Routing problem - was FC9 Linux gateways, VPN working, IP forwarding isn't
Gary Stainburn
gary.stainburn at ringways.co.uk
Sat Jan 24 16:40:14 UTC 2009
On Saturday 24 January 2009 11:19:05 Giany wrote:
> If you say ip_forward is enabled then either there is a routing problem
> or some firewall issue.
>
I've been going round in circles all day and now my head's spinning. I even
got it working once, but don't know how and can't repeat it.
Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP
forwarding enabled on both gateways.
This only leaves routing.
Both gateways talk to each other.
Client and Server can talk to their local gateway
Local gateway can talk to remote server.
Remote gateway cannot talk to client
Client cannot talk to remote gateway or server
server cannot talk to local gateway or client
Layout
Client eth0 10.6.1.2/16
Network 10.6.0.0/16
Local GW eth0 10.6.1.1/16
eth1 192.168.1.1/24 (internet connection)
ppp0 192.168.127.2/32 P-to-P 192.168.127.1
VPN ppp-over-ssh
Remote eth0 10.1.1.115/16
GW ppp1 192.168.127.1/32 P-to-P 192.168.127.2
Network 10.1.0.0/16
Server eth0 10.1.1.104
route tables
Client
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.128.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0
192.168.127.1 10.6.1.1 255.255.255.255 UGH 0 0 0 eth0
10.6.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
0.0.0.0 10.6.1.1 0.0.0.0 UG 0 0 0 eth0
Local Gateway
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.127.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.2.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0
136.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0
10.1.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0
10.6.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.5.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0
172.0.0.0 192.168.127.1 255.255.0.0 UG 0 0 0 ppp0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
Remote Gateway
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.127.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1
10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0
172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0
10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0
136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0
Server
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.127.2 10.1.1.115 255.255.255.255 UGH 0 0 0 eth0
10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0 0 eth0
172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.6.0.0 10.1.1.115 255.255.0.0 UG 0 0 0 eth0
10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0
10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0 0 eth0
136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0 0 eth0
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the fedora-list
mailing list