OK - I added ONLY:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

to the 2500 (R1) and now I can ping google.com from my router. Good.

I am still unable to ping any IP addresses from the PC at 192.168.3.2 EXCEPT, 192.168.3.1, 192.168.1.8, and now 192.168.1.1.

My DNS servers are at 192.168.1.2 and 192.168.1.10, so I will need to be able to reach them to get these other subnets working on the net (at least as far as name resolution goes).

On my IPCop router, I have tried these commands:

route add -net 192.168.3.0 netmask 255.255.255.0 eth0

and

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.8 eth0

route -e returns the default routing table:

root@ipcop-tc:~ # route -e

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

(My public IP here) * 255.255.255.128 U 0 0 0 eth2

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth2

If I run:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.8 eth0

This is the result:

root@ipcop-tc:~ # route -e

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

(My public IP here) * 255.255.255.128 U 0 0 0 eth2

192.168.3.0 192.168.1.8 255.255.255.0 UG 0 0 0 eth0

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth2

If I run:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.1 eth0

This is the resulting table:

root@ipcop-tc:~ # route -e

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

(My public IP here) * 255.255.255.128 U 0 0 0 eth2

192.168.3.0 ipcop-tc.tc 255.255.255.0 UG 0 0 0 eth0

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth2

If I run:

root@ipcop-tc:~ # route add -net 192.168.3.0 netmask 255.255.255.0 eth0

This is the resulting table:

root@ipcop-tc:~ # route -e

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

(My Public IP here) * 255.255.255.128 U 0 0 0 eth2

192.168.3.0 * 255.255.255.0 U 0 0 0 eth0

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth2

But unfortunately, I'm still unable to ping any IP address from the PC at 192.168.3.2 EXCEPT, 192.168.3.1, 192.168.1.8, and now 192.168.1.1. =(

If I get it correctly, you have two gateways on 192.168.1.0: your 2500 and the linux router. Hosts on the network will need a route statement for 192.168.3.0 pointing to the 2500, in addition to a default route pointing to the linux host.

If they don't, they'll send traffic for 192.168.3.x to the wrong next hop. The Linux box might send out a ICMP Redirect, and your PCs might listen to that Redirect, but don't count on it.

If I understand my terminology correctly, the 2500 isn't a gateway out to the Internet except for the 192.168.3.0/24 subnet. It is not directly connected to the cable modem, just a switch that connects to the 192.168.1.1 router.

Still, hosts on the 192.168.1.0 network need to know how to reach the 192.168.3.0 network. The gateway for that particular network will be your R1 (note that it is not a "default gateway", but only for destinations in 192.168.3.0) That is why you will have to add a route on those hosts.

So I tried adding a second gateway on 192.168.1.10, one of my DNS servers, and then tried to ping from 192.168.3.2 to 192.168.1.10 and it still refuses to ping. Is that what you meant?

Another side note:

I can now surf the web using the 192.168.3.2 PC using the DNS servers on the 192.168.1.0/24 subnet. They are resolving, and NSLOOKUP works fine on the PC, but yet I still can't ping them. I'm not sure what's happening.

Currently on my router I have this for a routing table:

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

(my public subnet) * 255.255.255.128 U 0 0 0 eth2

192.168.3.0 * 255.255.255.0 U 0 0 0 eth0

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth2

Is it something else I need to add to the IPCop Linux router?

I'm sorry to be so n00b. I've only connected up Cisco to Cisco routers before.

"They are resolving, and NSLOOKUP works fine on the PC, but yet I still can't ping them. I'm not sure what's happening. "

It sounds like ICMP is disabled somewhere (I suspect IPCop).

A couple of tests:

Can you ping from 192.168.1.8 (cisco router) to the inside interface on your IPCop router?

From the IPCop router, can you ping 192.168.1.8 (cisco router)

From 192.168.3.2, can you ping inside interface of IPCop?

From IPCop, can you ping 192.168.3.2.

You don't have an overly complicated setup, so all traffic should be passing fine unless there's a firewall configured on your Linux box like IPTables. If you have IPTables configured, you'll need to add exclusions for the 192.168.3.0/24 subnet.

HTH,

John

"Can you ping from 192.168.1.8 (cisco router) to the inside interface on your IPCop router? "

From the Cisco 2500 router (R1), yes, without modifying the Linux routers' route table.

"From 192.168.3.2, can you ping inside interface of IPCop?"

Not if the Linux routers' routing table is left at defaults.

But yes if I run:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.1 eth0

"From IPCop, can you ping 192.168.3.2."

Not if the Linux routers' routing table is left at defaults.

But yes if I run:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.1 eth0

The IPCop route does have a builtin firewall.

I've never worked with iptables unfortunately. =(

IPtables output attached in .txt file

Deleted iptables attachment and reattached due to personal info.

I am beginning to think it is more of a problem on the Cisco router (R1) side than my Linux router. I can ping all the way into the 192.168.3.2 network just fine after I add a route statement on the Linux router. However, I cannot ping out to the 192.168.1.0/24 network other than 192.l68.1.1 and 192.168.1.8

Here is my running config:

TC-R1#sh run

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname TC-R1

!

!

ip subnet-zero

ip name-server 192.168.1.2

ip name-server 192.168.1.10

!

!

!

interface Ethernet0

ip address 192.168.1.8 255.255.255.0

no ip directed-broadcast

!

interface Ethernet1

ip address 192.168.3.1 255.255.255.0

no ip directed-broadcast

!

interface Serial0

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

no fair-queue

!

interface Serial1

no ip address

no ip directed-broadcast

shutdown

!

ip classless

!

!

line con 0

transport input none

line aux 0

line vty 0 4

login

!

end

TC-R1#

Flash:

TC-R1#sh flash

System flash directory:

File Length Name/status

1 6788464 C2500-d-l.120-4

[6788528 bytes used, 1600080 available, 8388608 total]

8192K bytes of processor board System flash (Read ONLY)

I connected up and configured a Cisco 1710 router with the same IPs and similar config and I have the same issue with this router too. =(

Tavis,

just going through the thread...

what machine is 192.168.1.1? I assume it's the Linux router?

The route for 192.168.3.0/24 should be pointing at the 192.168.1.8 address that you have on your drawing.

I would also be interested in the results of an extend ping to the ipcop router. the extended ping should identify 192.168.3.1 as the source interface.

thanks

Tony

Tavis,

I think it's your Linux box causing the issue and not the router. You'll need to have a route for the 192.168.3.0 subnet on the Linux box, or else it doesn't know where to send the packet back. The workstation needs to have the 192.168.3.x address of the router's inside interface listed as it's gateway. Other than that, your router is configured correctly for what you're doing with it.

BTW, you'll need a default route on the Cisco router like:

ip route 0.0.0.0 0.0.0.0

The routes on the Linux box have to stay for the 192.168.3.0 subnet.

HTH,

John