routing problem

Hello there,

somehow my routing config seems to be malicous. I would like to
accomplish the following:

Server1: eth0:192.168.0.1
eth1:192.168.2.125
forwarding enabled
default-gw: 192.168.2.252

Server2: eth0:192.168.0.2 --> connected to eth0 on Server 1
routingtable:
192.168.2.0 192.168.0.1 255.255.255.255 UGH 0 0
0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0
0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0
0 eth0

Workstation: eth0: 192.168.2.2 --> connected to Server 1 via
wlan-router
route is set to 192.168.0.0 via 192.168.2.125
default-gw is 192.168.2.252

I would like to be able to access server 2 from workstation via server
1 which works.

I would also like to be able to access worksation from server 2 via
server 1 which doesnt work.

And finally i would like to access the internet from server 2 via
server 1 and its default-gw: 192.168.2.252 which is my
dsl-wlan-router.

both servers and the workstation are connected to the wlan-router via
cable. The router is used to establish connection to my brother's net
in the basement of the house.

What is my mistake? Is this possible at all or will i need iptables
and masquerading? I thought i could go without it.
Every hint is appreciated.

Greets and thanks

regime


Regime

On 26 Jul 2004 11:05:50 -0700, Regime <(E-Mail Removed)> wrote:
> Server1: eth0:192.168.0.1
> eth1:192.168.2.125
> forwarding enabled
> default-gw: 192.168.2.252

Is forwarding enabled for both tracks? I.e. eth0 -> eth1 and eth1 -> eth0?
Could you show the routing table for server1? As far as I can tell, server 1 is
the location where things go `wrong'.

Wkr,
Sven Vermeulen
--
Bent Hindrup Andersen, Danish MEP, about the Software Patent Directive:
The approach of the Commission and Council in this directive is shocking.
They are making full use of all the possibilities of evading democracy that
the current Community Law provides. <http://lwn.net/Articles/84009/>

In article <(E-Mail Removed) >, Regime wrote:
>Server1: eth0:192.168.0.1
> eth1:192.168.2.125
> forwarding enabled
> default-gw: 192.168.2.252

OK

>Server2: eth0:192.168.0.2 --> connected to eth0 on Server 1
> routingtable:
>192.168.2.0 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
>0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

Flags are wrong, and loopback doesn't need a gateway.

192.168.2.0 192.168.0.1 255.255.255.255 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

In theory, the top route isn't needed, as it's covered by the default.

>Workstation: eth0: 192.168.2.2 --> connected to Server 1 via
>wlan-router
> route is set to 192.168.0.0 via 192.168.2.125
> default-gw is 192.168.2.252

In other words,

192.168.0.0 192.168.2.125 255.255.255.255 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.252 0.0.0.0 UG 0 0 0 eth0

>I would like to be able to access server 2 from workstation via server
>1 which works.

192.168.2.2 -> 192.168.2.125/192.168.0.1 -> 192.168.0.2 OK

>I would also like to be able to access worksation from server 2 via
>server 1 which doesnt work.

192.168.0.2 -> 192.168.0.1/192.168.2.125 -> 192.168.2.2 NO

That has to be a firewall someplace, because 192.168.2.2 -> 192.168.0.2
says that you have to have the opposite direction working too, or you
wouldn't succeed.

Run tcpdump on server1 listening to all ports and see what's happening.
Also look at the firewall setups on workstation 1.

>And finally i would like to access the internet from server 2 via
>server 1 and its default-gw: 192.168.2.252 which is my
>dsl-wlan-router.

You _MAY_ have to masquerade 192.168.0.x to 192.168.2.x, unless your
DSL router will accept packets from any IP on the LAN side. Also,
does the DSL router know how to talk to 192.168.0.2 by using
192.168.2.125 as a gateway? If it doesn't know where 192.168.0.2 is,
it can't respond.

>both servers and the workstation are connected to the wlan-router via
>cable.

This sentence doesn't make sense in the routing table above. Server2 is
only connected to server1, not to the DSL.

>What is my mistake? Is this possible at all or will i need iptables
>and masquerading? I thought i could go without it.

Much depends on the DSL router.

Hope this helps,

Old guy