Solved

CentOS Routing Problem

Posted on 2009-07-09
8
1,085 Views
Last Modified: 2013-11-08
I am having a problem where I am unable to communicate with a CentOS box from any subnet other than its own.  I have verified connectivity across the subnets with different machines and my firewalls are allowing all traffic between subnets.  This machine has an internal interface and a global interface.  Any traffic originating on the 192.168.100.0 subnet communicates just fine but if I try to ping or ssh from a 192.168.140.0 subnet I get nothing.  Here is the routing table below.
[root@webserv ~]# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 

xxx.xxx.xxx.xxx   *               255.255.255.224 U     0      0        0 eth0

192.168.100.0   *               255.255.255.0   U     0      0        0 eth1

169.254.0.0     *               255.255.0.0     U     0      0        0 eth1

default        xxxxxxxxxx.ine 0.0.0.0         UG    0      0        0 eth0

Open in new window

0
Comment
Question by:suseadmin
8 Comments
 
LVL 7

Expert Comment

by:namol
ID: 24816728
This sounds like an iptables issue where it's blocking all the other subnets. What does iptables --list say?
0
 

Author Comment

by:suseadmin
ID: 24816754
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
 ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:scientia-ssdb
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp2
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:qencp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp1
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6472
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6464
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24817095
HAve you enabled ip forward ??

cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

also, if you are tring to internet sharing then you will have to add this rule

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

here eth0 ( is connectd to isp)

so how many ethernet card do you have in this pc ??
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 24817240
You need to add your GW IP to the routing table as follow:

route add default gw GW_IP eth0

if eth0 is the ethernet card connected to the public network...
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Expert Comment

by:rackaid2
ID: 24818494
Yes, looks like you have not default gateway.

Check /etc/sysconfig/network

See if you have a
GATEWAY=IPADDR
Where IPDDR is your gateway IP.

If it is not there, then add your gateway IP and restart the network.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24820704
Is the 192.168.140.0 network connected through your internal interface - 192.168.100.0 network?

If so - what is your internal  gateway on 192.168.100.0 network?

Add rule (assuming internal gw is 192.168.100.1):
route add -net 192.168.140.0 netmask 255.255.255.0 gw 192.168.100.1 eth1
0
 

Author Closing Comment

by:suseadmin
ID: 31601760
Yes that did the trick.  Thank you very much.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24822179
Remember that this rule is not presistent - after reboot it will be gone. You must add the command to some startup script like /etc/rc.local or similar.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

In order for businesses to be compliant with certain information security laws in some countries, you need to be able to prove that a user (which user it was becomes important to the business to take action against the user after an event has occurr…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now