| View previous topic :: View next topic |
| Author |
Message |
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
 Posted: Tue Nov 07, 2006 8:54 pm Post subject: [SOLVED]Static Route Problem |
 |
|
Hello all,
I have situation and could really use some assistance ... allow me to elaborate:
My computer on "Network A" has to communicate to other computers on Network B. It does this through "Gentoo Box 1" which has a static route to "Gentoo Box2" which in turn has a direct connection (via eth1) to access "Network B". its probably easier if I draw a diagram to furrther explain:
Mask Values:
Network A : 255.255.255.0
Network B: 255.255.255.192
| Code: |
internet <------------------> "GentooBox1"
[WAN] |[192.168.22.48]
|
|
| [192.168.22.223](gateway192.168.22.48)
| <----------"Network A computer"
|
|
| [192.168.22.209]
"GentooBox2"
| [192.168.33.193]
|
|
| [192.168.33.194]
<---------------------------> "Network B computer'
|
*****************************************
To make things simple my Netrwork A computer has its gateway set to "GentooBox1" and as you have probably guessed, my "Network A" computers are not able to communicate to my Network B computers. Does anybody have a clue as to what may be my problem?? ... really I am at the early "brain-storming" stage .. so any ideas may help. I just don't want to have to manually set a static route on each computer in "Network A" (I mean I really don't think thats the most practical solution). I was told to look up a "sysctrl.conf" file ... I don't know what that file governs ... don't even know if thats the right course of action, but I will investigate it in the mean time.
Thanks for your help in advance
Take Care
Last edited by NiceGuy on Fri Nov 17, 2006 9:20 pm; edited 14 times in total |
|
| Back to top |
|
 |
Hagar
Guru
Joined: 11 Feb 2003
Posts: 445
|
| Posted: Tue Nov 07, 2006 9:39 pm Post subject: |
|
|
You'll need to specify additional routes on "GentooBox1/2" so they know where to send traffic destined for other networks.
So for GentooBox1 it'll be something like:
| Code: | routes_NETWORK_A_INTERFACE=(
"default via INTERNET_IP"
"NETWORK_B via 10.0.1.201"
"NETWORK_C via 10.0.1.201"
) |
I might not be exactly correct, but that's the general idea. |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Tue Nov 07, 2006 9:43 pm Post subject: |
|
|
Hello Hagar,
Question:
Just for clarity ... is the modification you suggested done in the /etc/conf.d/net file?
Thanks for your help .. I'll keep the post updated on how it goes
Take Care |
|
| Back to top |
|
|
Hagar
Guru
Joined: 11 Feb 2003
Posts: 445
|
| Posted: Tue Nov 07, 2006 9:45 pm Post subject: |
|
|
| Oh sorry, yes it is. |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Tue Nov 07, 2006 10:22 pm Post subject: |
|
|
Hello again,
I have just changed my network setup to be less congested and perhaps easier to visualize ... I figure this should isolatre the problem ... Anyhow, I have modified the diagram above (please review it) as it now reflects the new network setup. My goal now is to simply get a computer on Network A to be able to ping another computer and Network B. I have configured my GentooBox1 /etc/conf.d/net file accordingly, but still I can't ping a computer on Netowrk B from a computer on Network A.
Attempting ping 172.26.2.100 ... from Network A computer 10.0.1.200 fails
There must be something I'm missing in GentooBox1 because it can has no problem pinging Network A and Network B (obviuosly its directly connected)... but it does not redirect Network A traffic request to Network B.
Still hoping for a solution
Take Care |
|
| Back to top |
|
|
Hagar
Guru
Joined: 11 Feb 2003
Posts: 445
|
|
| Back to top |
|
|
RAPHEAD
Tux's lil' helper
Joined: 20 Jun 2003
Posts: 134
Location: Germany
|
| Posted: Tue Nov 07, 2006 11:23 pm Post subject: |
|
|
Try to enable IP forwarding like this:
| Code: |
# nano /etc/sysctl.conf
Fügen Sie die folgende Zeilen hinzu oder entfernen Sie die Kommentare:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
|
and reboot |
|
| Back to top |
|
|
makenoob
Apprentice
Joined: 19 Aug 2004
Posts: 272
Location: /Germany/Düsseldorf
|
| Posted: Wed Nov 08, 2006 9:52 am Post subject: |
|
|
| you did enable the whole ip-forwarding etc. bunch in your kernel? the computers on network B have as default gw the gentoo-box, too, so that the packets are going back to the network A? |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Wed Nov 08, 2006 2:49 pm Post subject: |
|
|
Hello again,
Here is the output of my route - n for GentooBox1:
*************************************************************
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.33.192 192.168.22.209 255.255.255.192 UG 0 0 0 eth1
192.168.22.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
**************************************************************
I did enable ip-forwarding in the GentooBox1 /etc/sysctl.conf, but still no traffic from Network A is being forwarded to Network B. I'm pretty sure this scenario fixable, I mean I can only imagine it is. I plan on reading those articles posted above, hopefully they will help, regardless I'll continue to keep the post updated.
Thanks again
[edit] p.s -> I really apologize for all the changes I made to network configuration.
Last edited by NiceGuy on Wed Nov 08, 2006 6:01 pm; edited 1 time in total |
|
| Back to top |
|
|
RAPHEAD
Tux's lil' helper
Joined: 20 Jun 2003
Posts: 134
Location: Germany
|
| Posted: Wed Nov 08, 2006 5:23 pm Post subject: |
|
|
This output does not match yout picture above!
Make sure that on GentooBox1 you only have interfaces in the x.22.x network and not in the 33! |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Wed Nov 08, 2006 6:06 pm Post subject: |
|
|
Hello,
I performed another /sbin/route -n just to verify I did not copy it down incorrectly, and the result is the same. I additonallly verified my network setup ... and it appears accurrate. What is it that seems incorrect? Maybe I can verify.
