I did the experimentation late at night. I have decided on my layout - it works. The routing table for the middle machine is now Destination Gateway Genmask Flags Iface 10.0.0.0 0.0.0.0 255.255.255.0 U eth0 10.0.0.0 0.0.0.0 255.255.255.0 U eth1 192.168.42.0 10.0.0.1 255.255.255.0 UG eth1 0.0.0.0 10.0.0.138 0.0.0.0 UG eth0 This makes perfect sense to me: anything destined for the 192.168.42.0 subnet is dispatched to eth1, and anything else to 10.0.0.138 via eth0. I will leave the settings with on the end machine as described previously. My interpretation of the situation on that machine (which I requote below) seems perfectly plausible, but the details I leave to the real experts. The more I delve into the subject, the more I admire the pure intellectual force that got the protocols to the state where they work.
It seemed that the system needed to know firstly that all packets had to be directed to the interface eth0 #192.168.42.2, and then, having a route out of the machine, the packets could be dispatched to 10.0.0.1.
It should be noted that the machines are directly connected through a crossover cable (no hub) so the question of load sharing does not arise I believe that my problems with a 10.0.0.0 subnet was the presence of zeros. The choice of 10.0.0.0 was determined by my ASDL router, which used DHCP to impose an IP number of 10.0.0.1. I have now changed the settings in the router not to use DHCP, but a static number. To avoid unnecessary trouble, I chose 10.0.0.1 for my static IP. To use a less troublesome number, I have to change the routing tables for the router, and there is always a risk that once I alter the tables, I cannot get back in. In any case, I am not going to pretend after this that I am a routing expert! Quote: "In the land of the blind, the one-eyed man is king." So thanks to all for the help. I have something that works and seems to hold water intellectually, so why fix it? Basil Fowler On Tuesday 03 Jun 2003 23:53, Anders Johansson wrote:
On Wednesday 04 June 2003 01.41, Basil Fowler wrote: I also tried to change the IP of the end machine to one in the 10.0.0.0
range, and the result>s were catastrophic.
Catastrophes are usually what teaches you the most. Or rather, understanding why it fails, and setting things straight.
For example: you said catastrophic. In what sense? Assuming you changed the ip to 10.0.0.2 with a netmask of 255.255.255.0 and a routing table that looks something like
10.0.0.0/24 eth0 0.0.0.0/0 10.0.0.1
Could you still ping the middle machine? I'll bet you could.
So I'm guessing that you forgot about the iptables rule you set up on the middle machine to allow routing, and that that rule had the source address 192.168.42.2 hard coded. Just a guess, mind you.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com