Robert, Yeah the GW is correct for both networks and I can ping both GWs. I can even ping the far side of the box (i.e. - On 192.168.65.228 I can ping it's Gw of 192.168.66.252 and the 10.62.56.x GW of 10.62.56.252. I however can't ping any other 10.62.56.x address. The same goes for any traffic from the 10.62.56.x network to the 192.168.x.x network. 192.168.65.228 Route Print Dump ------------------------------------------------------ Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.66.252 192.168.65.228 20 10.62.56.0 255.255.255.0 192.168.66.252 192.168.65.228 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.0.0 192.168.65.228 192.168.65.228 20 192.168.65.228 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.65.255 255.255.255.255 192.168.65.228 192.168.65.228 20 224.0.0.0 240.0.0.0 192.168.65.228 192.168.65.228 20 255.255.255.255 255.255.255.255 192.168.65.228 192.168.65.228 1 Default Gateway: 192.168.66.252 =========================================================================== Persistent Routes: None ***NOTE*** ---- I added the 10.62.56.0 route hoping to produce results. This however did not work either and has been removed. Thank You, Jason Dobbs . IT Manager Westin Casuarina Casino Las Vegas Rasp, Robert wrote:
Jason,
Routing on the Router is looking good, i think... Is the Default-Gateway set correct on the workstations ? Can you Ping this IP ???
Can i have the routingtable from your router and the IP's of the Networkcards. Can i have a Routing-Table from one client on each Network (Windows --> route print)
CU Robert
-----Ursprüngliche Nachricht----- Von: Jason Dobbs [mailto:jdobbs@casuarinacasino.com] Gesendet: Dienstag, 6. April 2004 22:37 An: suse-security@suse.com Betreff: Re: AW: [suse-security] Multiple Internal Networks not Routing
Robert,
ETH1 Dump ------------------------------------------ tcpdump: listening on eth1 05:33:19.653787 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:24.707194 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:30.207866 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:35.708547 192.168.65.228 > 10.62.56.8: icmp: echo request
4 packets received by filter 0 packets dropped by kernel
ETH2 Dump ------------------------------------------- tcpdump -pni eth2 icmp tcpdump: listening on eth2 05:33:19.654447 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:24.707232 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:30.207911 192.168.65.228 > 10.62.56.8: icmp: echo request 05:33:35.708586 192.168.65.228 > 10.62.56.8: icmp: echo request
4 packets received by filter 0 packets dropped by kernel
192.168.65.228 trying to ping 10.62.56.8 --------------------------------------------------- Pinging 10.62.56.8 with 32 bytes of data:
Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 10.62.56.8: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
IP-Forwarding ---------------------------------------- cat /proc/sys/net/ipv4/ip_forward <enter> 1
Thank You, Jason Dobbs . IT Manager Westin Casuarina Casino Las Vegas
Rasp, Robert wrote:
Hello,
i had this problem by my self... i hate routing sometimes ;-) Is IP-Forwaring enabled (cat /proc/sys/net/ipv4/ip_forward) Try this: Open two Shell's and start "tcpdump -pni eth1 icmp" on one Shell and "tcpdump -pni eth2 icmp" on the other. Try the Ping again and watch the results...
CU Robert
-----Ursprüngliche Nachricht----- Von: Jason Dobbs [mailto:jdobbs@casuarinacasino.com] Gesendet: Dienstag, 6. April 2004 21:49 An: Rasp, Robert Betreff: Re: *****list-suse***** AW: [suse-security] Multiple Internal Networks not Routing
Robert,
I took the firewall script down and tried a ping from 192.168.65.228 to 10.62.56.8 and got the same results, request timed out.
Thank You, Jason Dobbs . IT Manager Westin Casuarina Casino Las Vegas
Rasp, Robert wrote:
Hello,
if i had this problem, i try it without firewall first.... Then you can be sure your routing is ok. It may be better to stay offline while the firewallscript isn't runnung :-)
CU Robert
-----Ursprüngliche Nachricht----- Von: Jason Dobbs [mailto:jdobbs@casuarinacasino.com] Gesendet: Dienstag, 6. April 2004 17:18 An: suse-security@suse.com Betreff: [suse-security] Multiple Internal Networks not Routing
Hi,
Hoping someone can point out my mistake here! I have SuSE 9.0 running with 3 NICS (eth0=internet, eth1=192.168.0.0/16, and eth2=10.62.56.0/24). Everything with the internet is working great. The problem is routing traffic between eth1 and eth2. I've set both networks as trusted, set FW_FORWARD, and enabled FW_ALLOW_CLASS_ROUTING. Nothing has seemed to work. Posted is also a copy of my /etc/sysconfig/SuSEfirewall2. I'd like to allow all traffic between these 2 networks.
Any ideas?
------------------------------------------------------------------- FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="eth1 eth2" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.65.224/27 10.62.56.0/24 192.168.0.0/16,<mail server ip>/32 10.62.56.0/24,<mail server ip>/32" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http https ssh" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="192.168.0.0/16 10.62.56.0/24" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="192.168.0.0/16,10.62.56.0/24,tcp,1:65535 10.62.56.0/24,192.168.0.0/16,tcp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,udp,1:65535 10.62.56.0/24,192.168.0.0/16,udp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,icmp 10.62.56.0/24,192.168.0.0/16,icmp" FW_FORWARD_MASQ="0/0,192.168.65.227,tcp,5800 0/0,192.168.65.227,tcp,5900 \ 0/0,192.168.65.227,tcp,5632 0/0,192.168.65.227,udp,5632" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" # Jason Dobbs FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" # Jason Dobbs FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="yes" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" -----------------------------------------------------------------------------------