Solved

CentOS Routing Problem

Posted on 2009-07-09
8
1,090 Views
Last Modified: 2013-11-08
I am having a problem where I am unable to communicate with a CentOS box from any subnet other than its own.  I have verified connectivity across the subnets with different machines and my firewalls are allowing all traffic between subnets.  This machine has an internal interface and a global interface.  Any traffic originating on the 192.168.100.0 subnet communicates just fine but if I try to ping or ssh from a 192.168.140.0 subnet I get nothing.  Here is the routing table below.
[root@webserv ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
xxx.xxx.xxx.xxx   *               255.255.255.224 U     0      0        0 eth0
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default        xxxxxxxxxx.ine 0.0.0.0         UG    0      0        0 eth0

Open in new window

0
Comment
Question by:suseadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:namol
ID: 24816728
This sounds like an iptables issue where it's blocking all the other subnets. What does iptables --list say?
0
 

Author Comment

by:suseadmin
ID: 24816754
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
 ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:scientia-ssdb
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp2
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:qencp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp1
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6472
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6464
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24817095
HAve you enabled ip forward ??

cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

also, if you are tring to internet sharing then you will have to add this rule

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

here eth0 ( is connectd to isp)

so how many ethernet card do you have in this pc ??
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 9

Expert Comment

by:michofreiha
ID: 24817240
You need to add your GW IP to the routing table as follow:

route add default gw GW_IP eth0

if eth0 is the ethernet card connected to the public network...
0
 
LVL 1

Expert Comment

by:rackaid2
ID: 24818494
Yes, looks like you have not default gateway.

Check /etc/sysconfig/network

See if you have a
GATEWAY=IPADDR
Where IPDDR is your gateway IP.

If it is not there, then add your gateway IP and restart the network.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24820704
Is the 192.168.140.0 network connected through your internal interface - 192.168.100.0 network?

If so - what is your internal  gateway on 192.168.100.0 network?

Add rule (assuming internal gw is 192.168.100.1):
route add -net 192.168.140.0 netmask 255.255.255.0 gw 192.168.100.1 eth1
0
 

Author Closing Comment

by:suseadmin
ID: 31601760
Yes that did the trick.  Thank you very much.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24822179
Remember that this rule is not presistent - after reboot it will be gone. You must add the command to some startup script like /etc/rc.local or similar.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 106
iptables limit connection per ip correct way ? 2 298
linux(debian) mouse poor performance 4 84
Issue when using 'yum update' 4 19
Creating a Samba server for a small office. Ubuntu Linux and Samba can breathe new life into a retired PC and save an office money on new hardware/software. Our example server will have two hard disks, one exclusively for storing shared data. …
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question