[nos-bbs] JNOS >< Linux communication problem

[Miroslav Skoric]

On 06/14/2012 09:42 PM, George [ham] VerDuin wrote:

> You have presented a potential routing problem without divulging much
> routing information.
> What routes are defined at LAN hosts (1), (2), and (3)?
>

Hi Skip,

Sorry but I am not so expert in routing, so not sure what kind of 
specific routing information you ask for. However, what I can say now is 
that I tried to follow Maiko's LAN diagram - in a way I understood it. I 
mean, at the host (1) which is Debian+JNOS, I entered from the root 
terminal the command:

echo "1" > /proc/sys/net/ipv4/ip_forward

In addition, I was suggested by another ham to alter the 
/etc/sysctl.conf file in order to allow packets to "... pass from the 
linux box to the jnos via the tun0 ..." so I uncommented the following 
lines in that file:

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 1

However, all of the additions above did not change the things.)

Next, at the host (2) which is WinXP/BPQ32, I entered from the cmd 
prompt the following command:

route add 192.168.1.4 192.168.1.2

Have in mind that the hosts (1) and (2) are directly wired NIC-to-NIC 
and of course they are in the same subnet. (The host (3) is not on the 
same subnet as (1) and another pair of NICs is used for their 
interconnection. See the picture bellow and feel free to ask for details 
if needed.)

Then, I did some additional tests, as follows:

After starting JNOS at (1), I am capable to ping from the WinXP (2) 
machine the following IP's at (1): 192.168.1.2, which is eth0, and 
192.168.1.3, which is tun0. What I *cannot* ping is 192.168.1.4, i.e. 
JNOS mailbox. (Of course, I cannot telnet JNOS too.) On the other side, 
from the Linux box itself I can also ping eth0 and tun0, but *not* the 
JNOS mailbox. (Of course, I cannot telnet the mailbox either.)

Be aware that the above works 'per default' which means as long as the 
firewall is active on the Linux/JNOS box.

In order to check if there is an issue with the firewall at (1), I 
stopped it. Then the situation changed. I became able to ping and telnet 
to JNOS from the Linux box itself. Unfortunately, all pings from the 
WinXP comp in the LAN to the Linux box became unsuccessful (incl. eth0, 
tun0 and JNOS). I suppose that stopping the firewall resulted in making 
Linux machine practically invisible in the LAN.

You bet, after restarting the firewall, the situation reversed to the 
first scenario. Therefore, I concluded that the trouble is somewhere 
within the firewall setup, but yet don't have any clue what it might be.

(Be aware that the same firewall setup makes no problem when the Linux 
box (1) is updated via the shared Internet connection at the second (2) 
comp. So, I suppose that something should be tweaked at the firewall in 
order to allow for tun0 to 'see' JNOS.)

Again, feel free to ask for some specific details.

Thanks,
Misko

> Here is the structure of my LAN:
>
> (1)                     (2)                    (3)
> Debian/JNOS (or WinXP)  WinXP/BPQ32 (or Deb)   WinXP/BPQ32 (or Ubuntu)
> eth0 192.168.1.2 <----> NIC1 192.168.1.1
> tun0 192.168.1.3        NIC2 192.168.0.1 <---> NIC 192.168.0.2
> JNOS 192.168.1.4