[BlueOnyx:15207] Sorry - another routing Issue - Unable to see domains from Management/LAN.

Simon Cummings simon at slproperty.co.uk
Wed Apr 16 08:39:28 -05 2014 

Hi All,

Can you assist with my routing issue?

*BO Server:*
*Primary Interface (Management) - eth0*
IP: 192.168.190.10
Netmask: 255.255.255.0

*Secondary Interface (DMZ)** - eth1*
IP: 192.168.200.3
Netmask: 255.255.255.240

*Alias on Secondary Interface (DMZ)** - eth1:1*
IP: 192.168.200.5
Netmask: 255.255.255.240

*Gateway:*
192.168.200.3

*BO Kernel IP routing table*
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
192.168.200.5   0.0.0.0         255.255.255.255 UH        0 0          0
eth1
192.168.190.10  0.0.0.0         255.255.255.255 UH        0 0          0
eth0
192.168.200.3   0.0.0.0         255.255.255.255 UH        0 0          0
eth1
192.168.200.0   0.0.0.0         255.255.255.240 U         0 0          0
eth1
192.168.190.0   0.0.0.0         255.255.255.0   U         0 0          0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.200.1   0.0.0.0         UG        0 0          0
eth1

*Firewall:*
WAN public IP (eg): 1.1.1.1
DMZ IP: 192.168.200.1


So my problem is I can access my domains from the public side (WAN), but
not from the private (LAN).

The firewall is forwarding packets from WAN - DMZ - BO, and the BO Gateway
ensures the is a route back to the WAN user.

However, on the LAN side, my client 192.168.190.20 can send packets to
192.168.200.3 (I can see the firewall forwarding the packets), and a
TCPDUMP -i eth1 suggests that the packets are arriving from 192.168.190.20,
however the client is not getting a response.

I have two lines of thought - neither of which I know how best to resolve
right now.

1.  The BO Server does not know the route back to the client
2.  The firewall is not routing the return path correct.

If I try and ping the client from the server:  ping -I eth1 192.168.190.20
The firewall sends the packets straight out of the WAN address, which I
would expect as the Gateway says to do that.

Does anyone have any ideas??  I'm sure it's something stupid I'm doing
wrong!

Thanks,

Simon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140416/bad4974d/attachment.html>

More information about the Blueonyx mailing list