Linux Gateway routing problem

I have the following setup

Internet conncetion with speedtouch 510 with IP 10.0.0.138
Linux gateway with two NIC's:
- Eth0 192.168.0.1 for local LAN 192.168.0.0/24
- Eth1 10.0.0.1 for connection with Speedtouch
PC1 with IP 192.168.0.22 WinXP
PC2 with IP 10.0.0.205 WinXP

Routetable on Linux gateway:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth1

Now i can ping from PC01 to PC02
I can ping from PC01 to PC 02
I can ping from PC01 to Linux and back
I can ping from PC02 to Linux and back
I can ping from Linux to speedtouch modem
I can ping from PC2 to speedtouch modem

But now the real problem: I can not ping from PC01 to the speedtouch modem. Please help i am trying allmost a week now..
There is no firewall active and IP-forwarding is on

Kind regards,
Kees Schroijen


--------------= Posted using GrabIt =----------------
------= Binary Usenet downloading made easy =---------
-= Get GrabIt for free from http://www.shemes.com/ =-

"KeesS" <(E-Mail Removed)> writes:

>I have the following setup

>Internet conncetion with speedtouch 510 with IP 10.0.0.138
>Linux gateway with two NIC's:
>- Eth0 192.168.0.1 for local LAN 192.168.0.0/24
>- Eth1 10.0.0.1 for connection with Speedtouch
>PC1 with IP 192.168.0.22 WinXP
>PC2 with IP 10.0.0.205 WinXP

>Routetable on Linux gateway:
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth1

This makes no sense. You are telling your machine that the default gateway
is itself. You said above that your eth1 has address 10.0.0.1 and your
default gateway is 10.0.0.1 Since default gateways are used when the
machine has no idea what to do with the packet, sending such a packet back
to the machine makes no sense. Or is it your description which is
questionable.


>Now i can ping from PC01 to PC02
>I can ping from PC01 to PC 02
>I can ping from PC01 to Linux and back
>I can ping from PC02 to Linux and back
>I can ping from Linux to speedtouch modem
>I can ping from PC2 to speedtouch modem

>But now the real problem: I can not ping from PC01 to the speedtouch modem. Please help i am trying allmost a week now..
>There is no firewall active and IP-forwarding is on

What is your routing on PC1 and PC2.

What are the errors when you try going from pc2 to modem?

Are you sure there is no firewall?

"KeesS" <(E-Mail Removed)> écrivait
news:43031129$0$155$(E-Mail Removed) l:
> Routetable on Linux gateway:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0
> 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U
> 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0
> U 0 0 0 lo 0.0.0.0 10.0.0.1 0.0.0.0
> UG 0 0 0 eth1

Your gateway ip on the linux should be another router. In your case it
should be the Speedtouch (10.0.0.138).

Note: the gateway on the 192.168.0.x hots should be the linux gateway
(10.0.0.1).

The PC2 is on the same lan than the speedtouch. Correct ?


Regards

On 17 Aug 2005 20:34:54 GMT, Antoine EMERIT
<(E-Mail Removed)> wrote:

>Your gateway ip on the linux should be another router. In your case it
>should be the Speedtouch (10.0.0.138).

Off course, i posted the wrong routetable. I did change the gateway Ip
on the Linux just for testing to 10.0.0.1 it is now back on 10.0.0.138

>Note: the gateway on the 192.168.0.x hots should be the linux gateway
>(10.0.0.1).

Oh? is that so? I had on the 192.168.0.x-hosts 192.168.0.1 as default
gateway, because that's the NIC in the router that is connected with
the 192.168.0.x-lan.
Ok, changed this to 10.0.0.1 on PC1 the machine with IP 192.168.0.22,
but I keep the same problem.

>The PC2 is on the same lan than the speedtouch. Correct ?

That's correct the default gateway on that PC2 is pointing to 10.0.0.1
and is working fine.

Kees Schroijen

On 17 Aug 2005 14:36:05 GMT, Unruh <unruh-(E-Mail Removed)> wrote:

>This makes no sense. You are telling your machine that the default gateway
>is itself. You said above that your eth1 has address 10.0.0.1 and your
>default gateway is 10.0.0.1 Since default gateways are used when the
>machine has no idea what to do with the packet, sending such a packet back
>to the machine makes no sense. Or is it your description which is
>questionable.

You are right, see also my reply to Antoine.

>What is your routing on PC1 and PC2.

On PC1 I have only a default gateway to 192.168.0.1(tried also
10.0.01, but that had the same result)
On PC2 I have only a default gateway to 10.0.0.1

>What are the errors when you try going from pc2 to modem?

There are no errors from PC2 to modem, this works fine. But pinging
from PC1 to modem i get only time-outs.

