The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hi again,
http://www.ernetfree.net/img1.jpg
scheme updated: 2005-12-07
is possible to route network communication in network.
I don't want to use masquarade mechanism.
When is on *.2.34 set gw 2.99 , pings works between *.2.30 and *.3.34, but no internet works
My idea is, set gw by vlan, but how to set routing betweend them?
How to set up ?
TKX
(Last edited by reset on 7 Dec 2005, 20:51)
when is everything set by scheme, is see on coyote router or my pc ping request, but no ping is returned.
on asus router, on eth2 in tcpdump -i eth2
i see
IP 192.168.3.34 > 192.168.2.1: icmp 40: echo request seq xxx
arp who-has 192.168.3.34 tell 192.168.2.1that's all
Your default route on your asus router should point to 192.168.2.1. You need to add a route on your coyote box for 192.168.3.0/24 that points to 192.168.2.99 for it's gateway.
well, it partial works
pings:
*.2.01 --> *.3.34 .. ok
*.2.30 --> *.3.34 .. ok
*.3.34 --> *.2.01 .. ok
*.3.34 --> *.2.30 .. KO !!! why ?
when i ping to *.2.30 from *.3.34 is see
on *.2.1 :
ICMP echo rply (60 bytes) from 192.168.2.30 to 192.168.3.34 (src HWaddr 00051c0c23e1) on eth0 on *.2.99 (ie *.3.99) on eth2 :
.... IP 192.168.3.34 > 192.168.2.30: icmp 40: echo requestrouting tables:
192.168.2.1 :
shakaree# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 192.168.2.99 255.255.255.0 UG 0 0 0 eth0
10.112.160.0 0.0.0.0 255.255.224.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.112.160.1 0.0.0.0 UG 0 0 0 eth1192.168.2.99 (ie 192.168.3.99) :
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth2Have you/someone an inde why doesn't work pings from *.3.34 to *.2.30 ?
(Last edited by reset on 6 Dec 2005, 18:35)
What is the IP configuration on 3.35 and 2.30 (network/netmask/gateway)? It looks like the reply makes it all the way back to 2.30's gateway which is odd that it doesn't get all the way back to 2.30. Could there be a firewall rule in the 2.1 box causing the problem? Or maybe even on the 2.30 box?
IP Address. . . . . . . . . . . . : 192.168.3.34
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.3.99IP Address. . . . . . . . . . . . : 192.168.2.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1I think I know why it's happening. 3.34 only has to go through asus to get to 2.30 but 2.30 has to go through both coyote and asus to get to 3.34. That would mean the reply would take a different path than the request. I think one way to fix this is to add a route on 2.30 for 192.168.3.0/24 that points to 192.168.2.99 as the gateway. There should be a nicer way to do this without having to add a static route to the client but I believe that would solve the problem at least as a temporary workaround. If after adding the static route you still have the problem then I would say it's an iptables issue on the asus.
it's not right way to set static routing, I plan to separate my wifi network up to eight vlans (subnets) and will be more , I have almost forty computers. Static routing on pcs is mad!
That's true, we have around 50,000 PCs and all of our network management servers have at *least* 3 interfaces with static routes out the wazoo (not my design). That's not fun. I would still temporarily set one just to see if that indeed is the issue.
P.S. After looking this over again I believe this route is wrong on your coyote box (as I mentioned in your other thread) and actually could be (probably is) the problem:
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0I believe that should be:
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0well, i did by you
(i change subnet to 192.168.4.0/24 only) .. other discusion
so ....
main firewall - coyote - 192.168.2.1
shakaree# route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.2.99 dev eth0
shakaree# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 192.168.2.99 255.255.255.0 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.112.160.0 0.0.0.0 255.255.224.0 U 0 0 0 eth1
0.0.0.0 10.112.160.1 0.0.0.0 UG 0 0 0 eth1 router - asus
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth2pings:
*.2.01 -> *.4.34 .. ok
*.2.30 -> *.4.34 .. ok
*.4.34 -> *.2.01 .. ok
*.4.34 -> *.2.30 .. KO !!
