Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LAN traffic leaking on to WAN
Special Forums IP Networking LAN traffic leaking on to WAN Post 302581677 by herot on Tuesday 13th of December 2011 09:29:59 PM
Old 12-13-2011
LAN traffic leaking on to WAN
Network map:

WAN external interface 192.0.0.0 network
|
WAN internal interface 192.0.3.0 network
|
192.0.3.0 LAN
|
wireless router 192.0.3.1
|
DSL modem 192.0.3.2

The problem I am having is that some traffic from the 192.0.3.0 LAN seems to be "leaking" onto the 192.0.0.0 WAN. I noticed this when I installed a NAS on the network. I mapped a drive on a pc to a NAS share. When the backup program starts running, the frame WAN (192.0.0.0) starts dropping packets and the ping times go ridiculous high. When I stop the backup, the WAN traffic and ping times normalize again...

I have a static route in the DSL modem that points 192.0.3.0 to 192.0.0.0 because I need SOME traffic to go over the WAN (a windows shared printer). The rest of the time the frame WAN is only used for some serial printers that our Unix server talks to over the WAN (192.0.0.0).

I have a VPN in place now, so I do not need the 192.0.3.0 traffic to go over the WAN at all now. However, when I remove the static route from the DSL modem my serial printers stop receiving jobs from our Unix server on the other side of the WAN??? Why do my serial printers need the 192.0.3.0 network to talk? Aren't they separate from the LAN? They don't even have network cards for christ sake.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Can someone please give me information about WAN and LAN

I just need to know the important concepts. I tried searching on the internet for information about this but got bombarded with too many un-neccessary details I find confusing and helpless. I just need to know WAN and LAN concerning how to monitor them and fix or (troubleshoot) basic problems (3 Replies)
Discussion started by: TRUEST
3 Replies

2. Solaris

How to configure private LAN and coporate LAN on the same machine-Solaris10

Hi , I am trying to configure a private LAN and corporate LAN on the same machien on Solaris 10. How can I achieve this? Thanks (1 Reply)
Discussion started by: deedee
1 Replies

3. UNIX for Dummies Questions & Answers

LAN traffic rerouting to web server

Hello. I am not sure where to post this and would appreciate any moderator help in moving this to the area where it is most applicable. Thank you. I've posted these questions in a couple different forums, but have not received any answers about what I am doing wrong. I would appreciate any... (3 Replies)
Discussion started by: J-Fal
3 Replies

4. Web Development

Cannot access Apache web server from Wan side, only Lan side.

I have installed WAMPSERVER 2.0 on my windows vista x64 system but still am having issues with getting the webserver to be seen outside my local network. It is working fine within my local network. Been through several setup tutorials so far, no dice still. For testing purposes I have... (1 Reply)
Discussion started by: davidmanvell
1 Replies

5. IP Networking

Local Lan, no-ip directed DNS forward, surf within lan

Hi, We have a website running on a local centos 5.4 surfer, static IP. The domain.com uses no-ip.com to take care of the DNS, it forwards all to my server. My router receives the port 80 call, routes it to my server and the world can see domain.com perfectly fine. However, we cannot see... (3 Replies)
Discussion started by: lawstudent
3 Replies

6. IP Networking

Routing traffic problem between 3G and Office Lan Network

Hi, I would like to ask some networking solution regarding my work LAN and 3G usb network problem. I want to route my internet traffic to the 3G network and sometimes connect to some of my work network for ssh to configure some workstation or print something. Currently my problem is i can't... (0 Replies)
Discussion started by: jao_madn
0 Replies

7. Red Hat

Wan on eth1 and Lan on eth0

I have a local network on dev eth0 Server has static IP of 10.0.0.1 Gateway is 10.0.0.1 and Dns is 10.0.0.1 I am using this network for imaging 500 plus computer... Now, Issue that I am having is that I need to update packages and I dont want to change the configuration on eth0 because I... (0 Replies)
Discussion started by: golpemortal
0 Replies

8. Red Hat

Memory leaking

Hi All Would someone help me to find the detailed report on memory leak. any commands to get detailed report for OS level and applications As we are using REDHAT LINUX 5.9 Thanks Murali Muppa (2 Replies)
Discussion started by: murali969
2 Replies

LEARN ABOUT DEBIAN

ipsec_eroute

IPSEC_EROUTE(5) 						  [FIXME: manual]						   IPSEC_EROUTE(5)

NAME

       ipsec_eroute - list of existing eroutes

SYNOPSIS

       ipsec eroute
	     cat/proc/net/ipsec_eroute

OBSOLETE

       Note that eroute is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in
       future versions. On the mast stack, use ipsec policy, on the netkey stack, use ip xfrm

DESCRIPTION

       /proc/net/ipsec_eroute lists the IPSEC extended routing tables, which control what (if any) processing is applied to non-encrypted packets
       arriving for IPSEC processing and forwarding. At this point it is a read-only file.

