LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-08-2010, 04:29 AM   #1
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Rep: Reputation: 0
Exclamation Routing ???


Hi guys!

I have a firewall Ubuntu 10.04 with 3 nic interface (Wan, Dmz, Lan with Vlan tagging 8021q).

I would configure this machine with static routing between Vlan on ethint and ethdmz but I don't figure out how to do this infact I can't ping from Vlan to dmz and viceversa. If I add a static routing on windows machine on vlan "route add -p 172.18.110.0 mask 255.255.255.248 172.18.120.1" I can ping the firewall 172.18.110.1 but I can't ping the server 172.18.110.5 for example.

Now I don't want to apply this routing rules on all windows machine but I want add static routing on firewall so I can ping from Vlan the Dmz zone and viceversa.

Thanks all from helping me!

Regards
Gianni
 
Old 10-08-2010, 04:46 AM   #2
fuubar2003
Member
 
Registered: May 2004
Location: Orlando, Florida
Distribution: SLES10/11, RH4/5 svrs, Fedora, Debian/Ubuntu/Mint; FreeBSD/OpenBSD
Posts: 63

Rep: Reputation: 26
Do some research on NAT and NAT PREROUTING rules.
 
Old 10-08-2010, 04:49 AM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Here is a really good document that will help you get started:
 
Old 10-08-2010, 05:04 AM   #4
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
I would add static routing between two networks non natting them!

I know iptables and I have just try this with natting and works, but I don't want natting those interfaces, I want simply routing (not bridging)!

FW
| --- ethext 192.xx.xx.xx
| --- ethdmz 172.18.110.0
| --- ethint 172.18.120.0 (vlan id 120)

I want route all packets from interface vlan120 with destination 172.18.110.0 to ethdmz

This is my route command
Tabella di routing IP del kernel
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
172.18.110.0 * 255.255.255.248 U 0 0 0 ethdmz
172.18.150.0 * 255.255.255.224 U 0 0 0 vlan150
172.18.90.0 * 255.255.255.224 U 0 0 0 vlan90
172.18.130.0 * 255.255.255.0 U 0 0 0 vlan130
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 ethext
172.18.140.0 * 255.255.255.0 U 0 0 0 vlan140
172.18.120.0 * 255.255.252.0 U 0 0 0 vlan120
default 192.168.1.254 0.0.0.0 UG 100 0 0 ethext


I will use iptables for natting ethint for internet connections.

Thanks for advice

Last edited by giannir; 10-08-2010 at 05:18 AM.
 
Old 10-10-2010, 04:40 AM   #5
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Unhappy

nobody can help me?
 
Old 10-11-2010, 04:28 AM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
If I add a static routing on windows machine on vlan "route add -p 172.18.110.0 mask 255.255.255.248 172.18.120.1" I can ping the firewall 172.18.110.1 but I can't ping the server 172.18.110.5
ROUTING works one way. The above statement is shown in your route table as: 172.18.110.0 * 255.255.255.248 U 0 0 0 ethdmz
What ever machine you have entered this on, will route traffic destined for 172.18.110.0 to 172.18.110.7 via the ethdmz interface. Once it gets there, how does the returning machine know where to send it if ethdmz has a different routing domain?

This is where the NAT comes into play and why we suggested using Iptables to use the NAT table and recommended some really good material on how to configure Iptables.
 
Old 10-12-2010, 03:30 AM   #7
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
I have just do it with iptables and nat and it works great!

My problem is that on copying big files from vlan to dmz windows goes in error about "The specified network name is no longer available" and so I would try to routing manually packets instead of natting.

Thanks to all can help me!
 
Old 10-13-2010, 02:15 AM   #8
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, Kali Linux, Raspbian
Posts: 166

Rep: Reputation: 10
1. do you able to access internet through the router ?
2. Do you able to ping DMZ zone Server from Default VLAN ?
3. What is your gateway of both of the PC's in VLAN and DMZ ?
4. Did you allowed net forwarding ?
5. Do you have iptables rules to accept LAN to DMZ and DMZ to LAN traffic ?
 
Old 10-13-2010, 04:21 AM   #9
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
My problem is that on copying big files from vlan to dmz windows goes in error about "The specified network name is no longer available"
My initial reaction is that this doesn't sound like a routing versus NAT error and makes me think that something else is going on. What kind of 'connection' are you using between your Ubuntu and Windows systems? Are you using Samba? What version of windows are you using?

