From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew andrewd@uccsda.org Date: Tue, 05 Dec 2000 00:40:18 +0000 Subject: [LARTC] simple routing problem... (what am I missing?) Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org 
Greetings:

I'm working with the following configuration:

                                 Box C
                              +--------+            _/\__/\_
                              |        |(63..a)    /        \
                              | Router/+----------( Internet )
                              |Firewall|aps0       \_  __  _/
                              +----+---+             \/  \/   
                               eth1|(204..a)              |
                                   |                   +--+----+   
                                   |                   | Linux | Box A
                    DMZ------------+----------+--      +-------+
                                              |    
                                              |
                                          +---+---+ 63..b
                                          | Linux | 63..c
                                          +-------+ 
                                             Box B 

Box C is supposed to be a router/firewall for devices on the
internal "DMZ" network. Right now I'm just trying to get the
routing working before I do the rest. I've started a simple
configuration script which does the following:


  # Add routing rules
  #
  ip rule add iif aps0 to 63..a/32 lookup main priority 190
  ip rule add iif aps0 to 63..0/29 lookup isdn-dmz priority 200
  ip rule add iif eth1 to 204..a/32 lookup main priority 210
  ip rule add iif eth1 lookup dmz-isdn priority 220


  # Create routing tables  
  #

  #dmz-isdn table routes
  ip route add default dev aps0 table dmz-isdn
  #isdn-dmz table routes
  ip route add default dev eth1 table isdn-dmz

  # Make rules/routes active
  ip route flush cache
  echo "1" > /proc/sys/net/ipv4/ip_forward
  echo "1" > /proc/sys/net/ipv4/ip_always_defrag


>From my understanding of things, the above should be sufficient to 
allow me to ping box B from box A. However I am unable to do so. I know
the problem is my router because a) I can ping the router (63..a) from Box
A, b) tracerout of box B's ip address shows a complete path to the router where
it dies.

what am I missing?
-- 
depaan@bibleinfo.com
--------------------------------------------------------------
Want answers to life's big questions? Visit www.bibleinfo.com.