*.4.34 -> Internet .. KO !! (with subnet mask 255.255.0.0 on coyote router works)from *. 4.34 cannot ping to any in *.2.0/24 network , to address *.2.01 only
(Last edited by reset on 7 Dec 2005, 00:49)
can be problem in main coyote firewall/router ?
i just paste new topic into Coyote/BrazilFW forum
*.2.01 -> *.4.34 .. ok *.2.30 -> *.4.34 .. ok *.4.34 -> *.2.01 .. ok *.4.34 -> *.2.30 .. KO !! *.4.34 -> Internet .. KO !! (with subnet mask 255.255.0.0 on coyote router works)from *. 4.34 cannot ping to any in *.2.0/24 network , to address *.2.01 only
Why do I still see 255.255.0.0 subnet mask? Nearest I can tell all of your subnets are 24 bit. You need to get your masks correct on all routers and PCs if you expect things to work. It appears that your routers are configured properly so I have to assume it's your PC that is configured wrong.
you are right, my networks have to be set as 24bit's.
i did it again
main coyote firewall/router - 192.168.2.1
shakaree# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 192.168.2.99 255.255.255.0 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.112.160.0 0.0.0.0 255.255.224.0 U 0 0 0 eth1
0.0.0.0 10.112.160.1 0.0.0.0 UG 0 0 0 eth1asus router - 192.168.2.99 (192.168.4.99)
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth2my pc - 192.168.2.30
IP Address. . . . . . . . . . . . : 192.168.2.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1notebook - 192.168.4.34
IP Address. . . . . . . . . . . . : 192.168.4.34
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.4.99Connection is by scheme above.
Result:
*.2.01 -> *.4.34 .. ok
*.2.30 -> *.4.34 .. ok
*.4.34 -> *.2.01 .. ok
*.4.34 -> *.2.30 .. KO !!
*.4.34 -> Internet .. KO !!Pinging 192.168.4.34 -> Internet
tcpdump -i eth2 on 192.168.2.99 (192.168.4.99) shows:
.... IP 192.168.4.34 > 194.228.32.18: icmp 40: echo request seq xxxxxxx
.... IP 192.168.4.34 > 194.228.32.18: icmp 40: echo request seq xxxxxxx
.... IP 192.168.4.34 > 194.228.32.18: icmp 40: echo request seq xxxxxxxIptraf on 192.168.2.1
ICMP echo req (60 bytes) from 192.168.4.34 to 194.228.32.18 (src HWaddr 00112fe3252d) on eth0
ICMP echo req (60 bytes) from 192.168.4.34 to 194.228.32.18 (src HWaddr 00112fe3252d) on eth0
ICMP echo req (60 bytes) from 192.168.4.34 to 194.228.32.18 (src HWaddr 00112fe3252d) on eth0Pinging 192.168.4.34 -> 192.168.2.30
tcpdump -i eth2 on 192.168.2.99 (192.168.4.99) shows:
.... IP 192.168.4.34 > 192.168.2.30 icmp 40: echo request seq xxxxxxx
.... IP 192.168.4.34 > 192.168.2.30 icmp 40: echo request seq xxxxxxx
.... IP 192.168.4.34 > 192.168.2.30 icmp 40: echo request seq xxxxxxxIptraf on 192.168.2.1
ICMP dest unrch (port) (56 bytes) from 192.168.2.30 to 192.168.2.1 (src HWaddr 00051c0c23e1) on eth0
ICMP echo rply (60 bytes) from 192.168.2.30 to 192.168.4.34 (src HWaddr 00051c0c23e1) on eth0
ICMP dest unrch (port) (56 bytes) from 192.168.2.30 to 192.168.2.1 (src HWaddr 00051c0c23e1) on eth0
ICMP echo rply (60 bytes) from 192.168.2.30 to 192.168.4.34 (src HWaddr 00051c0c23e1) on eth0
ICMP dest unrch (port) (56 bytes) from 192.168.2.30 to 192.168.2.1 (src HWaddr 00051c0c23e1) on eth0
ICMP echo rply (60 bytes) from 192.168.2.30 to 192.168.4.34 (src HWaddr 00051c0c23e1) on eth0Settings are correct, right? But reason is a bit worse, that with 16 bit mask.
