G
Guest
Guest
Archived from groups: comp.security.firewalls,comp.os.linux.networking,comp.os.linux.setup (More info?)
Ok, I thought I had this licked but I guess I was wrong. I now have a
totally strange situation where I can hit both external interfaces, but I
cannot do this from the one of the connected networks.
Here is the setup:
: My Network Router World
: 192.168.1.0/24 --- eth1 192.168.1.254
: eth0 216.108.119.176 --- net1
: eth2 192.168.0.254
: |
: +--- router ------------- net2
: 192.168.0.1 64.247.149.169
In this setup it seems that replies go out the same interface that they
came in from (good) and I can hit the webserver running on the router
(good) but not from the 64.247.149.0/24 network (bad).
In addition I get the following really strange results:
# ping 64.247.149.x
works fine but
# traceroute 64.247.149.65
traceroute to 64.247.149.65 (64.247.149.65), 30 hops max, 38 byte packets
1 192.168.0.254 (192.168.0.254) 2995.688 ms !H 2997.474 ms !H 2999.958 ms !H
and any connection to the 64.247.149.0/24 netwrok fails, as do incoming
connections from that network. Examining the output of tcpdump as best as
I can it appears that connections to and from the 64.247.149.0/24 network
generate arp requests for the given address which, of course, fail, but
requests coming in VIA that network do not generate the same arp requests.
Any help would be much appreciated!
Rudolf
To preclude questions, here some relevant information:
# cat /etc/network/interfaces
# The loopback interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 216.108.119.176
netmask 255.255.255.224
network 216.108.119.160
broadcast 216.108.119.223
gateway 216.108.119.161
up /bin/echo eth0 base >/tmp/log
#
# This is the GWNT interface
#
up ip route add 216.108.119.160/27 dev eth0 \
src 216.108.119.176 table tgnwt || true
up ip route add default via 216.108.119.161 \
table tgnwt || true
up ip route add 216.108.119.160/27 dev eth0 \
src 216.108.119.176 || true
up ip rule add from 216.108.119.176 \
table tgnwt || true
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth2
iface eth2 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
up ip route add 192.168.0.0/24 dev eth2 src 192.168.0.254 \
table tnn || true
up ip route add 192.168.0.0/24 dev eth2 src 192.168.0.254 \
|| true
up ip route add default via 192.168.0.1 table tnn || true
up ip route add 64.247.149.0/24 via 192.168.0.1 \
dev eth2 || true
up ip route add 64.247.149.0/24 dev eth2 src 192.168.0.254 \
table tnn || true
up ip route add 64.247.149.0/24 dev eth2 src 192.168.0.254 \
|| true
up ip rule add from 192.168.0.254 table tnn || true
This is what ends up being in the tables as a result of that :
# ip rule show
0: from all lookup local
32764: from 192.168.0.254 lookup tnn
32765: from 216.108.119.176 lookup tgnwt
32766: from all lookup main
32767: from all lookup default
# ip route show
216.108.119.160/27 dev eth0 proto kernel scope link src
216.108.119.176
64.247.149.0/24 via 192.168.0.1 dev eth2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254
default via 216.108.119.161 dev eth0
# ip route show table tnn
64.247.149.0/24 dev eth2 scope link src 192.168.0.254
192.168.0.0/24 dev eth2 scope link src 192.168.0.254
default via 192.168.0.1 dev eth2
# ip route show table tgnwt
216.108.119.160/27 dev eth0 scope link src 216.108.119.176
default via 216.108.119.161 dev eth0
Ok, I thought I had this licked but I guess I was wrong. I now have a
totally strange situation where I can hit both external interfaces, but I
cannot do this from the one of the connected networks.
Here is the setup:
: My Network Router World
: 192.168.1.0/24 --- eth1 192.168.1.254
: eth0 216.108.119.176 --- net1
: eth2 192.168.0.254
: |
: +--- router ------------- net2
: 192.168.0.1 64.247.149.169
In this setup it seems that replies go out the same interface that they
came in from (good) and I can hit the webserver running on the router
(good) but not from the 64.247.149.0/24 network (bad).
In addition I get the following really strange results:
# ping 64.247.149.x
works fine but
# traceroute 64.247.149.65
traceroute to 64.247.149.65 (64.247.149.65), 30 hops max, 38 byte packets
1 192.168.0.254 (192.168.0.254) 2995.688 ms !H 2997.474 ms !H 2999.958 ms !H
and any connection to the 64.247.149.0/24 netwrok fails, as do incoming
connections from that network. Examining the output of tcpdump as best as
I can it appears that connections to and from the 64.247.149.0/24 network
generate arp requests for the given address which, of course, fail, but
requests coming in VIA that network do not generate the same arp requests.
Any help would be much appreciated!
Rudolf
To preclude questions, here some relevant information:
# cat /etc/network/interfaces
# The loopback interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 216.108.119.176
netmask 255.255.255.224
network 216.108.119.160
broadcast 216.108.119.223
gateway 216.108.119.161
up /bin/echo eth0 base >/tmp/log
#
# This is the GWNT interface
#
up ip route add 216.108.119.160/27 dev eth0 \
src 216.108.119.176 table tgnwt || true
up ip route add default via 216.108.119.161 \
table tgnwt || true
up ip route add 216.108.119.160/27 dev eth0 \
src 216.108.119.176 || true
up ip rule add from 216.108.119.176 \
table tgnwt || true
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth2
iface eth2 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
up ip route add 192.168.0.0/24 dev eth2 src 192.168.0.254 \
table tnn || true
up ip route add 192.168.0.0/24 dev eth2 src 192.168.0.254 \
|| true
up ip route add default via 192.168.0.1 table tnn || true
up ip route add 64.247.149.0/24 via 192.168.0.1 \
dev eth2 || true
up ip route add 64.247.149.0/24 dev eth2 src 192.168.0.254 \
table tnn || true
up ip route add 64.247.149.0/24 dev eth2 src 192.168.0.254 \
|| true
up ip rule add from 192.168.0.254 table tnn || true
This is what ends up being in the tables as a result of that :
# ip rule show
0: from all lookup local
32764: from 192.168.0.254 lookup tnn
32765: from 216.108.119.176 lookup tgnwt
32766: from all lookup main
32767: from all lookup default
# ip route show
216.108.119.160/27 dev eth0 proto kernel scope link src
216.108.119.176
64.247.149.0/24 via 192.168.0.1 dev eth2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254
default via 216.108.119.161 dev eth0
# ip route show table tnn
64.247.149.0/24 dev eth2 scope link src 192.168.0.254
192.168.0.0/24 dev eth2 scope link src 192.168.0.254
default via 192.168.0.1 dev eth2
# ip route show table tgnwt
216.108.119.160/27 dev eth0 scope link src 216.108.119.176
default via 216.108.119.161 dev eth0