CentOS Routing Problem

I am having a problem where I am unable to communicate with a CentOS box from any subnet other than its own.  I have verified connectivity across the subnets with different machines and my firewalls are allowing all traffic between subnets.  This machine has an internal interface and a global interface.  Any traffic originating on the 192.168.100.0 subnet communicates just fine but if I try to ping or ssh from a 192.168.140.0 subnet I get nothing.  Here is the routing table below.
[root@webserv ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
xxx.xxx.xxx.xxx   *               255.255.255.224 U     0      0        0 eth0
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default        xxxxxxxxxx.ine 0.0.0.0         UG    0      0        0 eth0

Open in new window

suseadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

namolCommented:
This sounds like an iptables issue where it's blocking all the other subnets. What does iptables --list say?
0
suseadminAuthor Commented:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
 ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:scientia-ssdb
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp2
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:qencp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp1
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6472
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6464
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
0
fosiul01Commented:
HAve you enabled ip forward ??

cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

also, if you are tring to internet sharing then you will have to add this rule

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

here eth0 ( is connectd to isp)

so how many ethernet card do you have in this pc ??
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

michofreihaCommented:
You need to add your GW IP to the routing table as follow:

route add default gw GW_IP eth0

if eth0 is the ethernet card connected to the public network...
0
rackaid2Commented:
Yes, looks like you have not default gateway.

Check /etc/sysconfig/network

See if you have a
GATEWAY=IPADDR
Where IPDDR is your gateway IP.

If it is not there, then add your gateway IP and restart the network.
0
BlazCommented:
Is the 192.168.140.0 network connected through your internal interface - 192.168.100.0 network?

If so - what is your internal  gateway on 192.168.100.0 network?

Add rule (assuming internal gw is 192.168.100.1):
route add -net 192.168.140.0 netmask 255.255.255.0 gw 192.168.100.1 eth1
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
suseadminAuthor Commented:
Yes that did the trick.  Thank you very much.
0
BlazCommented:
Remember that this rule is not presistent - after reboot it will be gone. You must add the command to some startup script like /etc/rc.local or similar.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.