Why it doesn't communicate?
(Last edited by reset on 7 Dec 2005, 09:21)
I'm just looking to the notebook display, there goes pings (*.4.34 -> *.2.30) with timeout respons,
and ....
almost 40pings get response, ..... then timeout, .... and again echo reply is correct , ....
What ? Something fucking communication. Grrrrrrrr
But what
(Last edited by reset on 7 Dec 2005, 15:34)
Between *.2.30, *.2.99 and coyote firewall ( 2.1 ) are just asus machines with olegs firmware connected via WDS together without any rules and so on.
(Last edited by reset on 7 Dec 2005, 15:42)
fix the netmasks on coyote and 'my pc'
coyote
ip - 192.168.2.1
netmask - 255.255.255.0
192.168.3.0/24 via 192.168.2.99 (route add -net 192.168.3.0/24 gw 192.168.2.99)
"my pc"
ip - 192.168.2.30
netmask - 255.255.255.0apart from that everything should match the diagram
(oh, and make sure the asus router isn't doing any NAT)
I did, yesterday and today morning,
see topic from Today 11:11:18 http://forum.openwrt.org/viewtopic.php?pid=16759#p16759
(there is just changed subnet from 3.0/24 to 4.0/24)
I thing, settings are absolut correctly.
Evening I will check NAT setting, I thing NAT is off or is used for WAN port.
(Last edited by reset on 7 Dec 2005, 16:48)
I did, yesterday and today morning,
see topic from Today 11:11:18 http://forum.openwrt.org/viewtopic.php?pid=16759#p16759There is changed subnet from 3.0/24 to 4.0/24
I thing, settings are absolut correctly.
Evening I will check NAT setting, I thing NAT is off or is used for WAN port.
You've pasted so much information that it's hard to follow what the settings currently are. Fix your diagram.
I just update scheme now.
(oh, and make sure the asus router isn't doing any NAT)
NAT is not used
(Last edited by reset on 7 Dec 2005, 21:40)
I just found one problem in my network,
one server, connected to the switch has bad subnet mask,
my situation now:
*.2.01 -> *.4.34 .. ok
*.2.30 -> *.4.34 .. ok
*.4.34 -> *.2.01 .. ok
*.4.34 -> *.2.30 .. ok
*.4.34 -> Internet .. KO !!probably, somewhere has to be something wrong on the routing way.
I will check everything, I hope, that has to be solved soon.
I assume that your coyote box *does* do NAT to internet right? I will also guess that it's only configured to NAT for your 192.168.2.0/24 network. It sounds to me like you need to mess with the firewall/NAT configuration on your coyote box and I'm not familiar with that. Does it use iptables? What does the configuration look like?
The diagram is much improved on your first attempt. You should try to ping a known external source and perform some diagnosis of the Coyote logs. First open up the firewall to ICMP by inserting a rule at the top of your rule list (both input and output on both interfaces) and also log those packets. Then try and ping the external site from the notebook, review the results and troubleshoot from there. There should be four log entires per ping input-eth0 output-eth1 input-eth1 output-eth0.
If no packets are being logged try disconnecting the 2.11 Asus and taking your laptop plug it into the local side of the Coyote firewall box, change its IP, ping the external site and analyse the logs. Packets should be logged unless you have screwed up your ICMP rules as above. Presume Coyote is iptables?
Internet works too, problem was in coyote. He doesn't NAT subnet *.4.0/24 .
after manualy applying:
route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.2.99 dev eth0
Coyote connect to the Internetnet address with souce 192.168.4.34 ,
so NAT has to be set the latest.
Thanks for your support, and understanding me, how routing works (i have been never learning).
Lot of beers is waiting for you here, just come to the Czech rep.
(Last edited by reset on 8 Dec 2005, 09:24)
The discussion might have continued from here.