Author Topic: [SOLVED] can't route to ppp0 on dual-home box (Read 1075 times)

shimonl · « **on:** June 13, 2011, 02:19:23 PM »

Hi,
I am having what seems to be a routing problem, but I do not know
the subject well enough to solve it, so I turn to you.

My box is running PCLinuxOS 2011 (or whatever the name is for a frequently
fully updated system today). My regular network is eth0 to an ADSL router
on the Internet, and it is my default gateway:
eth0 Link encap:Ethernet HWaddr 00:0C:F1:70:17:22
   inet addr:10.1.20.5 Bcast:10.1.20.255 Mask:255.255.255.0
   inet6 addr: fe80::20c:f1ff:fe70:1722/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
   RX packets:154597 errors:0 dropped:0 overruns:0 frame:0
   TX packets:161067 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:101413112 (96.7 MiB) TX bytes:48638553 (46.3 MiB)

I also connect to a dialup ppp0 host (my office) which uses a MS RAS server
with callback. I recompiled pppd to support CBCP=y (MS callback protocol)
and use Kppp to connect to work.

When I connect using a Win-XP laptop, I am able to ping the ppp server,
and via its default route to the ppp link I can also ping and access IP addresses
(of different nets) beyond the ppp server.

However, when I connect using PCLinuxOS, even though I have an IP
address allocated by the ppp server, and ifconfig shows a working
link, I can not access anything on ppp0. Here is what ifconfig shows:

[root@localhost shimon]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:F1:70:17:22
   inet addr:10.1.20.5 Bcast:10.1.20.255 Mask:255.255.255.0
   inet6 addr: fe80::20c:f1ff:fe70:1722/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
   RX packets:156878 errors:0 dropped:0 overruns:0 frame:0
   TX packets:154258 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:136610550 (130.2 MiB) TX bytes:29407912 (28.0 MiB)

lo Link encap:Local Loopback
   inet addr:127.0.0.1 Mask:255.0.0.0
   inet6 addr: ::1/128 Scope:Host
   UP LOOPBACK RUNNING MTU:16436 Metric:1
   RX packets:25569 errors:0 dropped:0 overruns:0 frame:0
   TX packets:25569 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:0
   RX bytes:2851792 (2.7 MiB) TX bytes:2851792 (2.7 MiB)

ppp0 Link encap:Point-to-Point Protocol
   inet addr:172.20.5.4 P-t-P:172.20.0.253 Mask:255.255.255.255
   UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
   RX packets:12 errors:1 dropped:0 overruns:0 frame:0
   TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:3
   RX bytes:119 (119.0 b) TX bytes:125 (125.0 b)

I want to access host 10.0.0.7, so I added a route and tried to ping the host:

[root@localhost shimon]# route add -host 10.0.0.7 ppp0
[root@localhost shimon]# ping -c 3 10.0.0.7
PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable

--- 10.0.0.7 ping statistics ---
0 packets transmitted, 0 received, +3 errors

I then tried to ping the ppp0 P-t-P address itself, and that also fails:
[root@localhost shimon]# ping -c 5 172.20.0.253
PING 172.20.0.253 (172.20.0.253) 56(84) bytes of data.
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable

--- 172.20.0.253 ping statistics ---
0 packets transmitted, 0 received, +5 errors

The errors are all coming from my own home address on ppp0,
172.20.5.4. On the XP box I have no problem accessing these
addresses, so I am led to assume that something is wrong in my routing,
or that something on the PCLOS system is somehow firewalling me.

Any help would be most appreciated, I really dislike needing to
pull out an XP box every time I need to do something for work.

Thanks!
Shimon

muungwana · « **Reply #1 on:** June 13, 2011, 03:02:20 PM »

what do these commands give you?

route -n

tracepath 172.20.0.253

shimonl · « **Reply #2 on:** June 14, 2011, 12:30:02 AM »

Thanks muungwana!

[root@localhost shimon]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.20.0.253 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.1.20.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.1.20.170 0.0.0.0 UG 10 0 0 eth0
[root@localhost shimon]# tracepath 172.20.0.253
1: 172.20.5.4 0.515ms reached
Resume: pmtu 65535 hops 1 back 64
[root@localhost shimon]#

I also added my route and tried its path, with the same results:
[root@localhost shimon]# tracepath 10.0.0.7
1: 172.20.5.4 0.797ms reached
Resume: pmtu 65535 hops 1 back 64

I appreciate your help!
Shimon

muungwana · « **Reply #3 on:** June 14, 2011, 02:54:25 PM »

I do not see anything wrong with your routing table, the problem could be on the other side of the connection. Maybe they cant handle very well connections from linux.

while you are connected to your office with ppp0, run these commands while you are root and then post the output of the last one

service syslog start

echo "" > /var/log/syslog

iptables -I OUTPUT -p icmp -j LOG

tracepath 172.20.0.253

ping -c 1 172.20.0.253

cat /var/log/syslog

shimonl · « **Reply #4 on:** June 15, 2011, 02:18:02 PM »

Hi,
I really appreciate your taking the time to help me on this.

Here are the results of the commands you asked me to run:

[root@localhost shimon]# service syslog start
[root@localhost shimon]# echo "" > /var/log/syslog
[root@localhost shimon]# iptables -I OUTPUT -p icmp -j LOG
[root@localhost shimon]# tracepath 172.20.0.253
1: 172.20.5.4 0.520ms reached
Resume: pmtu 65535 hops 1 back 64
[root@localhost shimon]# ping -c 1 172.20.0.253
PING 172.20.0.253 (172.20.0.253) 56(84) bytes of data.
From 172.20.5.4 icmp_seq=1 Destination Host Unreachable

--- 172.20.0.253 ping statistics ---
0 packets transmitted, 0 received, +1 errors

[root@localhost shimon]# cat /var/log/syslog

Jun 15 23:15:00 localhost klogd: Shorewall:OUTPUT:REJECT:IN= OUT=ppp0 SRC=172.20.5.4 DST=172.20.0.253 LEN=65535 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59020 DPT=44444 LEN=65515
Jun 15 23:15:00 localhost klogd: IN= OUT=lo SRC=172.20.5.4 DST=172.20.5.4 LEN=576 TOS=0x00 PREC=0xC0 TTL=64 ID=42714 PROTO=ICMP TYPE=3 CODE=3 [SRC=172.20.5.4 DST=172.20.0.253 LEN=65535 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59020 DPT=44444 LEN=65515 ]
Jun 15 23:15:17 localhost klogd: IN= OUT=ppp0 SRC=172.20.5.4 DST=172.20.0.253 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=6025 SEQ=1
Jun 15 23:15:17 localhost klogd: Shorewall:OUTPUT:REJECT:IN= OUT=ppp0 SRC=172.20.5.4 DST=172.20.0.253 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=6025 SEQ=1
Jun 15 23:15:17 localhost klogd: IN= OUT=lo SRC=172.20.5.4 DST=172.20.5.4 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 ID=42715 PROTO=ICMP TYPE=3 CODE=1 [SRC=172.20.5.4 DST=172.20.0.253 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=6025 SEQ=1 ]
Jun 15 23:15:24 localhost ntpd[2773]: Listening on interface #7 ppp0, 172.20.5.4#123 Enabled
Jun 15 23:15:24 localhost ntpd[2773]: new interface(s) found: waking up resolver

Thanks,
Shimon

aherkey · « **Reply #5 on:** June 15, 2011, 02:38:49 PM »

When I was using ppp to tether my laptop through my blackberry I found out that PCLOS version of ppp does not replace the default route if it is already defined. I had to remove the default route before I ran the ppp script then replace it after I closed the ppp session. If I forgot to remove the default route before I started ppp I had to manually del/add the default route before I could connect to connect to anything on the ppp interface.

So I suggest try removing the default route before you connect and see if ppp will setup the default route for you.

-Andy

muungwana · « **Reply #6 on:** June 15, 2011, 02:44:51 PM »

Quote

Jun 15 23:15:00 localhost klogd: Shorewall:OUTPUT:REJECT:IN= OUT=ppp0 SRC=172.20.5.4 DST=172.20.0.253 LEN=65535 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59020 DPT=44444 LEN=65515

It looks like you have shorewall firewall running and it is set to block all outgoing packets on ppp0. I think your problem is here.

I have never used this firewall so i dont know how you can set it up to allow outgoing packets but you will have to modify it to allow these packets to leave for it to work.

Now, run this and see if it will now work(post output of last two)

iptables -I OUTPUT -o ppp0 -j ACCEPT

tracepath 172.20.0.253

ping -c 1 172.20.0.253

shimonl · « **Reply #7 on:** June 15, 2011, 02:58:21 PM »

aherkey:
I do not want to change my default gateway, because eth0 is still active,
and it is my connection to the Internet.

I only use ppp0 for connecting to my office, and I can put in static routes for the
IP address(es) I need there.

Thanks for your input. :-)
Shimon

shimonl · « **Reply #8 on:** June 15, 2011, 03:03:18 PM »

muungwana, THANK YOU!!

[root@localhost shimon]# iptables -I OUTPUT -o ppp0 -j ACCEPT
[root@localhost shimon]# tracepath 172.20.0.253
1: 172.20.5.4 0.811ms pmtu 1500
1: 172.20.0.253 1120.986ms reached
Resume: pmtu 1500 hops 1 back 255
[root@localhost shimon]# ping -c 1 172.20.0.253
PING 172.20.0.253 (172.20.0.253) 56(84) bytes of data.
64 bytes from 172.20.0.253: icmp_req=1 ttl=255 time=465 ms

--- 172.20.0.253 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 465.061/465.061/465.061/0.000 ms
[root@localhost shimon]# route add -host 10.0.0.7 ppp0
[root@localhost shimon]# ping -c 3 10.0.0.7
PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.
64 bytes from 10.0.0.7: icmp_req=1 ttl=55 time=642 ms
64 bytes from 10.0.0.7: icmp_req=2 ttl=55 time=400 ms
64 bytes from 10.0.0.7: icmp_req=3 ttl=55 time=516 ms

--- 10.0.0.7 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 400.526/519.893/642.918/98.993 ms

I see I need to read up on iptables. :-)

Thank you so much,
Shimon

muungwana · « **Reply #9 on:** June 15, 2011, 03:19:00 PM »

i am glad you got it solved.

All linux firewalls end up writing IP table rules and you can write your own if you want to go down to that level in your system traffic management.

If there is no option in whatever GUI application you used to allow outbound traffic on ppp0, then run these two commands to save your addition.

iptables -D OUTPUT -p icmp -j LOG

service iptables save

The first command will delete that rule we added to check for outbound traffic, we are deleting it because we dont need it anymore.

The second command will save the iptable rules including the one you added to allow outbound traffic on ppp0 and this will allow the change to survive reboots.

You can change the title of the thread and add "solved" to it since the problem is now solved.

You can do pretty cool things with your traffic if you know how to use iptables and route commands. Ask if you do decide to read up on it and you try to implement your own firewall and packet management and you get stuck anywhere.

PCLinuxOS-Forums

News:

Author Topic: [SOLVED] can't route to ppp0 on dual-home box (Read 1075 times)

shimonl

[SOLVED] can't route to ppp0 on dual-home box

muungwana

Re: can't route to ppp0 on dual-home box

shimonl

Re: can't route to ppp0 on dual-home box

muungwana

Re: can't route to ppp0 on dual-home box

shimonl

Re: can't route to ppp0 on dual-home box

aherkey

Re: can't route to ppp0 on dual-home box

muungwana

Re: can't route to ppp0 on dual-home box

shimonl

Re: can't route to ppp0 on dual-home box

shimonl

Re: can't route to ppp0 on dual-home box

muungwana

Re: can't route to ppp0 on dual-home box