Need some help in Routing in Linux

Guys:

I have some problem, can some Router expert give me a clue. we have two
different subnets, 192.168.1(ADSL-Router) and 192.168.2 (regular SOHO
router), this second router is connected to one of the port on first
router and assigned Second Routers wan port as static IP addr
(192.168.1.128), from 192.168.2 subnet, we can login to all machines in
192.168.1 subnet, whereas from 192.168.1 to 192.168.2, we can't login
or ping at all, I added a route on 192.168.1 subnet, stull I can't
access 2nd subnet machines, on first subnet, I added route using below
command, also route looklike, all machines on both subnets are Linux
machines only.

[root@host1]# route add -net 192.168.2.0 netmask 255.255.255.0 gw
192.168.1.128

[root@host1]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 192.168.1.128 255.255.255.0 UG 0 0 0
eth0
192.168.1.0 * 255.255.255.0 U 0 0 0
eth0
169.254.0.0 * 255.255.0.0 U 0 0 0
eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0
eth0
[root@thost1]#

192.168.1.1 is the gateway ip-address for 192.168.1 subnet, where as
192.168.2.254 is gateway ip-address for 192.168.2 subnet.

In the Routing table in the above message, it shows entry for
"169.254.0 subnet", I have no idea why 169.254.0.0 is showing, I
didn't added any route for this entry.

""GS wrote:
> from 192.168.2 subnet, we can login to all machines in
> 192.168.1 subnet, whereas from 192.168.1 to 192.168.2, we can't login
> or ping at all

Can you access 192.168.2.128 from first subnet and from 192.168.1.1?
What about firewall rules on both hosts?

""GS wrote:
> from 192.168.2 subnet, we can login to all machines in
> 192.168.1 subnet, whereas from 192.168.1 to 192.168.2, we can't login
> or ping at all


Can you access 192.168.2.128 from first subnet and from 192.168.1.1?
What about firewall rules on both hosts?

On 23 Nov 2006 21:58:22 -0800, GS
<(E-Mail Removed)> wrote:
> In the Routing table in the above message, it shows entry for
> "169.254.0 subnet", I have no idea why 169.254.0.0 is showing, I
> didn't added any route for this entry.
>
It's zeroconf, a protocol that lets PCs choose their own IP addresses
without a DHCP server. If you don't use it you can uninstall it.


--
I'll see you... on the dark side of the moon...
-- Pink Floyd

GS wrote:
> In the Routing table in the above message, it shows entry for
> "169.254.0 subnet", I have no idea why 169.254.0.0 is showing, I
> didn't added any route for this entry.
>

169.254.0.0/16 is a special network reserved to link-local addresses.

For details, Google for 'zeroconf'.

--

Tauno Voipio
tauno voipio (at) iki fi

Actually it is 192.168.1.128, not 192.168.2.128. This 192.168.1.128 is
assigned for WAN port of second Router (the WAN port of Second Router
is connected to one of the switch port of the first Router, that port
was assigned as static IP addr using second router's web interface).
from 192.168.2 subnet, I can ssh/te;lnet/ftp to all machines in
192.168.1 subnet, where as viceversa is nothing is working. I don't
have any firewall enabled on second Router.

Thanks.

On 23 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>, GS wrote:

>we have two different subnets, 192.168.1(ADSL-Router) and 192.168.2
>(regular SOHO router), this second router is connected to one of the port
>on first router and assigned Second Routers wan port as static IP addr
>(192.168.1.128), from 192.168.2 subnet, we can login to all machines in
>192.168.1 subnet, whereas from 192.168.1 to 192.168.2, we can't login
>or ping at all, I added a route on 192.168.1 subnet, stull I can't
>access 2nd subnet machines, on first subnet, I added route using below
>command, also route looklike, all machines on both subnets are Linux
>machines only.

I'm sure some of those commas are meant to be periods. OK, all Linux
boxes. Ignoring for the moment any routes to the world and the loopback
interface, your routing tables should show two routes. On 192.168.1.0, it
would look like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 192.168.1.128 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

while on 192.168.2.0 it should look like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.2.254 255.255.255.0 UG 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0

This is to say that one network is local, and the other has to be reached
through a gateway. To answer your followup question, the 169.254.0.0
route is for windoze ZeroConf, and can be ignored. If it bothers you,
there is a variable in your network configuration files that contains the
letters 'ZeroConf' that can be set to disable this. In RedHat/Fedora, this
is "NOZEROCONF=yes" in the /etc/sysconfig/network configuration file.

Now, you say

>from 192.168.2 subnet, we can login to all machines in 192.168.1 subnet,
>whereas from 192.168.1 to 192.168.2, we can't login or ping at all,

What happens when you try? What is the exact error message? If you can
login _FROM_ 192.168.2.x _TO_ 192.168.1.x, then there is no networking
problem. This is more likely a firewall or permissions issue, so look at
the output of 'netstat -atupn' and '/sbin/iptables -L' on the systems on
both networks. How do they differ?

Old guy

Thanks for reply. I verfied iptables and route on both sides, I can see
all rules are flushed on both sides, also route looks Ok, I am keeping
those commands outputs below. onething I noticed is, I ran "tcpdump -i
eth0 port 22" on both machines to see what is going on with ssh (I am
doing ssh from 192.168.1 subnet to 192.168.2 subnet), the remote
machine in 192.168.2 subnet receives that packet, but no reply for that
request at all (I can see all packets from 192.168.1 subnet machine to
192.168.2 subnet machine only, no reply from 192.168.2 subnet machine
at all).

Once again, this 192.168.1.128 address is assigned to Second Router's
WAN port (that WAN port is connected to switch port of the first Router
and given static IP address for that port).

This output from 192.168.1 subnet machine
================================

[root@host1]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 192.168.1.128 255.255.255.0 UG 0 0 0
eth0
192.168.1.0 * 255.255.255.0 U 0 0 0
eth0
169.254.0.0 * 255.255.0.0 U 0 0 0
eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0
eth0
[root@host1]#

[root@host1]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@host1]#


This output from 192.168.2 subnet machine
================================
[root@host2]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 * 255.255.255.0 U 0 0 0
eth0
192.168.1.0 192.168.2.254 255.255.255.0 UG 0 0 0
eth0
169.254.0.0 * 255.255.0.0 U 0 0 0
eth0
127.0.0.0 * 255.0.0.0 U 0 0 0
lo
default 192.168.2.254 0.0.0.0 UG 0 0 0
eth0
[root@host2]#


[root@host2]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination
[root@host2]#

On 25 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>, GS wrote:

>onething I noticed is, I ran "tcpdump -i eth0 port 22" on both machines
>to see what is going on with ssh (I am doing ssh from 192.168.1 subnet
>to 192.168.2 subnet), the remote machine in 192.168.2 subnet receives
>that packet, but no reply for that request at all (I can see all packets
>from 192.168.1 subnet machine to 192.168.2 subnet machine only, no reply
>from 192.168.2 subnet machine at all).

On the 192.168.2.x system, two commands:

netstat -tupan Is anything listening to port 22?

tcpdump -i eth0 Is it sending ICMP Type 3s or something?

>This output from 192.168.1 subnet machine

looks OK

>This output from 192.168.2 subnet machine

also looks OK, although the specific route to 192.168.1.0 isn't required as
this is the same as the default route.

Old guy