>Are you sure there is no firewall?

At that moment there was no firewall, but now i have installed
IPtables, but allowed all trafic. see the script:

****Start script iptables******

# Generated by iptables-save v1.2.7a on Wed Aug 17 23:31:14 2005
*nat
:PREROUTING ACCEPT [1:48]
:POSTROUTING ACCEPT [2:315]
:OUTPUT ACCEPT [2:315]
COMMIT
# Completed on Wed Aug 17 23:31:14 2005
# Generated by iptables-save v1.2.7a on Wed Aug 17 23:31:14 2005
*mangle
:PREROUTING ACCEPT [10:1274]
:INPUT ACCEPT [10:1274]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12:3441]
:POSTROUTING ACCEPT [12:3441]
COMMIT
# Completed on Wed Aug 17 23:31:14 2005
# Generated by iptables-save v1.2.7a on Wed Aug 17 23:31:14 2005
*filter
:INPUT ACCEPT [65:7191]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [92:59837]
COMMIT
# Completed on Wed Aug 17 23:31:14 2005

****End script iptables****

Kees Schroijen

I was just thinking...

Can it be that i have to change something in the settings of my
SpeedTouch modem/router? Can it be that the modem doesn't reply
correct to the ping of the 192.168.0.x-machine, because the modems
routetable isn't correct?
I have also installed a DNS server on the Linux-machine. The
192.168.0.x hosts resolves the ip of internet-sites (nslookup on the
192.168.0.x hosts works fine), but the sites won't appear in the
browser.

This is the routetable of the modem:
Destination Label Gateway Intf Metric
80.100.233.4/32 - 80.100.233.4 ETHoA_1 0
169.254.141.11/32 - 169.254.141.11 eth0 0
255.255.255.255/32 - 10.0.0.138 eth0 0
10.0.0.138/32 - 10.0.0.138 eth0 0
127.0.0.1/32 - 127.0.0.1 loop 0
10.0.0.0/24 - 10.0.0.1 eth0 0
80.100.233.0/24 - 80.100.233.4 ETHoA_1 0
10.0.0.0/24 - 10.0.0.138* eth0 0
169.254.0.0/16 - 169.254.141.11 eth0 0
default - 80.100.233.1 ETHoA_1 1

Just a thought...

Regards,
Kees Schroijen

> Can it be that i have to change something in the settings of my
> SpeedTouch modem/router?
No.
> Can it be that the modem doesn't reply
> correct to the ping of the 192.168.0.x-machine, because the modems
> routetable isn't correct?
Yes. You likely need NAT (aka IP Masquerading).

keesS <(E-Mail Removed)> écrivait
news:(E-Mail Removed):
> On 17 Aug 2005 20:34:54 GMT, Antoine EMERIT
> <(E-Mail Removed)> wrote:
>
>>Your gateway ip on the linux should be another router. In your case it
>>should be the Speedtouch (10.0.0.138).
>
> Off course, i posted the wrong routetable. I did change the gateway Ip
> on the Linux just for testing to 10.0.0.1 it is now back on 10.0.0.138
>
>>Note: the gateway on the 192.168.0.x hots should be the linux gateway
>>(10.0.0.1).
>
> Oh? is that so? I had on the 192.168.0.x-hosts 192.168.0.1 as default
> gateway, because that's the NIC in the router that is connected with
> the 192.168.0.x-lan.
> Ok, changed this to 10.0.0.1 on PC1 the machine with IP 192.168.0.22,
> but I keep the same problem.

Oops, sorry, the gateway was good on the lan (192.168.0.1).

On Wed, 17 Aug 2005 21:02:27 -0400, Allen McIntosh wrote:

>> Can it be that i have to change something in the settings of my
>> SpeedTouch modem/router?
> No.
>> Can it be that the modem doesn't reply
>> correct to the ping of the 192.168.0.x-machine, because the modems
>> routetable isn't correct?
> Yes. You likely need NAT (aka IP Masquerading).

Or just add a route to 192.168.0.0/24 via 10.0.0.1 in the modem/router,
assuming that is possible.

On Wed, 17 Aug 2005 21:02:27 -0400, Allen McIntosh
<(E-Mail Removed)> wrote:

>> Can it be that i have to change something in the settings of my
>> SpeedTouch modem/router?
>No.

My thinking was in the right way. I have solved the problem by adding
a route to 192.168.0.0/24 via gateway 10.0.0.1 on the speedtouch
modem.

Now i can also ping from the pc with 192.168.0.22 to the modem.

Thanks to all you folks for thinking with me. And now onto the next
project, configuring the firewall on the Linux machine.

Kees Schroijen