Thanks again |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Wed Nov 08, 2006 9:34 pm Post subject: |
|
|
make sure you have routing enabled on gentoobox2
| Code: | cat /proc/sys/net/ipv4/ip_forward
1 |
If the command returns 0 you need to
| Code: | | echo 1 > /proc/sys/net/ipv4/ip_forward |
Do the following
1. from gentoobox1 ping the 22.209 interface on gentoobox2
2. from gentoobox1 ping the 33.193 interface on gentoobox2
3. from gentoobox1 ping the 33.194 interface on the network B computer
4. from the network A computer ping the network B computer
let us know how far you get.
Make sure that the network B computer is set to use the 33.193 interface on gentoobox2 as its default gateway |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Thu Nov 09, 2006 6:13 pm Post subject: |
|
|
Hello,
Here is some more information from sysctl.conf for both boxes:
/************************************j*******
Gentoo Box 1 -- in NAT mode
*******************************************/ | Code: |
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.secure_redirects = 1
|
/**********************************************
Gentoo Box 2 -- In Route Mode
***********************************************/ | Code: |
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.secure_redirects = 1
|
************************************************************
So they are set up the same (except Gentoo Box1 is in NAT and Gentoo Box2 is in Route mode)
Also after doing the following, I get these results:
| Code: |
1. from gentoobox1 ping the 22.209 interface on gentoobox2 --- OKAY
2. from gentoobox1 ping the 33.193 interface on gentoobox2 --- OKAY
3. from the network A computer ping 33.193 interface on gentooBox2 --- No response
|
**********************
Now, I actually expected 1,2 to work okay since I added a static route on GentooBox1 so it can find the 192.168.33.192 network (which is just simply one of the interfaces on the 192.168.22.209 machine, anyhow). I just don't think it is necessary to add static route to each on my Network A computer, I'd rather have them to contiue to use GentooBox1 as their gateway. Then "ideally" have GentooBox1 find the 192.168.33.192 Network for them.
Anyway, I'm sure there's a solution (or bug in my setup) .. somewhere.
Thanks again |
|
| Back to top |
|
|
Mousee
Apprentice
Joined: 29 Mar 2004
Posts: 291
Location: Illinois, USA
|
| Posted: Thu Nov 09, 2006 9:27 pm Post subject: |
|
|
Do you really need such routing?
I mean.. unless there's a reason for routing specifically (ie. blocking clients from network B from accessing network A, etc etc), you could just as easily setup the proper subnet mask for your configuration.
As an example, my network range at home is 192.168.0.0 - 192.168.7.255, and thus I have a subnet mask of 255.255.248.0, my broadcast is 192.168.7.255, and the default route points to 192.168.0.1 (my router).
Unless you actually need the routing, then that method is the fastest/most simple setup. |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Thu Nov 09, 2006 9:59 pm Post subject: |
|
|
Hello,
Unfortunetly its a necessary setup, to be honest this is onty a protion of the entire setup ... but it is the portion that is not working correctly right now (in isolation) and the only portion that needs correcting... regardless with this setup presented ..... I do absolutely still want Network A to be able to reach Netrwork B and vice-versa, but each from their respective default gateway (GentooBox1 for Network A clients and GentooBox2 for Network B clients).
The communication would propagate as follows:
| Code: | (static)
Network A client ------> GentooBox1 --------------> GentooBox2-------->Network B client
|
I'm sure this can be done, but I will be the first to admit that I may be missing something here .... I've been looking at this for soo long, don't know if I see the problem anymore.
Thanks again. |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Fri Nov 17, 2006 9:20 pm Post subject: |
|
|
Hello,
I am posting this to complete the post .. that is this problem has been solved:
Steps for Solution
** The key here to getting my 2 GentooBoxes (1 & 2) to communicate was simply by properly configuring some config files.
********************************************************************************************************
# /etc/sysctl.conf for GentooBox 1 & 2 -- the machines basically acting as the routers
********************************************************************************************************
| Code: | ## Enabled Kernel Parameters ##
# Forwarding
net.ipv4.conf.all.forwarding = 1
# Source Route Verification
net.ipv4.conf.default.rp_filter = 1
# Reverse Path
net.ipv4.conf.all.rp_filter = 1
# ICMP Redirect-Acceptance
net.ipv4.conf.all.accept_redirects = 1
# ICMP Redirect-Sending
net.ipv4.conf.all.send_redirects = 1
# Secure Redirects
net.ipv4.conf.all.secure_redirects = 1
|
**********************************************************
# /etc/sysctl.conf for Client Machines
**********************************************************
| Code: | ## Enabled Kernel Parameters ##
# Forwarding
net.ipv4.conf.all.forwarding = 0
# Source Route Verification
net.ipv4.conf.default.rp_filter = 1
# Reverse Path
net.ipv4.conf.all.rp_filter = 1
# ICMP Redirect-Acceptance
net.ipv4.conf.all.accept_redirects = 1
# ICMP Redirect-Sending
net.ipv4.conf.all.send_redirects = 0
# Secure Redirects
net.ipv4.conf.all.secure_redirects = 1
|
To sum it up .. there is a net.ipv4.conf.all.send_redirects kernel parameter that exisits and needed to be enabled (set to 1).. once that was .. I already had the net.ipv4.conf.all.accept_redirects in my /etc/sysctl.conf. Each parameter is pretty straight forward. To summarize ... my two Gentoo Boxes need to be able to generate the redirects ... while equivalently my clients in both Network A and Network B need to accept them when they are sent.
Thanks again
Take Care |
|
| Back to top |
|
|
|
Networking & Security
