[TriLUG] Network Routing

[Ben Pitzer]

Jason,

Your problem here may be with multiple default gateways.  You should only
have one default gateway, and the fact that you have routes set up to
192.168.0.0/24 through two interfaces (eth0 and ipsec0).  Also, you have
multiple routes to anything on that ###.###.###.112/29 network through eth1
(defined) ipsec1 (also defined), and through the default gateway on eth1.
You'd be much better off defining single routes to things through the
desired interface (no need to duplicate the route on both the eth0 and
ipsec0, for example.  The OS knows the difference, even though the ipsec0 is
a virtual interface).

Plus, since ###.###.###.112 is the network number of that /29, pinging it is
not going to get you the results that you probably want.  Ping a host within
that subnet, and you might do better, the way you did with ###.###.###.113.
Pinging the subnet number or broadcast will only get responses from every
host on the network for each packet you ping with.  Not typically a good
idea, just as pinging the broadcast, in your case .119, isn't a great idea.

Good luck!

Regards,
Ben Pitzer

---------------------------------------------

"Those that can give up essential liberty to obtain a little temporary
safety
 deserve neither liberty nor safety."
 --Ben Franklin--





> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> Behalf Of Jason Purdy
> Sent: Monday, September 08, 2003 9:52 AM
> To: Triangle Linux Users Group discussion list
> Subject: [TriLUG] Network Routing
>
>
> I need some help in figuring out some networking "stuff" - I have a
> Debian Linux server with two NIC's, one hooked up to the internal switch
> and the other hooked to a switch that splits out our (fractured) T-1.
> I'm also in the middle of an ipsec (FreeS/WAN) install, which may be
> messing things up.
>
> I can ping our internal network just fine.  When I ping up our internet,
> I start to see duplicating bouncebacks:
>
> # ping 192.168.0.1
> PING 192.168.0.1 (192.168.0.1): 56 data bytes
> 64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=4.1 ms
>
> # ping ###.###.###.113
> PING ###.###.###.113 (###.###.###.113): 56 data bytes
> 64 bytes from ###.###.###.113: icmp_seq=0 ttl=254 time=0.6 ms
> 64 bytes from ###.###.###.113: icmp_seq=1 ttl=254 time=0.6 ms
>
> # ping ###.###.###.112
> PING ###.###.###.112 (###.###.###.112): 56 data bytes
> 64 bytes from ###.###.###.115: icmp_seq=0 ttl=255 time=0.0 ms
> 64 bytes from ###.###.###.116: icmp_seq=0 ttl=255 time=0.2 ms (DUP!)
> 64 bytes from ###.###.###.113: icmp_seq=0 ttl=254 time=0.8 ms (DUP!)
>
> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> ###.###.###.112 *               255.255.255.248 U     0      0
>     0 eth1
> ###.###.###.112 *               255.255.255.248 U     0      0        0
> ipsec1
> 192.168.0.0     *               255.255.255.0   U     0      0
>     0 eth0
> 192.168.0.0     *               255.255.255.0   U     0      0        0
> ipsec0
> default         ###.###.###.113 0.0.0.0         UG    0      0
>     0 eth1
> default         192.168.0.1     0.0.0.0         UG    0      0
>     0 eth0
>
> So now I cannot ping any external IP #'s:
> # ping 152.2.25.2
> PING 152.2.25.2 (152.2.25.2): 56 data bytes
>
> --- 152.2.25.2 ping statistics ---
> 150 packets transmitted, 0 packets received, 100% packet loss
>
> Ifconfig output below...
>
> I'm not sure what this all means.  Can someone point me in the right
> direction?
>
> Thanks,
>
> Jason
>
> PS: I #'d out the IP addresses not b/c I don't trust you guys ... more
> like the harvesters on the Web access to our mailing list.
>
> PSS: ifconfig output:
>
> # ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:07:E9:80:86:FE
>            inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
>            RX packets:2213406 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:232004 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:216728147 (206.6 MiB)  TX bytes:98403841 (93.8 MiB)
>
> eth1      Link encap:Ethernet  HWaddr 00:01:53:80:F0:08
>            inet addr:###.###.###.115  Bcast:###.###.###.255
> Mask:255.255.255.248
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:198033 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:71754 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:48310063 (46.0 MiB)  TX bytes:7403565 (7.0 MiB)
>
> ipsec0    Link encap:Ethernet  HWaddr 00:07:E9:80:86:FE
>            inet addr:192.168.0.12  Mask:255.255.255.0
>            UP RUNNING NOARP  MTU:16260  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>
> ipsec1    Link encap:Ethernet  HWaddr 00:01:53:80:F0:08
>            inet addr:###.###.###.115  Mask:255.255.255.248
>            UP RUNNING NOARP  MTU:16260  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>
> lo        Link encap:Local Loopback
>            inet addr:127.0.0.1  Mask:255.0.0.0
>            UP LOOPBACK RUNNING  MTU:16436  Metric:1
>            RX packets:449 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:449 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:35992 (35.1 KiB)  TX bytes:35992 (35.1 KiB)
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>