| View previous topic :: View next topic |
| Author |
Message |
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
 Posted: Mon Jun 23, 2008 1:04 am Post subject: Need help manually editing routes |
 |
|
So I'm trying to setup my routes to tunnel all data through a tunnel but for some reason it doesn't want to work...
My routes look like this
| Code: | Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.6 host-81-238-72- 255.255.255.255 UGH 0 0 0 ath0
host-81-238-72- * 255.255.255.240 U 0 0 0 ath0
192.168.99.0 * 255.255.255.0 U 0 0 0 tun1
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.99.1 0.0.0.0 UG 0 0 0 tun1
|
I can access the 192.168.99.0/255 subnet and and I can resolve hostnames but I can not transfer any data to the www and I can't figure out why any suggestions?
Edit: to clarify a little bit and give a concrete example that shows that the network it self is working I can ssh into the gw at address 192.168.99.1 and wget websites I can also run dig on the client and it will resolve any domain name to its correct ip adress |
|
| Back to top |
|
 |
SeaTiger
l33t
Joined: 22 Nov 2007
Posts: 603
Location: Toronto, Ontario, Canada
|
| Posted: Mon Jun 23, 2008 6:17 am Post subject: |
|
|
Just want to confirm:
Do you mean wget work, but browsing does not work?
Does the 192.168.99.0 network know about your router? Does it, especially 192.168.99.1 has a route back to your network? |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Mon Jun 23, 2008 11:47 am Post subject: |
|
|
| junksiu wrote: | | Do you mean wget work, but browsing does not work? |
No sorry what I meant was that I can ssh into the computer at the other end of the tunnel and from that computer I can access the www (ie wget) the connections look something like this
| Code: |
tunnel
me ----------------------------------gateway-----------------------------------router---------------------------------WWW
ip 192.168.99.2 tunnel ip 192.168.99.1 lan ip 192.168.0.1
|
lan ip 192.168.0.6
communication between me and the gateway works but I can not access the router or anything beyond that for example "ping 192.168.99.1" works "ping 192.168.0.1" does not.
| junksiu wrote: | | Does the 192.168.99.0 network know about your router? Does it, especially 192.168.99.1 has a route back to your network? |
Not quite sure what you mean but I can transfer data between me and the 192.168.99.1 network
Edit upon further investigation it appers that the problem is that my gateway doesn't let the traffic through
| Code: | traceroute to www.google.com (66.249.91.104), 30 hops max, 40 byte
1 192.168.99.1 (192.168.99.1) 56.747 ms 124.754 ms 181.286 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
|
I have enabled /proc/sys/net/ipv4/ip_forward so I dunno what's wrong
Last edited by gentoonewb39 on Mon Jun 23, 2008 1:32 pm; edited 2 times in total |
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Mon Jun 23, 2008 12:02 pm Post subject: |
|
|
it still looks a bit unclear for me. Lets try to figure out how does it look like:
you (10.0.0.6) ---------- gateway (_ASSUME_ 10.0.0.1) --------- router (192.168.99.1??) ------------ www?
Which hosts are you trying to connect with tunnel.
I'm sorry, but you need to provide a bit more information
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Mon Jun 23, 2008 1:44 pm Post subject: |
|
|
sorry for some reason my formating gets screwed up unless i put code tags around it corrected it looks like this
| Code: |
tunnel
me ----------------------------------gateway-----------------------------------router---------------------------------WWW
tunnel ip 192.168.99.2 tunnel ip 192.168.99.1
lan ip 192.168.0.6 lan ip 192.168.0.1 |
The tunnel is the part between me and the gateway (which in is just a server sitting behind a router) in reality they are on separate networks. If I try to run traceroute too for example google the packet gets to the the gateway but no further which seems to indicate that there is something wrong there but I have no idea what.
| Code: | traceroute to www.google.com (66.249.91.104), 30 hops max, 40 byte
1 192.168.99.1 (192.168.99.1) 56.747 ms 124.754 ms 181.286 ms
2 * * *
3 * * *
4 * * *
5 * * * |
|
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Mon Jun 23, 2008 2:13 pm Post subject: |
|
|
I'm guessing it looks more or less like this:
| Code: |
tunnel
me ----------------------------------gateway-----------------------------------router---------------------------------WWW
lan2 ip: 10.0.0.6 lan2 ip: 10.0.0.1
tunnel ip 192.168.99.2 tunnel ip 192.168.99.1
lan ip 192.168.0.6 lan ip 192.168.0.1
|
I will got one unknown in here:
(from your route output)
Can you please provide 'route -n' and 'ifcinfig'
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Mon Jun 23, 2008 4:58 pm Post subject: |
|
|
Just one thing wrong with your drawing and that is that the gateway doesn't have a lan2 address and I believe that 10.0.0.6 is the ip of the router on lan2
| Code: | 81.238.72.64 0.0.0.0 255.255.255.240 U 0 0 0 ath0
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.1 0.0.0.0 UG 0 0 0 tun0 |
| Code: | ath0 Link encap:Ethernet HWaddr 00:05:4E:4D:0E:1D
inet addr:81.238.72.76 Bcast:81.238.72.79 Mask:255.255.255.240
inet6 addr: fe80::205:4eff:fe4d:e1d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:174909 errors:0 dropped:0 overruns:0 frame:0
TX packets:102676 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:244059485 (232.7 Mb) TX bytes:13209966 (12.5 Mb)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.99.2 P-t-P:192.168.99.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1024 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:9696 (9.4 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:81483 errors:0 dropped:0 overruns:0 frame:0
TX packets:81483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5718366 (5.4 Mb) TX bytes:5718366 (5.4 Mb)
wifi0 Link encap:UNSPEC HWaddr 00-05-4E-4D-0E-1D-38-80-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:219811 errors:0 dropped:0 overruns:0 frame:11032
TX packets:103220 errors:1254 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:272915248 (260.2 Mb) TX bytes:15696472 (14.9 Mb)
Interrupt:11 |
|
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Tue Jun 24, 2008 9:49 am Post subject: |
|
|
ok now it looks even more confusing.
