LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-18-2005, 05:22 AM   #1
aronnok
Member
 
Registered: Oct 2004
Location: Dhaka, Bangladesh
Distribution: Redhat Linux 7.2,Redhat Linux 8.0,Redhat Linux 9.0
Posts: 36

Rep: Reputation: 15
A silly but tough Routing problem


Helo all
I am going through a really silly but tough problem. dont know where is my silly mistake.
i have two networks. both of the network uses same class ip. 192.168.1.0. One is Corporate Network, another is our NOC network. Our Corporate network is connected with a radio.
at my NOC end, all my LAN pcs are connected with a firewall pc. this firewall PC has two NIC. our NOC LAN is connected with eth0 ( 192.168.1.253 ) and eth1 ( 192.168.1.169 ) is connected with the radio switch where Corporate Office's LAN is also terminated. so, if we move the NOC end's firewall, This two network will converted into a single Net.

my corporate office has those ip address : 192.168.1.31, 32 , 66 ......
my NOC office has those ip address : 192.168.1.40, 10 , 55 ......

And on my Firewall PC, eth0 has the gateway address of our ISP's ip. and eth1 is having the gateway ip of eth0's IP.

but, when i am trying to ping corporate office ( 31, 66 ).... My linux firewall try to ping it through the eth1 ( 192.168.1.253 ). so, those Ips are unreachable for me.
i have tried : route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0 gw 192.168.1.169
but on that scenario, i am able to ping only corporate office's PC. my NOC becomes Unreachable.

I need to access NOC LAN from my COrporate Office. and vice varsa....

what should be my routing table?
what should be my iptables firewall rules?

Please Help me.
Thanx in advance
 
Old 01-18-2005, 06:20 AM   #2
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
I ran in to the same problem here with regard to my home and corporate office. They both used the same IP subnet. This blocked my ability to VPN into the coprprate network because any attempt to access a server on the corporate network never got there.

My solution was to change the IP subnet on my home network. In my opinion, that's the simplest thing for you to do. You could change your subnet mask to 255.255.255.128 and use addresses 1-126 on one network and 129 to 254 on the other. But I think it would be simpler just to change one of your networks to 192.168.2.0.

You could try to create static routes on each PC and on the firewall. If you had a server in the NOC that was 192.168.1.250, you would need to create static routes on your PCs on the corporate network that pointed all traffic destined to 192.168.1.250 to the default gateway on that network. Then try to create a static route on the firewall/gateway machine that would send traffic destined for 192.168.1.250 through the firewall. I really don't think it would work though.

I don't think there's any configuration you can make on your firewall that will ever solve the problem. You'll have to change the subnet address on one of the networks.
 
Old 01-18-2005, 06:23 AM   #3
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Based on my understanding of your post - short of breaking up your /24 network into smaller subnets -or- putting your NOC on its own /24 network, I think your only choice is to configure your linux box as a bridge between the two networks.
 
Old 01-18-2005, 06:30 AM   #4
aronnok
Member
 
Registered: Oct 2004
Location: Dhaka, Bangladesh
Distribution: Redhat Linux 7.2,Redhat Linux 8.0,Redhat Linux 9.0
Posts: 36

Original Poster
Rep: Reputation: 15
thanx
i have tried with changing the ip subnet
i had configured my NOC LAN as 168.2.0 block. but the prob is, i amable to access
Corporate office Lan from my NOC, but not able to do the revarce.
what should the firewalls rules or routing tables structure?
i am confused.

the reason behind putting the firewall Box inbetween those two LAN is to protect the ISP network from the BROADCAST attack and blocking some other ports. but if my box act like only as a bridge, will it be possible to do the same?
may i have some links to know about bridging. ( my idea about bridging is just too poor )


thanx again.

Last edited by aronnok; 01-18-2005 at 06:35 AM.
 
Old 01-18-2005, 06:31 AM   #5
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
Thinking about this further, even my first post isn't the final solution since it looks like the traffic needs to be routed accross the Internet. Your only solution may be to create a VPN tunnel between the 2 networks. You should then be able to route the traffic through that.
 
