Jeff Jansen
2017-10-21 21:44:55 UTC
Dear Alex,
Routes are "advertised" by your DHCP server. I assume that's on your
router. What software are you using? I use 'dnsmasq'. To send your route
out to all DHCP clients I would add:
dhcp-option=121,10.100.0.0/24,10.0.0.200
to my dnsmasq configuration file and reload dnsmasq. Then all my clients
would have to re-query the DHCP server to get the new route. But then all
the clients should be able to talk to the 10.100.0.0/24 network directly
through the 10.0.0.200 gateway without involving your router at all.
That doesn't answer why your router won't send the packets destined for
10.100.0.0/24 network on to the 10.0.0.200 gateway anyway. I assume the
router is working otherwise. That the router has
'/proc/sys/net/ipv4/ip_forward'
= 1 and it's not overridden in '/proc/sys/net/ipv4/conf/DEV/forwarding'.
That iptables has a FORWARD rule which allows traffic to traverse the
router. (iptables was new in the 2.6 kernel. It was ipchains in 2.4.)
I would run:
ip route list
cat /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/conf/DEV/forwarding #where 'DEV' is the internal
network interface
iptables -vnL FORWARD
and make sure that the router knows the gateway for the 10.100.0.0/24
network, that it's set to forward (and not overruled on the internal
network interface), and that iptables is allowing forwarding when a packet
comes in and goes back out the internal interface.
HTH
Jeff
Routes are "advertised" by your DHCP server. I assume that's on your
router. What software are you using? I use 'dnsmasq'. To send your route
out to all DHCP clients I would add:
dhcp-option=121,10.100.0.0/24,10.0.0.200
to my dnsmasq configuration file and reload dnsmasq. Then all my clients
would have to re-query the DHCP server to get the new route. But then all
the clients should be able to talk to the 10.100.0.0/24 network directly
through the 10.0.0.200 gateway without involving your router at all.
That doesn't answer why your router won't send the packets destined for
10.100.0.0/24 network on to the 10.0.0.200 gateway anyway. I assume the
router is working otherwise. That the router has
'/proc/sys/net/ipv4/ip_forward'
= 1 and it's not overridden in '/proc/sys/net/ipv4/conf/DEV/forwarding'.
That iptables has a FORWARD rule which allows traffic to traverse the
router. (iptables was new in the 2.6 kernel. It was ipchains in 2.4.)
I would run:
ip route list
cat /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/conf/DEV/forwarding #where 'DEV' is the internal
network interface
iptables -vnL FORWARD
and make sure that the router knows the gateway for the 10.100.0.0/24
network, that it's set to forward (and not overruled on the internal
network interface), and that iptables is allowing forwarding when a packet
comes in and goes back out the internal interface.
HTH
Jeff
Ok, I've tried every possible thing I could do to get routing to
alternate gateways working correctly and nothing is working short of
putting static routes on any machine that can handle them so I've got to
ask for help again. Are there any security features in kernel 4.9 that
perhaps weren't present way back in kernel 2.4 that would prevent a
machine operating as the main gateway from issuing a reroute?
If the primary gateway is 10.0.0.1/24 and I add a static route to send
route -add net 10.100.0.0/24 gw 10.0.0.200
What in the kernel would prevent this route from being advertised or
otherwise handed to all clients on 10.0.0.0/24 when they attempt to
respond to a packet coming from 10.100.0.0/24? I can trace an incoming
packet from 10.100.0.0/24, through the 10.0.0.200 machine all the way to
the 10.0.0.0/24 client, it replies and tries to send back to 10.100.0.0
but the packet heads back towards 10.0.0.1 and never gets redirected
back to 10.0.0.200.
If I add the static route directly to the clients, the connections work.
The problem is that I can't do that for every client, not all of them
know how to handle routes on their own (not that I really should, this
is the job of a router, no?)
I'm certain it's some feature/setting of the kernel that's new in 4.9
because this worked fine when the router was using the old 2.4 kernel.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
alternate gateways working correctly and nothing is working short of
putting static routes on any machine that can handle them so I've got to
ask for help again. Are there any security features in kernel 4.9 that
perhaps weren't present way back in kernel 2.4 that would prevent a
machine operating as the main gateway from issuing a reroute?
If the primary gateway is 10.0.0.1/24 and I add a static route to send
route -add net 10.100.0.0/24 gw 10.0.0.200
What in the kernel would prevent this route from being advertised or
otherwise handed to all clients on 10.0.0.0/24 when they attempt to
respond to a packet coming from 10.100.0.0/24? I can trace an incoming
packet from 10.100.0.0/24, through the 10.0.0.200 machine all the way to
the 10.0.0.0/24 client, it replies and tries to send back to 10.100.0.0
but the packet heads back towards 10.0.0.1 and never gets redirected
back to 10.0.0.200.
If I add the static route directly to the clients, the connections work.
The problem is that I can't do that for every client, not all of them
know how to handle routes on their own (not that I really should, this
is the job of a router, no?)
I'm certain it's some feature/setting of the kernel that's new in 4.9
because this worked fine when the router was using the old 2.4 kernel.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo