Sign in with
Sign up | Sign in
Your question

Help with router routing tables

Last response: in Networking
Share
May 18, 2007 5:07:45 PM

Hi,

We need to administer an existing network with previously configured routers.
We've now added a firewall/proxy server that handles the internet connection but we can't get Email to function from the remote sites while web access works through the proxy gateway.

This is the basic layout of the network:

Head Office:
Network: 199.199.1.0/24
Internet Proxy/Firewall gateway: 199.199.1.254
FW/GW Routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface
dsl-xxx-xxx-xxx. * 255.255.255.255 UH 0 0 0 ppp0
199.199.2.0 * 255.255.255.0 U 0 0 0 eth0
199.199.3.0 * 255.255.255.0 U 0 0 0 eth0
1.1.1.0 * 255.255.255.0 U 0 0 0 eth1
199.199.1.0 * 255.255.255.0 U 0 0 0 eth0
default dsl-xxx-xxx-xxx. 0.0.0.0 UG 0 0 0 ppp0

Router to branch office: 199.199.1.199
(Note: we have no access to this router's config)

Branch Office1:
Network: 199.199.2.0/24
Router to head office: 199.199.2.199
Routing table as originally configured:
Destination Gateway Netmask Metric Type Interface
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~
199.199.2.0 199.199.2.199 255.255.255.0 /24 1 KERN e1
199.199.1.0 10.0.0.2 255.255.255.0 /24 1 STAT w1
127.0.0.1 0.0.0.0 255.255.255.255/32 0 STAT lo
10.0.0.0 10.0.0.2 255.255.255.252/30 1 KERN w1
10.0.1.5 10.0.0.2 255.255.255.255/32 1 KERN w1


Branch Office2:
Network: 199.199.3.0/24
Router to head office: 199.199.3.199
Routing table as originally configured:
Destination Gateway Netmask Metric Type Interface
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~
199.199.3.0 199.199.3.199 255.255.255.0 /24 1 KERN e1
199.199.1.0 10.0.1.2 255.255.255.0 /24 1 STAT w1
127.0.0.1 0.0.0.0 255.255.255.255/32 0 STAT lo
10.0.1.0 10.0.1.2 255.255.255.252/30 1 KERN w1
10.0.1.1 10.0.1.2 255.255.255.255/32 1 KERN w1

We can access the Firewall/Gateway on 199.199.1.254 from both branch offices and those users can surf the web by using their routers as their default gateways with 199.199.1.254 as their Proxy Server.

The problem is that no branches can access/download their email using Outlook or Outlook Express - not even when they use the external mail server IP address.

Can anyone shed some light on this problem and point us in the right direction with setup or mods to the routing tables.

Thanks,

More about : router routing tables

May 20, 2007 5:07:21 AM

Good luck with this one. Cisco routers are about as much fun configuring as masturbation with a cheese-grater.

Off the top of my head: Make sure you aren't blocking ports or IP ranges in any inbound/outbound access lists.
May 21, 2007 4:43:19 PM

As web traffic is working fine, I doubt your routing tables are an issue. Connectivity is there. The first place to start is to check whether the firewall blocks e-mail ports (TCP 25 for SMTP and TCP 110 for POP3). You have to allow access for those ports as destination for outbound traffic and source for inbound. If you use a Cisco ACL and the mail server's IP is 1.1.1.1 you'd have an access-list entry like this

outbound:
permit tcp any host 1.1.1.1 eq 25
permit tcp any host 1.1.1.1 eq 110

inbound:
permit tcp host 1.1.1.1 eq 25 any
permit tcp host 1.1.1.1 eq 110 any
!