Regards,
Antony.
--
"Reports that say that something hasn't happened are always interesting to me,
because as we know, there are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say we know there are some
things we do not know. But there are also unknown unknowns - the ones we
don't know we don't know."
- Donald Rumsfeld, US Secretary of Defence
Please reply to the list;
please don't CC me.
