[LARTC] Routing question

[LARTC] Routing question

[Alex Schaft]

Hi,

I was wondering if somebody could assist me in the following

I have a lan with a mail server, a fixed outside ip address leased line 
router at 10.1.1.1, and a dynamic outside ip address adsl router at 10.1.1.5

Our linux mail server always used to have the leased line router at 
10.1.1.1, but now with our adsl, I'd like traffic to go across 10.1.1.5, 
I thought it would be straight forward to just change the default 
gateway from 10.1.1.1 to 10.1.1.5, but this resulted in any traffic 
coming in via 10.1.1.1 being ignored. I've been told it is because the 
replies go out over 10.1.1.5

I've looked over the adv routing howto, but can't see how I would 
implement it according to section 4.2.1,  as I won't always know our ip 
address for the adsl connection.

Could someone point me in the right direction?

Thanks,
Alex


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Routing question

[Leigh Waldie]

> Hi,
>
> I was wondering if somebody could assist me in the following
>
> I have a lan with a mail server, a fixed outside ip address leased line
> router at 10.1.1.1, and a dynamic outside ip address adsl router at 10.1.1.5
>
> Our linux mail server always used to have the leased line router at
> 10.1.1.1, but now with our adsl, I'd like traffic to go across 10.1.1.5,
> I thought it would be straight forward to just change the default
> gateway from 10.1.1.1 to 10.1.1.5, but this resulted in any traffic
> coming in via 10.1.1.1 being ignored. I've been told it is because the
> replies go out over 10.1.1.5
>
> I've looked over the adv routing howto, but can't see how I would
> implement it according to section 4.2.1,  as I won't always know our ip
> address for the adsl connection.
>
> Could someone point me in the right direction?
>
> Thanks,
> Alex
>

I found this to be excellent...

http://www.linuxpowered.com/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html

Leigh.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Routing question

[Leigh Waldie]

>>I found this to be excellent...
>>
>>http://www.linuxpowered.com/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
>>
>>
>That's the exact same thing I used, but I don't have separate ethernet
>cards, which this set up relies on. Both my routers are on a switch,
>along with my server, so everything goes over eth0
>
>ip route add default dev eth0 src 10.1.1.1
>ip route add 10.1.1.1 dev eth0 src 10.1.1.1
>
>don't work.

The routing system needs to be able to differentiate between packets coming from the two
routers, so I would suggest that you put another nic in the machine. this setup makes
source based routing very easy to implement. I don't know if multihoming your current
eth0 nic would make it possible because both routers are on the same network...

>
>I also can't find any info on creating tables T1, and T2
>

Go to the link I gave and click "Prev" - the info you need is on that page...

>Alex

Leigh
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] routing question

[routing]

So far I have been used to using linux to provide simple routing from my 
network to others using commands such as ip route add 192.168.1.0/24 via 
192.168.0.4 etc and it has all worked perfectly.
I also use smoothwall GPL to provice vpn services, however I have hit on 
a problem and am not at all clear on the way in which to proceed.
I now need to provide a route to services, the access to these is 
provided by a router on a network on the far end of a VPN. the  
computers on the  remote network can see the service I need to access, 
however when I try to provice a route to that system using a router on 
the remoted network by issuing a command such as 192.168.5.0/24 via 
192.168.15.6  in the router at 192.168.0.4 I get the following :-
RTNETLINK answers: Network is unreachable.

My question is , what way of providing access to this route do I need to 
follow, Is it GRE tunnels (not the best option as I don't have enough 
information on the remote router configurations and am not able to 
change their settings).  Do I have to use  new routing tables  or is 
there something else I must do to get this working?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] routing question

[routing]

my current router and default gateway for my network is 192.168.0.4 
(with one interface eth0)
192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0
I need to get to a network at 192.168.16.0/24 at the through the gateway 
at 192.168.15.254

Machines on 192.168.15.0 can ping those on 192.168.16.0

this is the current situation with some real numbers from 192.168.0.4
ip route
192.168.3.0/24 via 192.168.0.8 dev eth0
192.168.0.0/24 dev eth0  scope link
192.168.16.0/24 via 192.168.15.254 dev eth0
192.168.15.0/24 via 192.168.0.8 dev eth0
127.0.0.0/8 dev lo  scope link
default via 192.168.0.8 dev eth0

