On Tue, 17 May 2005, Mark A. Taff wrote:
All,
I sure hope someone can enlighten me. I am having a weird routing issue. Everything works OK, except I can't access the the external interface from a machine on my internal network.
In addition, you have a weird network configuration.
See network map pdf at http://www.marktaff.com/network.map.pdf See output of `ifconfig` and `route` below.
From any internal (192.168...) machine, I can't ping/ssh liberty1-ext, but I can ping/ssh to liberty1-int.
From each internal machine, I can reach all the other internal machines, and the router's external ip, but not liberty1's external ip.
From outside my private network, I can ping/ssh liberty1-ext just fine.
I want to be able to access the machine via liberty1-ext both at home and while traveling, yet still be able to access the private network from liberty1 via liberty1-int interface.
This is the part that is hard to understand: Why do you want to do this? If all of the "internal" systems can access LIBERTY1 from the internal network, why would you want them to go through two firewalls to access LIBERTY1? You appear to have two Comcast networks assigned to you. Does Comcast allow routing between the two networks? For security reasons, it would be reasonable for them not to as it would provide a pathway to deliver malware.
Could the problem be my hub? Do I need to replace it with a switch, or perhaps a separate router? Seems like the hub should work?
From a simple routing perspective, you shouldn't be able to communicate between the 24.22.122/20 and the 24.22.190/24 networks, at least locally, without some routing information being provided.
You could add a static host route to LIBERTY1 and your D-Link Wireless Router. On LIBERTY1 add 24.22.190.86 with the gateway as being your eth1 interface. On the wireless router add a host route for 24.16.122.35 and specify it's ethernet interface as the gateway. This would identify that there are two networks on the "external" LAN. This should allow the traffic between the networks to be routed locally through the hub. Still, it doesn't make sense to do this. What are you trying to accomplish? Merton Campbell Crockett -- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcard