[nos-bbs] JNOS >< Linux communication problem

George [ham] VerDuin k8rra at ameritech.net
Fri Jun 15 23:05:59 EDT 2012 

On 06/15/2012 07:32 PM, Miroslav Skoric wrote:
> On 06/14/2012 09:42 PM, George [ham] VerDuin wrote:
>
>> You have presented a potential routing problem without divulging much
>> routing information.
>> What routes are defined at LAN hosts (1), (2), and (3)?
>>
>
> Hi Skip,
>
> Sorry but I am not so expert in routing, 
You don't need to be expert, but here is what I saw on 6/14:
Your (1) and (2) hosts have an IP 192.168.1.x [netmask 255.255.255.0],
your (2) and (3) hosts have an IP 192.168.0.x
So for (1) to telnet to/from (3) the (2) host needs routing help.
I am interested to see a "gateway" defined on host (1) & (3).

We have a guy who hangs around here who often says "Think like a packet 
to troubleshoot a problem." and after you get to know the "rules" it 
works.  Rules like "Is the ip_forward switch turned on?".  Or rules like 
"Is a route defined to set the jump to the next host?".  Or rules like 
"Will arp find the target host address?".  And yes -- rules like "Will 
the firewall let me thru?".  It may take a while but you'll catch on.


> so not sure what kind of specific routing information you ask for. 
Well start while each host is a Linux host and issue the command:
    ...$ route
to see the host routing table.  You can use the same technique to email 
the result as you used for the "...$ ifconfig" command.  I'm sorry to 
say I don't have the method at hand, but there is one to get the same 
info from Windoz.


> However, what I can say now is that I tried to follow Maiko's LAN 
> diagram - in a way I understood it. I mean, at the host (1) which is 
> Debian+JNOS, I entered from the root terminal the command:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
One of the "tricks" is to make sure Linux processed the echo -- just for 
completeness try:
   ...# cat /proc/sys/net/ipv4/ip_forward
before and after the "echo..." command and see if it returns 1 or 0.


> >>SNIP<<
> After starting JNOS at (1), I am capable to ping from the WinXP (2) 
> machine the following IP's at (1): 192.168.1.2, which is eth0, and 
> 192.168.1.3, which is tun0. What I *cannot* ping is 192.168.1.4, i.e. 
> JNOS mailbox. (Of course, I cannot telnet JNOS too.) On the other 
> side, from the Linux box itself I can also ping eth0 and tun0, but 
> *not* the JNOS mailbox. (Of course, I cannot telnet the mailbox either.)
Until ping works, you probably don't need to try telnet.
Nothing in standard jnos will defeat a ping response, so the ping reply 
most likely got lost finding it's way back to the point of origin.


> >>SNIP<< So, I suppose that something should be tweaked at the 
> firewall in order to allow for tun0 to 'see' JNOS.)
Logical but incomplete.
The firewall function stops passage of packets.  But the firewall I use 
"iptables" has additional function like NAT so look beyond just the 
firewall action when you turn it ON and OFF.  Thus others will need to 
comment on your software choice.

Hang in there.
Skip

More information about the nos-bbs mailing list