       A table entry consists of:

       +
	   packet count,

       +
	   source address with mask and source port (0 if all ports or not applicable)

       +
	   a '->' separator for visual and automated parsing between src and dst

       +
	   destination address with mask and destination port (0 if all ports or not applicable)

       +
	   a '=>' separator for visual and automated parsing between selection criteria and SAID to use

       +
	   SAID (Security Association IDentifier), comprised of:

       +
	   protocol (proto),

       +
	   address family (af), where '.' stands for IPv4 and ':' for IPv6

       +
	   Security Parameters Index (SPI),

       +
	   effective destination (edst), where the packet should be forwarded after processing (normally the other security gateway) together
	   indicate which Security Association should be used to process the packet,

       +
	   a ':' separating the SAID from the transport protocol (0 if all protocols)

       +
	   source identity text string with no whitespace, in parens,

       +
	   destination identity text string with no whitespace, in parens

       Addresses are written as IPv4 dotted quads or IPv6 coloned hex, protocol is one of "ah", "esp", "comp" or "tun" and SPIs are prefixed
       hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6

       SAIDs are written as "protoafSPI@edst". There are also 5 "magic" SAIDs which have special meaning:

       +
	   %drop means that matches are to be dropped

       +
	   %reject means that matches are to be dropped and an ICMP returned, if possible to inform

       +
	   %trap means that matches are to trigger an ACQUIRE message to the Key Management daemon(s) and a hold eroute will be put in place to
	   prevent subsequent packets also triggering ACQUIRE messages.

       +
	   %hold means that matches are to stored until the eroute is replaced or until that eroute gets reaped

       +
	   %pass means that matches are to allowed to pass without IPSEC processing

EXAMPLES

       1867 172.31.252.0/24:0 -> 0.0.0.0/0:0 => tun0x130@192.168.43.1:0

	() ()

       means that 1,867 packets have been sent to an eroute that has been set up to protect traffic between the subnet 172.31.252.0 with a subnet
       mask of 24 bits and the default address/mask represented by an address of 0.0.0.0 with a subnet mask of 0 bits using the local machine as a
       security gateway on this end of the tunnel and the machine 192.168.43.1 on the other end of the tunnel with a Security Association
       IDentifier of tun0x130@192.168.43.1 which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a Security Parameters Index of
       130 in hexadecimal with no identies defined for either end.

       746 192.168.2.110/32:0 -> 192.168.2.120/32:25 => esp0x130@192.168.2.120:6

	() ()

       means that 746 packets have been sent to an eroute that has been set up to protect traffic sent from any port on the host 192.168.2.110 to
       the SMTP (TCP, port 25) port on the host 192.168.2.120 with a Security Association IDentifier of tun0x130@192.168.2.120 which means that it
       is a transport mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end.

       125 3049:1::/64 -> 0:0/0 => tun:130@3058:4::5 () ()

       means that 125 packets have been sent to an eroute that has been set up to protect traffic between the subnet 3049:1:: with a subnet mask
       of 64 bits and the default address/mask represented by an address of 0:0 with a subnet mask of 0 bits using the local machine as a security
       gateway on this end of the tunnel and the machine 3058:4::5 on the other end of the tunnel with a Security Association IDentifier of
       tun:130@3058:4::5 which means that it is a tunnel mode connection with a Security Parameters Index of 130 in hexadecimal with no identies
       defined for either end.

       42 192.168.6.0/24:0 -> 192.168.7.0/24:0 => %passthrough

       means that 42 packets have been sent to an eroute that has been set up to pass the traffic from the subnet 192.168.6.0 with a subnet mask
       of 24 bits and to subnet 192.168.7.0 with a subnet mask of 24 bits without any IPSEC processing with no identies defined for either end.

       2112 192.168.8.55/32:0 -> 192.168.9.47/24:0 => %hold (east) ()

       means that 2112 packets have been sent to an eroute that has been set up to hold the traffic from the host 192.168.8.55 and to host
       192.168.9.47 until a key exchange from a Key Management daemon succeeds and puts in an SA or fails and puts in a pass or drop eroute
       depending on the default configuration with the local client defined as "east" and no identy defined for the remote end.

       2001 192.168.2.110/32:0 -> 192.168.2.120/32:0 =>

	esp0xe6de@192.168.2.120:0 () ()

       means that 2001 packets have been sent to an eroute that has been set up to protect traffic between the host 192.168.2.110 and the host
       192.168.2.120 using 192.168.2.110 as a security gateway on this end of the connection and the machine 192.168.2.120 on the other end of the
       connection with a Security Association IDentifier of esp0xe6de@192.168.2.120 which means that it is a transport mode connection with a
       Security Parameters Index of e6de in hexadecimal using Encapsuation Security Payload protocol (50, IPPROTO_ESP) with no identies defined
       for either end.

       1984 3049:1::110/128 -> 3049:1::120/128 =>

	ah:f5ed@3049:1::120 () ()

       means that 1984 packets have been sent to an eroute that has been set up to authenticate traffic between the host 3049:1::110 and the host
       3049:1::120 using 3049:1::110 as a security gateway on this end of the connection and the machine 3049:1::120 on the other end of the
       connection with a Security Association IDentifier of ah:f5ed@3049:1::120 which means that it is a transport mode connection with a Security
       Parameters Index of f5ed in hexadecimal using Authentication Header protocol (51, IPPROTO_AH) with no identies defined for either end.

FILES

       /proc/net/ipsec_eroute, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5),
       ipsec_pf_key(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source] 						    10/06/2010							   IPSEC_EROUTE(5)
All times are GMT -4. The time now is 06:30 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy