?
Solved

CentOS Routing Problem

Posted on 2009-07-09
8
Medium Priority
?
1,093 Views
Last Modified: 2013-11-08
I am having a problem where I am unable to communicate with a CentOS box from any subnet other than its own.  I have verified connectivity across the subnets with different machines and my firewalls are allowing all traffic between subnets.  This machine has an internal interface and a global interface.  Any traffic originating on the 192.168.100.0 subnet communicates just fine but if I try to ping or ssh from a 192.168.140.0 subnet I get nothing.  Here is the routing table below.
[root@webserv ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
xxx.xxx.xxx.xxx   *               255.255.255.224 U     0      0        0 eth0
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default        xxxxxxxxxx.ine 0.0.0.0         UG    0      0        0 eth0

Open in new window

0
Comment
Question by:suseadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:namol
ID: 24816728
This sounds like an iptables issue where it's blocking all the other subnets. What does iptables --list say?
0
 

Author Comment

by:suseadmin
ID: 24816754
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
 ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:scientia-ssdb
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp2
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:qencp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp1
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6472
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6464
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24817095
HAve you enabled ip forward ??

cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

also, if you are tring to internet sharing then you will have to add this rule

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

here eth0 ( is connectd to isp)

so how many ethernet card do you have in this pc ??
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 9

Expert Comment

by:michofreiha
ID: 24817240
You need to add your GW IP to the routing table as follow:

route add default gw GW_IP eth0

if eth0 is the ethernet card connected to the public network...
0
 
LVL 1

Expert Comment

by:rackaid2
ID: 24818494
Yes, looks like you have not default gateway.

Check /etc/sysconfig/network

See if you have a
GATEWAY=IPADDR
Where IPDDR is your gateway IP.

If it is not there, then add your gateway IP and restart the network.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 1000 total points
ID: 24820704
Is the 192.168.140.0 network connected through your internal interface - 192.168.100.0 network?

If so - what is your internal  gateway on 192.168.100.0 network?

Add rule (assuming internal gw is 192.168.100.1):
route add -net 192.168.140.0 netmask 255.255.255.0 gw 192.168.100.1 eth1
0
 

Author Closing Comment

by:suseadmin
ID: 31601760
Yes that did the trick.  Thank you very much.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24822179
Remember that this rule is not presistent - after reboot it will be gone. You must add the command to some startup script like /etc/rc.local or similar.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating a Samba server for a small office. Ubuntu Linux and Samba can breathe new life into a retired PC and save an office money on new hardware/software. Our example server will have two hard disks, one exclusively for storing shared data. …
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question