In a previous example you had 10.0.0.6 IP and you dont have it now. From what I understand you've got an external IP
| Code: |
tunnel
me ----------------------------------gateway-----------------------------------router---------------------------------WWW
wan ip: 81.238.72.76 gw: 81.238.72.65 (assume)
tunnel ip 192.168.99.2 tunnel ip 192.168.99.1
lan ip 192.168.0.6 lan ip 192.168.0.1
|
Well this doesn't look right for me 
Can you try to redraw it?
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Wed Jun 25, 2008 1:09 am Post subject: |
|
|
Ok I now realize that that picture is utterly confusing for anyone but me dunno if this one will be better but it can't be worse
| Code: |
tunnel(goes over www through the router all the way to the tunnelserver)
me --------------------------------------router---------------------------------tunnelserver(formerly labeled gateway as in it being the tunnel gateway)
lan2 ip: 81.238.72.76
tunnel ip 192.168.99.2 tunnel ip 192.168.99.1
lan1 ip 192.168.0.1 lan1 ip 192.168.0.6 |
I am on a remote network behind a router which I do not know the ip of, I create a tunnel to my tunnel server which in turn is behind the router with the lan ip of 192.168.0.1. For example if you ignore the tunnel and look at the actual travel path of a packet sent back and fort to say www.google.com it would look something like this
me -> some router -> unknown amount of hops -> router -> tunnelserver -> router (again) -> unknown amount of hops -> www.google.com and then the entire thing in reverse to get back
taking into account what it looks like with the tunnel it looks something like this
me -> tunnelserver -> router -> unknow amount of hops -> www.google.com |
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Wed Jun 25, 2008 7:50 am Post subject: |
|
|
ok now that makes sense to me ^^
now few other questions needs to be asked to finally get all the pieces together.
1) what VPN solution are you using (PPTP, OpenVPN, IPSec, other)?
2) I presume you've got control over the "router" and "tunnelserver" (some router is irrelevant here)
3) is "router" a hardware? (you will need to enable port forwarding to "tunnelserver" for your VPN)
4) can you post /etc/conf.d/net from "me" and VPN config bits from "tunnelserver"
I think after that we will have all info and be able to help you out.
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Wed Jun 25, 2008 1:04 pm Post subject: |
|
|
1)It's called iodine I use it to be able to use ports other then port 80 http://code.kryo.se/iodine/
2)Yes root accounts on both
3)Yes it is a hardware router and I have already enabled port forwarding and it must be working as I can ssh into the server via the tunnel
4)/etc/conf.d/net is empty I just use dhcp as for the vpn config bits I'm not quite sure what you mean but the tunnel daemon on the server is launched with the default settings so nothing odd there
I was thinking about something since the ip address of me through the tunnel is a local ip is it possible that the router gets confused as to where too respond too as in
me sends a packet
| Quote: |
me with ip 192.168.99.6-> tunnelserver with the tunnel ip of 192.168.99.1 but the actual lan ip of 192.168.0.5 -> router with ip 192.168.0.1
router then trying to respond to 192.168.99.6 but having no idea as to where the hell the 192.168.99.0/255 subnet is located |
|
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Fri Jun 27, 2008 8:15 am Post subject: |
|
|
Sorry I didn't get back to you earlier, but was a bit busy.
Ok the routes look pretty good for your "me" machine.
The problem might be on "tunnelserver" machine.
Can you post your results from running tracepath www.google.com from your "me" machine when tunnel is up?
also please post your iptables -L -n && iptables -t nat -L -n on your "tunnelserver" machine
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
gentoonewb39
Guru
Joined: 28 Jul 2005
Posts: 317
|
| Posted: Fri Jun 27, 2008 12:48 pm Post subject: |
|
|
No worries
tracepath
| Code: | tracepath www.google.com
1: 192.168.99.2 (192.168.99.2) 0.181ms pmtu 1024
1: 192.168.99.1 (192.168.99.1) 76.987ms
1: 192.168.99.1 (192.168.99.1) 64.052ms
2: no reply
3: no reply
4: no reply
|
the tunnel server doesn't run iptables or any other type of firewall |
|
| Back to top |
|
|
|
Networking & Security
