Solved

CentOS Routing Problem

Posted on 2009-07-09
8
1,088 Views
Last Modified: 2013-11-08
I am having a problem where I am unable to communicate with a CentOS box from any subnet other than its own.  I have verified connectivity across the subnets with different machines and my firewalls are allowing all traffic between subnets.  This machine has an internal interface and a global interface.  Any traffic originating on the 192.168.100.0 subnet communicates just fine but if I try to ping or ssh from a 192.168.140.0 subnet I get nothing.  Here is the routing table below.
[root@webserv ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
xxx.xxx.xxx.xxx   *               255.255.255.224 U     0      0        0 eth0
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default        xxxxxxxxxx.ine 0.0.0.0         UG    0      0        0 eth0

Open in new window

0
Comment
Question by:suseadmin
8 Comments
 
LVL 7

Expert Comment

by:namol
ID: 24816728
This sounds like an iptables issue where it's blocking all the other subnets. What does iptables --list say?
0
 

Author Comment

by:suseadmin
ID: 24816754
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
 ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:scientia-ssdb
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp2
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:qencp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:rockwell-csp1
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6472
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6464
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24817095
HAve you enabled ip forward ??

cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

also, if you are tring to internet sharing then you will have to add this rule

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

here eth0 ( is connectd to isp)

so how many ethernet card do you have in this pc ??
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 9

Expert Comment

by:michofreiha
ID: 24817240
You need to add your GW IP to the routing table as follow:

route add default gw GW_IP eth0

if eth0 is the ethernet card connected to the public network...
0
 
LVL 1

Expert Comment

by:rackaid2
ID: 24818494
Yes, looks like you have not default gateway.

Check /etc/sysconfig/network

See if you have a
GATEWAY=IPADDR
Where IPDDR is your gateway IP.

If it is not there, then add your gateway IP and restart the network.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24820704
Is the 192.168.140.0 network connected through your internal interface - 192.168.100.0 network?

If so - what is your internal  gateway on 192.168.100.0 network?

Add rule (assuming internal gw is 192.168.100.1):
route add -net 192.168.140.0 netmask 255.255.255.0 gw 192.168.100.1 eth1
0
 

Author Closing Comment

by:suseadmin
ID: 31601760
Yes that did the trick.  Thank you very much.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24822179
Remember that this rule is not presistent - after reboot it will be gone. You must add the command to some startup script like /etc/rc.local or similar.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question