David, Pascal,
Thank you both for pointing me in the right direction. I did not have routes
on the Cisco router for the 2 Class C ranges it was supposed to be routing
to. I also created a script on my Linux router to make the appropriate
changes instead of performing a reboot. My ISP had helped me configure the
Cisco router and then I also opened up a support ticket to Cisco along with
diagrams of what I was trying to accomplish. Cisco said everything was
configured properly. However, there were never any routes configured on the
Cisco for the 2 class C ranges. Once I configured them, everything worked.
Thanks again.
"Pascal Hambourg" <boite-a-(E-Mail Removed)> wrote in message
news:ep2a1u$2tcd$(E-Mail Removed)...
> Hello,
>
> Rod a écrit :
>> I have a problem that has stumped me all weekend. I have a Redhat Linux 9
>> router / firewall running iptables that has been our external firewall
>> for the last few years. This router / firewall has 3 network interfaces.
>> Eth0 is the external interface with a public IP address. Eth1 and Eth2
>> are connected to 2 public Class C networks that we own and manage. I need
>> to change the public IP address on Eth0 and point it to a new gateway IP.
>> When I make the change and reboot the router,
>
> Do you really need to reboot the box to change the networking settings ?
>
>> it no longer appears to route packets between the interfaces. From the
>> router itself, I can ping my new upstream router or any address on the
>> Internet. I can also use lynx and text browse other sites on the Internet
>> from the router. Networks that are connected to eth1 and eth2 can still
>> ping the linux router but they cannot ping eth0 or the router
>> that is upstream to my linux router or any Internet addresses. When I
>> change my external IP address back to the way that it was, everything
>> works.
>
> "Ping eth0", which I interpret as "ping the IP address bound to eth0",
> does not involve routing (IP forwarding). Eth0's address is just a local
> IP address on your box, as eth1's and eth2's IP addresses. Did it use to
> work with the old setup ? If yes, check your filtering rules in the INPUT
> and OUTPUT chains.
>
>> The upstream device is a Cisco router that Cisco helped me configure.
>
> Is there some routing protocol (RIP, BGP...) between your box and the
> upstream router, and/or between the router and its own upstream router ?
>
> Maybe the upstream network (ISP and beyond) still routes traffic for your
> IP address ranges via the old eth0's address. In the new setup, could you,
> while sending pings or anything from your networks :
> - capture the IP and ARP traffic on eth0, and
> - plug a box on the old link with the old IP address and capture the
> incoming IP and ARP traffic ?
> If you see requests leaving eth0 and replies coming from the old upstream
> gateway, you know what's wrong.
>
>> I considered that there might be a problem with the Cisco router, so as a
>> test, I set up a cheap Linksys router that I had on hand and configured
>> it with the same IP addresses as my Linux router and hooked it up in
>> place of the Linux router between the Cisco and my DMZ. I connected my
>> workstation behind the Linksys and everything worked. So I don't think
>> that I have a problem with the Cisco router. It still seems to be some
>> configuration problem on my Linux router.
>
> As most SOHO devices, the Linksys router probably does NAT and masquerades
> the workstation behind its own public address, that's why it works. It
> does not mean that the upstream routing for your public ranges is correct.
|
Similar Threads
Linear Mode
