Hi,
I´ve been playing round with linux for a couple of years now and have managed to do quite a few tricks with it........but i´ve hit a brick wall with this issue. I´ve been googling it all day and had no luck, i´m sure there´s an easy solution i have overlooked.

I have a Fedora box set up with 2 nics. The Firestarter GUI insalled.
2 networks - 172.x.x.x (internal) and 192.x.x.x (external)
eth0 - 192.168.252.14
eth1 - 172.17.1.14
Fedora box routes everything fine from any pc on the 172.x.x.x range through to any pc on the 192.x.x.x range, but no the other way.

I have set a route on the machines in the 192 range as:

172.17.1.0 255.255.255.0 192.168.252.14 (eth0)

and it can pint eth1 (172.17.1.14) fine, but nothing past that.

Can anyone help??? As I said, i´m sure it something really simple....and my brain is fried from sitting here for hour staring at this monitor :-(
Thanx in advance.

Halo

I may be clutching at straws here but could this be a firewall issue?? I.e. Do the 192 PCs have the 172 PCs set as trusted, but the 172 PCs are blocking traffic from the 192 PCs? - Just a thought.

Also, when you say:
Do you mean a PC on the 192 subnet (e.g. PC 192.168.252.13) can ping 172.17.1.14 but not, for example, 172.17.1.13?

There are a couple of issues that need to be looked at. One being where is your default route set to. And probably most importantly, what you have done with the firewall. I haven't used your firestarter GUI but I do use IPtables. Typically if you put ANY chain or filter in besides the default ones that allow everything, you must put something in for everything. Get the point. So, I would first turn off iptables and then try it. If it works, its got to do with the firewall. If it doesn't, it may be your routing statements. If it is the firewall, then try writing a rule that allows the traffic one way and then write one that allows it the other way. Or however you want it set up. Try that and repost.

The 192.x.x.x (external) network would'nt be having any route for 172.x.x.x network.
You can verify the same with shuttting down your firewall for some time & then try if you get any replies for your ping 192.x.x.x packets ?

Another thing is that i really dont understand about what you mean by 192.x.x.x network being external ?????
Can you be more specific or detail in this regards ?

Hi, and thank you for your replys.
Even with the firewall stopped, I still can´t ping the 172 network. But even if it was a firewall issue, u would think it would be stoppping me from pinging Eth1 (172.17.1.14) when it´s on...but it doesn´t.

Yep, thats rite.....

ScooterB,
with iptables stopped I get the same issue. So i´m thinkin it´s gotta be a route issue.
Route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.252.0 192.168.252.14 255.255.255.0 UG 0 0 0 eth0
192.168.252.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.175.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.17.1.0 172.17.1.14 255.255.255.0 UG 0 0 0 eth1
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.252.254 0.0.0.0 UG 0 0 0 eth0

amitsharma_26,
Sorry, shouldn´t have used external. 192.x.x.x network is dmz.

Thanx again for your replys.
Halo

After replying to another post similar to yours today, it came to me. You need a Source network translation rule for each of the two networks. That's why with the firewall off it still didn't work. I made a similar recommendation to another poster and he came back and said that it did the trick. Try setting up the snat statements for each netork and give it a go. Then repost.

Excellent........SNAT set up and networks are pinging beautifully!!! Thanx for that scooterB.....much appreciated!!
Cheers.

You're quite welcome. That's what we're all here for. Now enjoy!