Hi I was wondering if foks would be willing to take a look a setup I am working on for a multi-segment (sub network) router that I am setting up. I've worked on this for a while now and am still stumped even after much internet research. Essentially I want to be able to have a few networks running through the router and be able to give internet access to most of them (except for a few that I want to set up as testing or experimental networks). My internet connection is up and firewall allows for internet access from everything getting a IP from the Firewall DHCP server. The computer I’m on now is plugged directly into the firewall and getting and IP from it but eventually I’d like to move this computer onto one of the networks serviced by the main router. I’ve included most of what I hope is relevant config info to allow for diagnostics. The main problem is that nothing plugged into networks serviced off the <main router> can get to the internet or even past the router to things like the firewall or external-router. The main router itself can get to the internet just not the other nics serving other networks off the router.
I think that the problem is probably that the main router is not currently forwarding packets as I can ping the gateway NIC of the router from outside the router and I can ping the LAN side of the router and sub networks when logged into the main router itself.
Also I’ve wondered if it’s a problem with my routing table on the main router as I am suspicious of not having a entry that explicitly names 192.168.2.2 but I am not sure here. Basically, while everything getting an IP address from the <Firewall> 192.168.2.0 is working to connect the internet, routing is not working on the Main Router. However, I can set up IP addresses that the router can talk to on its physical eth interfaces. For instance, things on eth1 192.168.10.0 can ping hosts on that address and also eth0 but nothing else. I’ve tried to layout the configuration info and some basic testing and diagnostic. I realize that is a bit lengthy but I figured if I’m going to ask for help I should try to get you the info that would be meaningful in diagnostics (a bit more then just help, its broken I hope).
I have a sinking feeling that I'm missing the obvious but I haven't been able to get this to work.
Thanks,
JLK
Basic Network Schematic
<Internet>
|
|
<Cable Modem>
69.204.138.0
|
|
<Edge Router>
(an SMC gateway router)
WAN IP: 69.204.138.7
LAN IP: 192.168.1.1 (running DHCP Server)
|
|
<Firewall> guardian.minvera.local
WAN IP: 192.168.1.177
LAN: 192.168.2.1 (DHCP Server)
|
|
<main router> xroads.minveral.local
5 Nics installed
Eth0: 192.168.2.2
Eth1:192.168.10.1
|
|
LAPTOP Testing Client
192.168.10.10
NOTE: The Laptop client can ping itself, eth0 and eth1 on the router but nothing else. Nothing else on 192.168.2.0 (such as another computer at 192.168.2.200), the <Firewall> at 192.168.2.1 or anything else towards the internet or on the internet itself.
With the main router, I have debian sarge installed. The following Ethernet adapters physically installed:
eth0
Eth1
Eth2
Eth3
Eth4
I have been able to attach a laptop and bring up each adapter and get a small network running on each network. Eventually I want to have
Eth0 192.168.2.2 as Default Gateway to the internet
Eth1 192.168.10.0
Eth2 192.168.20.0
Eth3 192.168.30.0
Eth4 192.168.40.0
On the <Main Router> xroads I have the following for the ifconfig:
eth0 Link encap:Ethernet HWaddr 00:A0:C9:B7:10:55
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2574 errors:0 dropped:0 overruns:0 frame:0
TX packets:2310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:324812 (317.1 KiB) TX bytes:262564 (256.4 KiB)
Interrupt:9 Base address:0xdc00 Memory:ed9ff000-ed9ff038
eth1 Link encap:Ethernet HWaddr 00:A0:C9
7:45:8A
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1115 errors:61 dropped:0 overruns:0 frame:61
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:124769 (121.8 KiB) TX bytes:5748 (5.6 KiB)
Interrupt:11 Base address:0xda00 Memory:ed9fe000-ed9fe038
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2072 (2.0 KiB) TX bytes:2072 (2.0 KiB)
My routing Table looks like:
xroads:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth1
default guardian.minver 0.0.0.0 UG 0 0 0 eth0
Same with no name resolution:
xroads:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
When logged into xroads, the main router I can ping a laptop setup with the ip address 192.168.10.10:
xroads:~# ping -c2 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.043 ms
--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.043/0.062/0.082/0.021 ms
xroads:~# ping -c2 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=128 time=0.443 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=128 time=0.405 ms
--- 192.168.10.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.405/0.424/0.443/0.019 ms
xroads:~# ping -c2 google.com
PING google.com (72.14.207.99) 56(84) bytes of data.
64 bytes from 72.14.207.99: icmp_seq=1 ttl=235 time=43.5 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=235 time=41.1 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 41.171/42.362/43.553/1.191 ms
Here however is the key. When I am using the laptop plugged into eth1 on the router, I can ping the following IP addresses:
192.168.10.1 (of course since the laptop IP address is 192.168.10.10)
I can also ping 192.168.2.2 from the laptop, the IP of eth0.
I can not however ping 192.168.2.1 from the laptop the IP address of the <firewall>
(but I can ping it from other computers plugged directly into the firewall and also on the internet including the main router)
And I can’t ping anything on the internet from the router. So it would seem that anything plugged into the firewall (192.168.2.0) network is working as it should. And things plugged into the router are working but the <main router> isn’t forwarding packets from its internal cards (eth 1 etc) on to the internet.
Oh yes, I also ran:
xroads:~# cat /proc/sys/net/ipv4/ip_forward
When I run:
xroads:~# cat /proc/sys/net/ipv4/ip_forward
1
So I believe that forwarding should be running. I haven’t messed with Ipchains or IPtables but that’s because mostly I’m used to setting that up for NAT but what I’m doing really isn’t nat even though private IP address space is being used.
If you would be willing and able to provide any insight that would be very helpful.
Thanks,
JL Kane
English | 
Deutsch
Multiple Segment Router Setup - Not forwarding Packets
Linear Mode
Recent comments
1 hour 18 min ago
10 hours 46 min ago
11 hours 36 min ago
15 hours 9 min ago
19 hours 33 min ago
19 hours 55 min ago
22 hours 5 min ago
1 day 8 hours ago
1 day 13 hours ago
1 day 14 hours ago