Old 01-18-2005, 06:40 AM   #6
aronnok
Member
 
Registered: Oct 2004
Location: Dhaka, Bangladesh
Distribution: Redhat Linux 7.2,Redhat Linux 8.0,Redhat Linux 9.0
Posts: 36

Original Poster
Rep: Reputation: 15
Quote:
since it looks like the traffic needs to be routed accross the Internet.
Is it? i dont think so. coz, my corporate LAN is terminated on my Radio switch and my
firewall's external NIC is also connected on that switch.
am i right ?
 
Old 01-18-2005, 07:21 AM   #7
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
Sorry, I completely misinterpreted the layout of your network. I thought the traffic between the two networks was going out over the Internet. Let me make sure I have this correct.

You have a firewall box with 2 NICs. Eth0 has an IP address of 192.168.1.253 and eth1 has an IP address of 192.168.1.169. Eth1 is connected to some type of radio ethernet switch which also has the connection for all the machines on the Corporate LAN. Is that correct?

My question is, what are you trying to accomplish? Is this firwall box supposed to be the connection for both networks to the Internet but block some traffic from getting between the NOC and Corporate networks? I'm not real clear on that.

Last edited by cowanrl; 01-18-2005 at 07:31 AM.
 
Old 01-18-2005, 07:31 AM   #8
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Have you taken a look at bridging? See:

http://bridge.sourceforge.net
 
Old 01-18-2005, 08:20 AM   #9
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
A couple of questions...

Your Corporate network uses 192.168.1.0 and what netmask? (hopefully 255.255.255.0)
The NOC network needs to be a different number, eg 192.168.2.0/255.255.255.0

This means each network is different.. (important) as cowanrl says..
Then, the NOC network pcs need to be told to use 192.168.2.253 as a gateway
and the corporate network pcs need to be told to use 192.168.1.169 as a gateway

What you will have now is two separate networks.
No broadcasting between them, eg no M$ network..

The bridge however, joins them as if it's just another connection to the network.
Just like any other switch/hub.. no different numbers, no different gateways etc

So, what do you think you will need to be protected from?
What other connections are there to his network?
You mention an ISP network...

Bridging filtering is handled by ebtables, built into the 2.6 kernel, and the ebtables program.
 
Old 01-19-2005, 08:41 AM   #10
aronnok
Member
 
Registered: Oct 2004
Location: Dhaka, Bangladesh
Distribution: Redhat Linux 7.2,Redhat Linux 8.0,Redhat Linux 9.0
Posts: 36

Original Poster
Rep: Reputation: 15
Thanx peter for your reply.
The most silly problem is, my both network is having the same block ip and same subnet. it is 168.1.0/255.0
And acctually, My office is an ISP. we used to provide Radio Link Internet. but recently when we have found a lot of network broadcast packet intercepting my ISP network, we have decided to put t linux box in between them to protect my core ISP network.
i have configured bridge today. but the prob is, my distro is RH 9.0 and kernel 2.4.20 . but ebtables doesn't have any kernel patch to activate 2.4.20 based kernel's netfiltering capability. so, right now my linux box is just acting like a switch.
br0 : 192.168.1.169
eth0 : 0.0.0.0
eth1 : 0.0.0.0

and i am getting a lot of udp broadcast packet from both of the network. i am totally helpless to protect my core ISP network.
any idea to solve the scenario?
thanx again.
 
Old 01-19-2005, 03:19 PM   #11
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
In any M$ network there will be huge amounts of udp broadcasting..

RH9 works ok with a 2.6 kernel..
You can roll your own one, just gotta make sure the config file from your current kernel is used when you do "make menuconfig"
This will avoid losing any necessary module requirements..
You can make changes after that..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Silly sata problem tlann75 Linux - Hardware 2 06-09-2005 07:42 PM
TV tuner bizarre yet silly problem Mandrake 10.1 carl0ski Linux - Hardware 2 02-27-2005 03:35 PM
Very silly DNS Problem thebalance Linux - Networking 2 09-30-2004 02:38 PM
a silly noobie installation problem, sorry, but i need a little advice PurpleArmor Linux - Newbie 4 07-06-2004 12:28 PM
silly slackware update problem teacup LinuxQuestions.org Member Success Stories 1 04-22-2004 09:59 PM


All times are GMT -5. The time now is 04:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration