Routing trouble between multiple networks

thbor83 · August 23, 2012, 5:42pm

Hi everyone,

Hopefully there is someone here that can help me with the problem I got.
At my office I have 1 ubuntu firewall/gateway and several networks.

On the firewall/gateway I have three network cards, one for internet, one for network 192.168.100.0 and one for network 172.20.1.0

We use fwbuilder to make the firewall rules and have there defined the three network cards and the two networks.

The configuration in /etc/network/interfaces looks like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address xx.xx.xx.xx
        netmask 255.255.255.0
        network xx.xx.xx.0
        broadcast xx.xx.xx.255
        gateway xx.xx.xx.225
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers xx.xx.xx.10
        dns-search internaldomain.com

auto eth1
iface eth1 inet static
        address 192.168.100.1
        netmask 255.255.255.0
        network 192.168.100.0
        broadcast 192.168.100.255

auto eth2
iface eth2 inet static
        address 172.20.1.1
        netmask 255.255.255.0
        network 172.20.1.0
        broadcast 172.20.1.255

If I connect an computer in the 192.168.100.0 network and try nslookup google.com it responds ang give me this information:

Server:         xx.xx.xx.10
Address:        xx.xx.xx.10#53

Non-authoritative answer:
Name:   google.com
Address: 173.194.32.35
Name:   google.com
Address: 173.194.32.36
Name:   google.com
Address: 173.194.32.37
Name:   google.com
Address: 173.194.32.38
Name:   google.com
Address: 173.194.32.39
Name:   google.com
Address: 173.194.32.40
Name:   google.com
Address: 173.194.32.41
Name:   google.com
Address: 173.194.32.46
Name:   google.com
Address: 173.194.32.32
Name:   google.com
Address: 173.194.32.33
Name:   google.com
Address: 173.194.32.34

Then I connect a computer in the network 172.20.1.0 and does the same task. Here is the output:

;; connection timed out; no servers could be reached

If I reorder the /etc/network/interfaces on the firewall/gateway to this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address xx.xx.xx.xx
        netmask 255.255.255.0
        network xx.xx.xx.0
        broadcast xx.xx.xx.255
        gateway xx.xx.xx.225
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers xx.xx.xx.10
        dns-search internaldomain.com

auto eth1
iface eth1 inet static
        address 172.20.1.1
        netmask 255.255.255.0
        network 172.20.1.0
        broadcast 172.20.1.255

auto eth2
iface eth2 inet static
        address 192.168.100.1
        netmask 255.255.255.0
        network 192.168.100.0
        broadcast 192.168.100.255

Then the nslookup works fine for 172.20.1.0 network but not for the 192.168.100.0 network.

IP4 forwarding is enabled on the firewall/gateway.

netstat -anr on firewall/gateway gives this output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         xx.xx.xx.225  0.0.0.0         UG        0 0          0 eth0
172.20.1.0      0.0.0.0         255.255.255.0   U         0 0          0 eth2
192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth1
xx.xx.xx.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

netstat -anr on a computer in 172.20.1.0 network gives this output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.20.1.1      0.0.0.0         UG        0 0          0 eth0
172.20.1.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0

netstat -anr on a computer in 192.168.100.0 network gives this output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.100.1   0.0.0.0         UG        0 0          0 eth0
192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0

I think that I have included all information needed but if there is other things that's need to be checked let me know.

---------- Post updated at 11:42 PM ---------- Previous update was at 08:47 PM ----------

I'm so embarrassed, just figured out that the problem was NAT.

In fwbuilder I had forgotten to add all networks in the NAT rule, it was only the first network that was added.

Sorry for taking up everyones time about this when the problem was myself. The thread can be closed or deleted. Admin can deside.