I can see the following from 192.168.0.4 :-
ping 192.168.15.254
PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data.
64 bytes from 192.168.15.254: icmp_seq=1 ttl%3 timef.7 ms
64 bytes from 192.168.15.254: icmp_seq=2 ttl%3 timee.4 ms

ping 192.168.15.21
PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data.
64 bytes from 192.168.15.21: icmp_seq=1 ttl%3 timeu.6 ms

but when I do
ip route add 192.168.15.254 via 192.168.15.21
I get
RTNETLINK answers: Network is unreachable

what I  really want to do at 192.168.0.4  is something like this
ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives 
RTNETLINK answers: Network is unreachable)




Rene Gallati wrote:

> routing wrote:
>
>> So far I have been used to using linux to provide simple routing from 
>> my network to others using commands such as ip route add 
>> 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly.
>> I also use smoothwall GPL to provice vpn services, however I have hit 
>> on a problem and am not at all clear on the way in which to proceed.
>> I now need to provide a route to services, the access to these is 
>> provided by a router on a network on the far end of a VPN. the  
>> computers on the  remote network can see the service I need to 
>> access, however when I try to provice a route to that system using a 
>> router on the remoted network by issuing a command such as 
>> 192.168.5.0/24 via 192.168.15.6  in the router at 192.168.0.4 I get 
>> the following :-
>> RTNETLINK answers: Network is unreachable.
>
>
> Imho this simply means that the router at 192.168.0.4 does not know 
> where 192.168.15.6 (the via target) is and thus denies the request. 
> Add a route to 192.168.15.6 first and then it should work.
>
>> My question is , what way of providing access to this route do I need 
>> to follow, Is it GRE tunnels (not the best option as I don't have 
>> enough information on the remote router configurations and am not 
>> able to change their settings).  Do I have to use  new routing 
>> tables  or is there something else I must do to get this working?
>
>
> Just tell the router where your target is and all should be well, 
> provided it can be really reached by the router in the first place, of 
> course.
>
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] routing question

[Rene Gallati]

routing wrote:
> my current router and default gateway for my network is 192.168.0.4 
> (with one interface eth0)
> 192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0
> I need to get to a network at 192.168.16.0/24 at the through the gateway 
> at 192.168.15.254
> 
> Machines on 192.168.15.0 can ping those on 192.168.16.0
> 
> this is the current situation with some real numbers from 192.168.0.4
> ip route
> 192.168.3.0/24 via 192.168.0.8 dev eth0
> 192.168.0.0/24 dev eth0  scope link
> 192.168.16.0/24 via 192.168.15.254 dev eth0
> 192.168.15.0/24 via 192.168.0.8 dev eth0
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.0.8 dev eth0
> 
> I can see the following from 192.168.0.4 :-
> ping 192.168.15.254
> PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data.
> 64 bytes from 192.168.15.254: icmp_seq=1 ttl%3 timef.7 ms
> 64 bytes from 192.168.15.254: icmp_seq=2 ttl%3 timee.4 ms
> 
> ping 192.168.15.21
> PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data.
> 64 bytes from 192.168.15.21: icmp_seq=1 ttl%3 timeu.6 ms
> 
> but when I do
> ip route add 192.168.15.254 via 192.168.15.21
> I get
> RTNETLINK answers: Network is unreachable
> 
> what I  really want to do at 192.168.0.4  is something like this
> ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives 
> RTNETLINK answers: Network is unreachable)

Try "ip route add 192.168.16.0/24 via 192.168.15.21 dev eth0" this 
should really work but you might need to designate the interface name.

