[ale] next stupid ipchains question

Joe Steele joe at madewell.com
Sat Sep 9 18:17:03 EDT 2000


Wandered Inn wrote:
> No, it's reversed. 192.168.10.220 is b.dmz.edu the router and
> 192.168.10.215 is a.dmz.edu, the machine denali is attempting to connect
>  to.

What you say above makes me question what you had said earlier about 
routing:

> Here are the routes I expect are permitting the communications:
> (b.home.edu is the router in question)
> 
> for machine 192.168.255.253
> default       b.home.edu    0.0.0.0     UG  0   0   0 eth0
> 
> (b.dmz.edu is the same router referencing it from the other subnet)
> for machine 192.168.10.220
> 192.168.255.0   b.dmz.edu    255.255.255.0  UG   0   0   0 eth1

(In the following, I'm presuming that your referral to the routes for 
machine "192.168.10.220" is not a typo which should have read 
192.168.10.215.)

If 192.168.10.220 is the same as b.dmz.edu, then why would it have the 
route entry shown above, which says to use a gateway for 192.168.225.0 
when in fact it has a direct connection?  (Of course, the gateway is a 
reference to itself, so it may work anyway -- I don't know.)  I would 
have expected it to have a route entry like this:

192.168.255.0   *             255.255.255.0  U    0   0   0 eth1

On the other hand, I don't think you've said what routes are being used 
on a.dmz.edu.  But if you are switching from a masqueraded setup to a 
non-masqueraded setup, then you would have to add the following route to 
a.dmz.edu:

192.168.255.0   b.dmz.edu    255.255.255.0  UG   0   0   0 <dev name>

The fact that you've sniffed packets arriving at a.dmz.edu without any 
replies makes me wonder if this route is missing.

--Joe
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list