towme 05-27-2009 03:19 PM

VLAN, Bridge, Route - Cant get my head around it
Hi guys,

I have the following setup:
Two sites with one Internet access.
At one site
ISP modem with VLAN3023, and VLAN3024 - Router (VLAN3023/, mask,VLAN3024/one public ip address/,eth0/ mask - subnet

Other site
Modem with the other end of VLAN3023 - Router (eth0/ mask, eth1/ mask

At the first site I use masquerading to connect to the internet.
I can ping and traceroute any public internet ip or name from any of the sites. the interfaces in the network can ping each other, but i can not ping from or vica versa.

What am i missing here?

here is a lame network topology drawing to help.

Modem 1            Router 1
|---------|  |-----------------------|
|VLAN3024 |  |VLAN3024 x.y.245.234/30|
|        | - |VLAN3023| - subnet
|VLAN3023 |  |eth0  |
|---------|  |-----------------------|
Modem 2 |        Router 2 
|--------|  |---------------------|
|VLAN3023| - |eth0  |
|--------|  |eth1| - subnet


ouain 05-31-2009 05:49 PM

additional information
I see no obvious mistake here.

In order to troubleshoot this setup, it would be useful to see where the packets are stuck.

Could you post the results, while pinging from, of:

on router 1: tcpdump -n -i <name of your interface in 3023> icmp
tcpdump -n -i eth0 icmp
route -n

on router 2: tcpdump -n -i eth0 icmp
(I assume eth0 is in 3023 without any vlan tagging)
tcpdump -n -i eth1 icmp
route -n

I think this will help to understand where the packets are blocked.

Also, can router 2 ping And can router 1 ping