> 
> Rene Gallati wrote:
> 
>> routing wrote:
>>
>>> So far I have been used to using linux to provide simple routing from 
>>> my network to others using commands such as ip route add 
>>> 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly.
>>> I also use smoothwall GPL to provice vpn services, however I have hit 
>>> on a problem and am not at all clear on the way in which to proceed.
>>> I now need to provide a route to services, the access to these is 
>>> provided by a router on a network on the far end of a VPN. the  
>>> computers on the  remote network can see the service I need to 
>>> access, however when I try to provice a route to that system using a 
>>> router on the remoted network by issuing a command such as 
>>> 192.168.5.0/24 via 192.168.15.6  in the router at 192.168.0.4 I get 
>>> the following :-
>>> RTNETLINK answers: Network is unreachable.
>>
>>
>>
>> Imho this simply means that the router at 192.168.0.4 does not know 
>> where 192.168.15.6 (the via target) is and thus denies the request. 
>> Add a route to 192.168.15.6 first and then it should work.
>>
>>> My question is , what way of providing access to this route do I need 
>>> to follow, Is it GRE tunnels (not the best option as I don't have 
>>> enough information on the remote router configurations and am not 
>>> able to change their settings).  Do I have to use  new routing 
>>> tables  or is there something else I must do to get this working?
>>
>>
>>
>> Just tell the router where your target is and all should be well, 
>> provided it can be really reached by the router in the first place, of 
>> course.
>>
>>
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Routing question

[John Fulton]

I've always had to either have routing on, or off on a system.

For the first time this week I have a system on the internet but with 
one connection to a private network to manage a piece of network gear.

The situation is where I have a server on a 802.1q trunk with 4 VLAN 
interfaces on the internet and needs standard routing across the 
interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public 
address space and has standard routing.

I just turned up eth0.2 on a private network (192.168.x.x) that I 
need to prevent any traffic from the public interfaces from reaching.

After dipping into the iprouting documentation, it's only confused me 
more. I assume this is accomplished with a rule but sofar I have only 
been able to completely shut off access to the private network 
entirely including the server's access to that subnet.

Could someone point me to an example of how this can be done?

Thank you!

John Fulton
Anchorage, AK

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Routing question

[Leigh Sharpe]

I'll try that on-list this time......



An iptables rule in the FORWARD chain to DROP all packets to/from that network? Using the FORWARD chain should allow access from the server's IP address, but not allowing any forwarded traffic. 
 


Regards,
             Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au

-----Original Message-----
From: jfulton@arctic.net [mailto:jfulton@arctic.net] 
Sent: Wednesday, September 06, 2006 5:08 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] Routing question

I've always had to either have routing on, or off on a system.

For the first time this week I have a system on the internet but with 
one connection to a private network to manage a piece of network gear.

The situation is where I have a server on a 802.1q trunk with 4 VLAN 
interfaces on the internet and needs standard routing across the 
interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public 
address space and has standard routing.

I just turned up eth0.2 on a private network (192.168.x.x) that I 
need to prevent any traffic from the public interfaces from reaching.

After dipping into the iprouting documentation, it's only confused me 
more. I assume this is accomplished with a rule but sofar I have only 
been able to completely shut off access to the private network 
entirely including the server's access to that subnet.

Could someone point me to an example of how this can be done?

Thank you!

John Fulton
Anchorage, AK

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] Routing Question

[Fernando Blankleder]

[-- Attachment #1.1: Type: text/plain, Size: 313 bytes --]

Hi, Somebody can help me , i have a linux gateway running ipsec, so if i ping a host on a remote ipsec network from gateway packet goes out with external ip address of gateway , is there a way that packets going from gateway to a remote network be sourced from internal gateway ip ?

Thanks in advance
Fernando

[-- Attachment #1.2: Type: text/html, Size: 766 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Fw: [LARTC] Routing Question

[Fernando Blankleder]

----- Original Message ----- 
From: "Fernando Blankleder" <fernandoblankleder@gmail.com>
To: "Evgeni Gechev" <etg@setcom.bg>
Sent: Friday, April 06, 2007 11:37 AM
Subject: Re: [LARTC] Routing Question


>I was thinking in a more Permanent Solution :)
>
> ----- Original Message ----- 
> From: "Evgeni Gechev" <etg@setcom.bg>
> To: "Fernando Blankleder" <fernandoblankleder@gmail.com>
> Sent: Thursday, April 05, 2007 2:13 PM
> Subject: Re: [LARTC] Routing Question
>
>
>> Fernando Blankleder написа:
>>> Hi, Somebody can help me , i have a linux gateway running ipsec, so if i 
>>> ping a host on a remote ipsec network from gateway packet goes out with 
>>> external ip address of gateway , is there a way that packets going from 
>>> gateway to a remote network be sourced from internal gateway ip ?
>>>  Thanks in advance
>>> Fernando
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> LARTC mailing list
>>> LARTC@mailman.ds9a.nl
>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>
>> ping -I Internal_IP Remote_IP
> 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc