[TriLUG] Linux Routing - why isn't it working?
Aaron Joyner
aaron at joyner.ws
Fri Sep 5 13:42:07 EDT 2014
A PIX is not a router. Say it again to yourself. A PIX is not a router.
I am repeating like a parrot that phrase that another long time TriLUG
member once repeated to me with equal conviction. I seem to recall that
because of the PIX's design as a firewall, it will not do arbitrary
routing, mostly as a (mis)"feature" to protect you from inadvertently
bypassing it's security.
I believe what's happening is that you have all of the routing configured
correctly, but instead of forwarding the packet like you expect, the PIX is
dropping it on the floor. You can confirm this:
1) from an arbitrary host on the .9 network, ping 192.168.8.1
2) On the ubuntu box, run:
tcpdump -i eth0 icmp
You *should* see the packet arrive on the eth0 interface, but you *won't*
because the PIX ate it. This will allow you to remove the Ubuntu box from
suspicion, as it can't forward a packet that it isn't receiving.
Happy routing,
Aaron S. Joyner
On Fri, Sep 5, 2014 at 1:34 PM, Bill Farrow <bill at arrowsreach.com> wrote:
> On Fri, Sep 5, 2014 at 1:25 PM, Matt Flyer <matt at noway2.thruhere.net>
> wrote:
> > Do you have more than one default gateway assigned? That will create
> > which way to go confusion and traffic goes nowhere even with a metric
> value.
>
> Show us the output of "ip route show"...
>
> Bill
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list