Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 31st August 2006, 04:31
jkane1517 jkane1517 is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Multiple Segment Router Setup - Not forwarding Packets

Hi I was wondering if foks would be willing to take a look a setup I am working on for a multi-segment (sub network) router that I am setting up. I've worked on this for a while now and am still stumped even after much internet research. Essentially I want to be able to have a few networks running through the router and be able to give internet access to most of them (except for a few that I want to set up as testing or experimental networks). My internet connection is up and firewall allows for internet access from everything getting a IP from the Firewall DHCP server. The computer Iím on now is plugged directly into the firewall and getting and IP from it but eventually Iíd like to move this computer onto one of the networks serviced by the main router. Iíve included most of what I hope is relevant config info to allow for diagnostics. The main problem is that nothing plugged into networks serviced off the <main router> can get to the internet or even past the router to things like the firewall or external-router. The main router itself can get to the internet just not the other nics serving other networks off the router.

I think that the problem is probably that the main router is not currently forwarding packets as I can ping the gateway NIC of the router from outside the router and I can ping the LAN side of the router and sub networks when logged into the main router itself.

Also Iíve wondered if itís a problem with my routing table on the main router as I am suspicious of not having a entry that explicitly names 192.168.2.2 but I am not sure here. Basically, while everything getting an IP address from the <Firewall> 192.168.2.0 is working to connect the internet, routing is not working on the Main Router. However, I can set up IP addresses that the router can talk to on its physical eth interfaces. For instance, things on eth1 192.168.10.0 can ping hosts on that address and also eth0 but nothing else. Iíve tried to layout the configuration info and some basic testing and diagnostic. I realize that is a bit lengthy but I figured if Iím going to ask for help I should try to get you the info that would be meaningful in diagnostics (a bit more then just help, its broken I hope).

I have a sinking feeling that I'm missing the obvious but I haven't been able to get this to work.

Thanks,
JLK

Basic Network Schematic


<Internet>
|
|
<Cable Modem>
69.204.138.0
|
|
<Edge Router>
(an SMC gateway router)
WAN IP: 69.204.138.7
LAN IP: 192.168.1.1 (running DHCP Server)
|
|
<Firewall> guardian.minvera.local
WAN IP: 192.168.1.177
LAN: 192.168.2.1 (DHCP Server)
|
|
<main router> xroads.minveral.local
5 Nics installed
Eth0: 192.168.2.2
Eth1:192.168.10.1
|
|
LAPTOP Testing Client
192.168.10.10
NOTE: The Laptop client can ping itself, eth0 and eth1 on the router but nothing else. Nothing else on 192.168.2.0 (such as another computer at 192.168.2.200), the <Firewall> at 192.168.2.1 or anything else towards the internet or on the internet itself.


With the main router, I have debian sarge installed. The following Ethernet adapters physically installed:
eth0
Eth1
Eth2
Eth3
Eth4

I have been able to attach a laptop and bring up each adapter and get a small network running on each network. Eventually I want to have

Eth0 192.168.2.2 as Default Gateway to the internet
Eth1 192.168.10.0
Eth2 192.168.20.0
Eth3 192.168.30.0
Eth4 192.168.40.0

On the <Main Router> xroads I have the following for the ifconfig:

eth0 Link encap:Ethernet HWaddr 00:A0:C9:B7:10:55
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2574 errors:0 dropped:0 overruns:0 frame:0
TX packets:2310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:324812 (317.1 KiB) TX bytes:262564 (256.4 KiB)
Interrupt:9 Base address:0xdc00 Memory:ed9ff000-ed9ff038


eth1 Link encap:Ethernet HWaddr 00:A0:C97:45:8A
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1115 errors:61 dropped:0 overruns:0 frame:61
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:124769 (121.8 KiB) TX bytes:5748 (5.6 KiB)
Interrupt:11 Base address:0xda00 Memory:ed9fe000-ed9fe038

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2072 (2.0 KiB) TX bytes:2072 (2.0 KiB)


My routing Table looks like:

xroads:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth1
default guardian.minver 0.0.0.0 UG 0 0 0 eth0


Same with no name resolution:

xroads:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

When logged into xroads, the main router I can ping a laptop setup with the ip address 192.168.10.10:

xroads:~# ping -c2 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.043 ms

--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.043/0.062/0.082/0.021 ms

xroads:~# ping -c2 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=128 time=0.443 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=128 time=0.405 ms

--- 192.168.10.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.405/0.424/0.443/0.019 ms
xroads:~# ping -c2 google.com

PING google.com (72.14.207.99) 56(84) bytes of data.
64 bytes from 72.14.207.99: icmp_seq=1 ttl=235 time=43.5 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=235 time=41.1 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 41.171/42.362/43.553/1.191 ms


Here however is the key. When I am using the laptop plugged into eth1 on the router, I can ping the following IP addresses:
192.168.10.1 (of course since the laptop IP address is 192.168.10.10)

I can also ping 192.168.2.2 from the laptop, the IP of eth0.

I can not however ping 192.168.2.1 from the laptop the IP address of the <firewall>
(but I can ping it from other computers plugged directly into the firewall and also on the internet including the main router)

And I canít ping anything on the internet from the router. So it would seem that anything plugged into the firewall (192.168.2.0) network is working as it should. And things plugged into the router are working but the <main router> isnít forwarding packets from its internal cards (eth 1 etc) on to the internet.

Oh yes, I also ran:
xroads:~# cat /proc/sys/net/ipv4/ip_forward

When I run:
xroads:~# cat /proc/sys/net/ipv4/ip_forward
1


So I believe that forwarding should be running. I havenít messed with Ipchains or IPtables but thatís because mostly Iím used to setting that up for NAT but what Iím doing really isnít nat even though private IP address space is being used.

If you would be willing and able to provide any insight that would be very helpful.

Thanks,
JL Kane
Reply With Quote
Sponsored Links
  #2  
Old 1st September 2006, 17:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: LŁneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

I think the problem is that you use two routers (with NAT). NATting works only with one router, not with more...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd September 2006, 20:42
jkane1517 jkane1517 is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Routing Issue

Thanks for the reply, however, I think this is a basic routing problem.

Essentially the issue is that I can't ping 192.168.2.200 when logged into 192.168.10.10

Both these systems are on networks connected to the router at 192.168.2.2 and 192.168.10.1 respectively. The router can ping everything and when I am logged into 192.168.2.200 I can ping 192.168.10.10.

The problem is though, when I am logged into 192.168.10.10 I can't ping 192.168.2.200.

JLK
Reply With Quote
  #4  
Old 4th September 2006, 00:50
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: LŁneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

What's the output of
Code:
ifconfig
,
Code:
route -nee
, and
Code:
iptables -L
on xroads.minveral.local?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 3rd August 2010, 20:48
HaydenHarnet HaydenHarnet is offline
Junior Member
 
Join Date: Jul 2010
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Default

plz let us know the solution if you have solved the problem
Quote:
Originally Posted by jkane1517 View Post
Thanks for the reply, however, I think this is a basic routing problem.

Essentially the issue is that I can't ping 192.168.2.200 when logged into 192.168.10.10 with my Linksys E2000 or WZR G300NH

Both these systems are on networks connected to the router at 192.168.2.2 and 192.168.10.1 respectively. The router can ping everything and when I am logged into 192.168.2.200 I can ping 192.168.10.10.

The problem is though, when I am logged into 192.168.10.10 I can't ping 192.168.2.200.

JLK
__________________
detailed reviews for wireless routers:wireless router reviews
boost router signal:Boosting Signal For Wireless Router
Best Wireless N Router Best Wireless N Router
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 23:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.