I think the problem is that you are configuring both as "gateways", so box 'A' is saying "I want to get to 192.168.0.10" if I look at my routing table, the default gateway is "226-4-216-1.ge.." so that is what I will do. Of course this drops the packet because this is a private block (non-routable to most "real-world" routers). So, short of the theory, add a network route, but don't make it a agteway and see if that works... i.e. on bax 'A' route add -net 192.168.0.0 netmask 255.255.255.0 10.0.0.2 and on box 'C' route add -net 10.0.0.1 netmask 255.0.0.0 192.168.0.1 (of course you should flush the routing tables to begin with) I would presume this would work, and it appears the internal route (box B) is configured correctly, of course you might want to make sure ip_forwarding is turned on :-) echo "1" > /path/to/ip_forward (I *think* /proc/sys/net/ip_forward) HTH -Brad Eric wrote: > This stuff is supposed to be basic but it gets confusing. Could someone > help me understand a routing problem? I very much appreciate it; I know > there are lots of characters on this page. But this problem is preventing > me from scp'ing from my firewall (computer C) to fileserver (computer A), > which is what I need to do. > > Topology > > Computer A (e-smith) > eth1 public ip > eth0 10.0.0.1 > > Computer B (w2K) > 10.0.0.2 > 192.168.0.1 > > Computer C (rh7.1) > 192.168.0.10 > > Computers A and C are obviously separated by computer B. > > PROBLEM: > > Computer A can ping only 10.0.0.2 and public IP's, but not anything on > 192.168.0.x. > Computer B can ping everything. > Computer C can ping anything on 192.168.0.x and any public IP, but > **cannot** ping any 10.0.0.x. > > **So in essence, A cannot reach C, and C cannot reach A. > > I told computer C how to get to A, and A how to get to C, and B how to get > to A and C. But it doesn't work. What am I doing wrong. > > Here are the routing tables: > > ***Computer A > Kernel IP routing table > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 > 192.168.0.0 pc-0002 255.255.255.0 UG 0 0 0 eth0 > 226.4.216.0 * 255.255.255.0 U 0 0 0 eth1 > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 226-4-216-1.ge 0.0.0.0 UG 0 0 0 eth1 > > ("pc-0002" showed up after I did "route add -net 192.168.0.0/24 gw > 10.0.0.2".) > > ***Computer B > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 1 > 10.0.0.0 255.255.255.0 10.0.0.2 10.0.0.2 1 > 10.0.0.0 255.0.0.0 192.168.0.2 192.168.0.1 1 > 10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 1 > 10.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 1 > 192.168.0.0 255.255.255.0 10.0.0.2 10.0.0.2 1 > 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 > 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1 > 224.0.0.0 224.0.0.0 10.0.0.2 10.0.0.2 1 > 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1 > 255.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1 > Default Gateway: 10.0.0.1 > =========================================================================== > Persistent Routes: > Network Address Netmask Gateway Address Metric > 10.0.0.0 255.0.0.0 192.168.0.2 1 > > ***Computer C > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 > 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss