[ale] next stupid ipchains question
Joe Steele
joe at madewell.com
Sat Sep 9 18:17:03 EDT 2000
Wandered Inn wrote:
> No, it's reversed. 192.168.10.220 is b.dmz.edu the router and
> 192.168.10.215 is a.dmz.edu, the machine denali is attempting to connect
> to.
What you say above makes me question what you had said earlier about
routing:
> Here are the routes I expect are permitting the communications:
> (b.home.edu is the router in question)
>
> for machine 192.168.255.253
> default b.home.edu 0.0.0.0 UG 0 0 0 eth0
>
> (b.dmz.edu is the same router referencing it from the other subnet)
> for machine 192.168.10.220
> 192.168.255.0 b.dmz.edu 255.255.255.0 UG 0 0 0 eth1
(In the following, I'm presuming that your referral to the routes for
machine "192.168.10.220" is not a typo which should have read
192.168.10.215.)
If 192.168.10.220 is the same as b.dmz.edu, then why would it have the
route entry shown above, which says to use a gateway for 192.168.225.0
when in fact it has a direct connection? (Of course, the gateway is a
reference to itself, so it may work anyway -- I don't know.) I would
have expected it to have a route entry like this:
192.168.255.0 * 255.255.255.0 U 0 0 0 eth1
On the other hand, I don't think you've said what routes are being used
on a.dmz.edu. But if you are switching from a masqueraded setup to a
non-masqueraded setup, then you would have to add the following route to
a.dmz.edu:
192.168.255.0 b.dmz.edu 255.255.255.0 UG 0 0 0 <dev name>
The fact that you've sniffed packets arriving at a.dmz.edu without any
replies makes me wonder if this route is missing.
--Joe
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list