Have you tried to google the error "The specified network name is no longer available"? I put this into google and it appears to be a common problem, with Samba, Windows server 2003, Windows, 7, etc. I did a search through some of the threads this seems to have a lot of varied suggestions with the solution ranging from new drivers to bad switches, and even a mis-configured DHCP.

One other important thing: look in your Windows even viewer. That will give you a lot more information about the cause of the error message!

Last edited by Noway2; 10-13-2010 at 04:22 AM. Reason: additional question
 
Old 10-13-2010, 10:58 AM   #10
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by kaushalpatel1982 View Post
1. do you able to access internet through the router ?
2. Do you able to ping DMZ zone Server from Default VLAN ?
3. What is your gateway of both of the PC's in VLAN and DMZ ?
4. Did you allowed net forwarding ?
5. Do you have iptables rules to accept LAN to DMZ and DMZ to LAN traffic ?
1) Yes, I can access internet
2) Yes, I can ping Dmz zone from vlan
3) Yes, My gateway is both of the PC's in VLAN and DMZ with 2 nic (one in trunking for VLAN and one for DMZ)
4) Yes, there are rules for masquerading
5) Yes, all ports are open in both ways
 
Old 10-13-2010, 11:03 AM   #11
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Noway2 View Post
My initial reaction is that this doesn't sound like a routing versus NAT error and makes me think that something else is going on. What kind of 'connection' are you using between your Ubuntu and Windows systems? Are you using Samba? What version of windows are you using?

Have you tried to google the error "The specified network name is no longer available"? I put this into google and it appears to be a common problem, with Samba, Windows server 2003, Windows, 7, etc. I did a search through some of the threads this seems to have a lot of varied suggestions with the solution ranging from new drivers to bad switches, and even a mis-configured DHCP.

One other important thing: look in your Windows even viewer. That will give you a lot more information about the cause of the error message!
The connection is a patch cord cat6 between ubuntu (nic Dmz) and Windows server 2003 with active directory.

I have googled a lot but I haven't found a solution to my problem!

I have also try to copy by ftp and transfers works, I have changed switch and the problem permain.

What problem can be with dhcp? It's the only thinks that I don't try!
Can be a problem because I don't have a wins server? I configured only dns with bind and dhcp3 server.

Thanks for the support guys!
 
Old 10-13-2010, 11:38 AM   #12
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
If I recall correctly, the problem that someone experienced with the DHCP was that the leases were getting reset every few minutes and this caused the large(r) file transfer to abort. What error message are you getting in your Windows event logs? This should help point you (us) in the right direction.
 
Old 10-15-2010, 03:33 AM   #13
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
No, It can't be a dhcp problem because the lease is set to 8h.

Now I can't see windows event log, but I remember that on W2K3 there was anything important item but I have not seen on windows client.

Any idea?
 
Old 10-15-2010, 03:35 AM   #14
giannir
LQ Newbie
 
Registered: Oct 2010
Posts: 12

Original Poster
Rep: Reputation: 0
I add a network detail:
there aren't wins server but only bind server (dns).

If samba uses wins for naming resolution after a time(x) maybe it can be the problem...

It's only an idea...
 
Old 10-16-2010, 07:52 AM   #15
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
I agree that something appears to be resetting and I suspect that this is causing your disconnection. Unfortunately, I am not knowledgeable enough with Windows networking to be able to make a suggestion, which is why I suggested the event logs. Granted, Windows tries to obfuscate all of the under workings, but somewhere there has to be a meaningful error message. By using the patch cable, you have ruled out a lot of potential hardware issues, which leaves configuration settings and protocol incompatibilities.

If you haven't already, perhaps you should post this on a Windows based forum or find an IRC channel for Windows networking as the problem is probably on the Windows side.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic routing isn't done; static routing works for about 2 seconds for wireless gregorian Linux - Networking 7 02-19-2010 06:43 AM
pre routing , post routing and qos support msridhar87 Linux - Networking 0 02-13-2009 05:37 AM
Routing satish Linux - Networking 5 07-10-2008 12:33 AM
real routing under nat routing nothingmuch Linux - Networking 4 10-27-2003 03:11 PM
Routing lumux Linux - Networking 4 08-22-2003 06:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration