Getting router to talk to client subnet/VLAN

Having a routing problem I need help with:

• All my routers and switches are on 172.16.0.0/23, VLAN 2 (mgmt vlan)

• My client VLANs are: VLAN101=172.16.2.0/23, VLAN102=172.16.4.0/23, etc

• The machine I use to manage the network is called NMS and is on

• A linux machine runs NAT/DHCP/DNS for the clients. It has IPs in each VLAN *except* VLAN 2.

• iptables on the linux machine prohibits interVLAN routing but expressly allows all traffic to/from NMS.

Here's the problem: all the routers and switches can ping each other, and NMS can ping them as well. But the routers/switches cannot ping NMS, and I'm don't understand why. I tried making an interface on the linux box within VLAN2, and can then ping that interface from the router, but that eliminates the ability of NMS to ping the router.

More config info follows.

===================================================== Core router:

interface GigabitEthernet0/1.2 description v002-internal-mgt-vlan encapsulation dot1Q 2 ip address 172.16.0.1 255.255.254.0 ! interface GigabitEthernet0/1.20 description v020-public-ip-inside encapsulation dot1Q 20 ip address 76.61.48.1 255.255.255.240 no ip unreachables ! ip default-gateway 208.05.19.73 ip route 0.0.0.0 0.0.0.0 208.05.19.73 ip route 76.61.48.0 255.255.255.0 Null0 15

======================================================

Core Switches (there are a series of these, 172.16.0.2-172.16.0.6)

interface Vlan2 description v002-internal-mgt-vlan ip address 172.16.0.2 255.255.254.0 no ip redirects no ip route-cache

======================================================

Linux box ROMULUS (NAT, DHCP, DNS, NTP)

eth0 Link encap:Ethernet HWaddr 00:0D:56:FE:AD:FD inet addr:76.61.48.3 Bcast:76.61.48.15 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1586 errors:0 dropped:0 overruns:0 frame:0 TX packets:1894 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:395674 (386.4 KiB) TX bytes:479735 (468.4 KiB) Interrupt:17

eth1 Link encap:Ethernet HWaddr 00:0D:56:FE:AD:FE UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284 errors:0 dropped:0 overruns:0 frame:0 TX packets:1712 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:603934 (589.7 KiB) TX bytes:431245 (421.1 KiB) Interrupt:18

eth1.101 Link encap:Ethernet HWaddr 00:0D:56:FE:AD:FE inet addr:172.16.2.1 Bcast:172.16.3.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1266 errors:0 dropped:0 overruns:0 frame:0 TX packets:890 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:392524 (383.3 KiB) TX bytes:203254 (198.4 KiB)

eth1.102 Link encap:Ethernet HWaddr 00:0D:56:FE:AD:FE inet addr:172.16.4.1 Bcast:172.16.5.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:490 errors:0 dropped:0 overruns:0 frame:0 TX packets:255 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:83958 (81.9 KiB) TX bytes:55310 (54.0 KiB)

NMS Workstation:

Physical Address. . . . . . . . . : 00-19-21-13-FB-FD DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.16.3.99(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : 172.16.2.1 DHCP Server . . . . . . . . . . . : 172.16.2.1 DNS Servers . . . . . . . . . . . : 172.16.2.1 172.16.2.2