[wellylug] Routing problem

Ian Beardslee itb at falcons.co.nz
Thu Jan 19 15:39:21 NZDT 2006 

Well, it seems to be working now.  Thanks peoples.

I used Michael's solution ...

>    sudo ip route del to default
>    sudo ip route add to 10.0.0.0/8 via 10.129.128.1
>    sudo ip route add to default via 10.129.128.3
> 
> I believe you could try using iptables NAT rules to ensure that
> ssh streams from 10.129.128.3 go back there, using tags or something
> like that, but I don't know how to do that.

I'll still have to look at the iptables stuff make sure it is tidied up a 
bit though.

Some comments about the other comments.

Didn't want to touch the 10.129.128.1 router as it is managed by 
TelstraClear as part of our framerelay, it sees the rest of our internal 
network around the country.  Our primary firewall/mail proxy is 
10.129.128.2 and only that goes there, 10.129.128.3 is now the http proxy 
after the .2 machine was started to get overloaded with spam etc.

NX is NoMachine, and as David mentioned it's FreeNX not OpenNX for the 
free version of it.  I'm playing with the eval NX server because I wanted 
something quick to be able get external access to our terminal server 
while I'm down at the Linux Conf.  I didn't want to learn how to compile 
and setup the FreeNX in a rush.  Once my 30 day trial of NX has ended, 
the compile and build of the free version will be next.

All going well setting up ssh to work with NX is enough to be secure.  
No, I'm not going to broadcast the external IP addresses of my work 
network so that you can test it for me :-)  falcons.co.nz is not my work 
network.

I've tried the VPN that comes with ipcop and I had it working, but maybe 
I just don't fully understand (ok so it's not 'maybe') how the VPN stuff 
works - but it was pretty ugly to setup.  Maybe a cool topic for a LUG 
lesson/presentation - how to (safely) get external access to a 
private/internal network - if anyone feels they know enough (and can 
teach well enough) to be able to pass it on.

umm, jim, err cool, I think it hit the guy standing behind me as that 
went straight over the top of my head - lucky we had someone nearby who 
had a couple of bandaids in the purse :-)

Thanks all.



-----Original Message-----
From: "Ian Beardslee" <>
To: "LIST: Wellington Linux Users Group" <>
Date: Thu, 19 Jan 2006 12:06:29 +1300
Subject: [wellylug] Routing problem

> Hi all,
> 
> I have a wee routing problem.  At least I think it is a routing
> problem, 
> it could be a 'stoopid Ian' problem, but I am going with the routing 
> problem for now.
> 
> I have a network.  In that network is a machine (let's call it
> 'ubuntu')
> with an IP address of 10.129.128.13 (ah yes the lucky one), a
> subnetmask 
> of 255.255.252.0 and a default gateway of 10.129.128.1.  That default 
> gateway takes me to the other subnets of the network without any
> problems.
> 
> I'm playing with NoMachine at the moment, trying to find better ways
> for 
> staff with broadband connections at home to use them to connect to our 
> terminal servers.  So what I'm trying to do is get an external ssh 
> session to come through the ipcop firewall (10.129.128.3) to 'ubuntu'.
> 
> It doesn't seem to work when the default gateway of 'ubuntu' is 
> 10.129.128.1.
> 
> If I change the default gateway on 'ubuntu' to 10.129.128.3 it works 
> well, but I can't see the rest of my network subnets.  Which for
> external 
> connections is fine, but if we start using it more regularly it'll be a
> problem.
> 
> For consistancy's sake, I would like to the default gateway to be the 
> 10.129.128.1, but how do I also get a 'second default gateway' or at 
> least an intelligent route to the outside world?
>

More information about the wellylug mailing list