Sarge routing problems

Discussion in 'Installation/Configuration' started by daniel_rodriguez, Jan 13, 2006.

  1. daniel_rodriguez

    daniel_rodriguez New Member

    At work we have a debian sarge as Proxy running Squid with three nics (eth0 -10.0.0.3, eth1 - 10.4.102.2 and eth2 - 10.14.8.2). The idea is that traffic to 10.2.0.0 and 10.10.0.0 pass trough 10.4.102.2, and internet traffic trough 10.0.0.3.

    Problem is that entire LAN cannot reach a remote host (10.2.0.4) needed for accounting applications.

    Below is routing table
    Code:
    Destination	Gateway		Genmask			Flags	Metric	Ref	Use	Iface
    10.4.102.0	10.4.102.1	255.255.255.0		UG	0	0	0	eth1
    10.4.102.0	*		255.255.255.0		U	0	0	0	eth1
    localnet	*		255.255.248.0		U	0	0	0	eth2
    10.2.0.0	10.4.102.1	255.255.0.0		UG	0	0	0	eth1
    10.10.0.0	10.4.102.1	255.255.0.0		UG	0	0	0	eth1
    10.0.0.0	*		255.0.0.0		U	0	0	0	eth0
    default		10.0.0.2	0.0.0.0			UG	0	0	0	eth0
    
    Code:
    10.14.8.0		10.14.8.2		10.2.0.4
    LAN			SQUID		Remote Host
    
    There are no iptables rules neither
    Code:
    firewall:~# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    If I ping 10.2.0.4 get a response but from LAN, no way.


    Any hint will be appreciated.
     
    Last edited: Jan 13, 2006
  2. falko

    falko Super Moderator ISPConfig Developer

    But 10.2.0.4 is an IP address from your LAN, not from the internet...
     
  3. daniel_rodriguez

    daniel_rodriguez New Member

    Goverment agencies are interconnected trough fiber optics ring here, that's why everyone has a proxy/firewall between ring and internal network.
    That's the reason I mentioned 10.2.0.4 as a remote host, because reach there trough the fiber optics ring.

    For a better explanation...
    [​IMG]
     
    Last edited: Jan 13, 2006
  4. falko

    falko Super Moderator ISPConfig Developer

    Can you make sure that 10.2.0.4's firewall isn't blocking requests?
     
  5. daniel_rodriguez

    daniel_rodriguez New Member

    well, certainly yes
     

Share This Page