Hi, everything is ok now! :) thanks 2everyone..
-- thanks, louie miranda ----- Original Message ----- From: "louie miranda" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "jereme" <[EMAIL PROTECTED]> Sent: Thursday, February 27, 2003 9:32 AM Subject: Re: managing another network route, can't connect to it! Pls see! > > For the hosts on the 10.0.0.0/16 network, like your ws, you have to > > add a route for the 192.168.129.0/24 network via 10.0.0.2, axactly as > > you have done for the linux gateway. > > I already add another route to 192.168.129.x via 10.0.0.2, below are my > kernel route > > - my kernel routing table GW ------------------------------ > panic:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 203.190.72.104 0.0.0.0 255.255.255.248 U 0 0 0 eth0 > 192.168.129.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth1 > 10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 > 0.0.0.0 203.190.72.110 0.0.0.0 UG 0 0 0 eth0 > ----------------------------------------------------------- > > === > > I did another ip block over 192.168.129.x, ip is 192.168.129.50 - just a > test of mine. > Now i can access 192.168.129.50 directly on my workstation, but left is i > can't access > still 192.168.129.x block, and yet except for .50. > > - i add another ip over 192.168.129.x block --------------- > eth1:2 Link encap:Ethernet HWaddr 00:60:08:1F:21:5B > inet addr:192.168.129.50 Bcast:192.168.129.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:9 Base address:0xb400 > ----------------------------------------------------------- > > === > > > As it stands now, if the 10.0.0.0/16 hosts have only a local route and > > a default route, they are sending datagrams bound for the > > 192.168.129.0/24 network to their default gw. Though this is not as > > efficient as having those hosts use the 10.0.0.2 router, it does save > > you the headache of setting static routes on each system. To get this > > to work, I would suspect the problem lies in the filtering and > > mangallind rules on the gw. You can post those rules, if you are > > comfortable with that and you want more help. > > Below are my iptables rules (w/ nat). Yes i guess its on filtering on my gw. > Anyhow, here are my iptables rules again. > > - iptables rules ------------------------------------------ > panic:~# iptables -nL --line-num > Chain INPUT (policy ACCEPT) > num target prot opt source destination > > Chain FORWARD (policy DROP) > num target prot opt source destination > 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > 3 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 > level 4 > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > ----------------------------------------------------------- > > > - iptables nat rules -------------------------------------- > panic:~# iptables -nL --line-num -t nat > Chain PREROUTING (policy ACCEPT) > num target prot opt source destination > 1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > redir ports 3128 > > Chain POSTROUTING (policy ACCEPT) > num target prot opt source destination > 1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > ----------------------------------------------------------- > > > === > > Its only simple rules for iptables, wish someone could give me some light on > my problems. > > > > > > -- > thanks, > louie miranda > > ----- Original Message ----- > From: "jereme" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 26, 2003 11:04 PM > Subject: Re: managing another network route, can't connect to it! Pls see! > > > > Hi Louie, > > > > "louie miranda" <[EMAIL PROTECTED]> writes: > > > Consider the following network: (kindly view the attached txt file for a > > > nicer one) > > > > > > inet > > > | > > > | > > > |203.190.72.108 > > > *-----------------* > > > 10.0.0.1| eth0 |none > > > /----|eth1 eth2|------\ new > network > > > block pipe > > > | | LINUX GW | line cut *--------* > > > 192.168.129.x/24 (network) > > > | *-----------------* | | > > > 10.0.0.2, gw for 192.168.129.x/24 block under LINUX GW > > > | | 192.x | > > > | | | > > > *HUB*-----------------------------------------*--------* > > > | cisco > 2600 > > > router ip of this router is: 10.0.0.2 > > > | > > > | > > > *--* *--* *--* > > > | | | | | | > > > | | | | | | > > > *--* *--* *--* > > > workstations > > > 10.0.0.0/16 block > > > > > > > > > interface: > > > - eth0 = 203.190.72.108, default gw. > > > - eth1 = 10.0.0.0/16, local area network. > > > - eth2 = none > > > > > > > > > > > > =========== > > > > > > Right now im inside 10.0.0.0/16 block, my ip is 10.0.0.11 and my default > gw > > > is via 203.190.72.108. > > > > I think that you mean your default gateway is 10.0.0.1, if your ws has > > a /16 netmask, as you say. > > > > > > > I can access ip block 192.168.129.x on my LINUX GW perfectly. But when > im on > > > my workstations on > > > 10.0.0.11 block i cannot even ping 192.168.129.x block. Which could be > > > possibly be wrong? > > > > For the hosts on the 10.0.0.0/16 network, like your ws, you have to > > add a route for the 192.168.129.0/24 network via 10.0.0.2, axactly as > > you have done for the linux gateway. > > > > As it stands now, if the 10.0.0.0/16 hosts have only a local route and > > a default route, they are sending datagrams bound for the > > 192.168.129.0/24 network to their default gw. Though this is not as > > efficient as having those hosts use the 10.0.0.2 router, it does save > > you the headache of setting static routes on each system. To get this > > to work, I would suspect the problem lies in the filtering and > > mangallind rules on the gw. You can post those rules, if you are > > comfortable with that and you want more help. > > > > > > > > hth, > > jereme > > > > -- > > +--------------------------------------------------------------+ > > Jereme Corrado <[EMAIL PROTECTED]> > > System Administrator > > Restorative Management Corp. > > > > gpg: 1024D/9C39E1F0 > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
