1. The best network calculator on the web is:
http://www.agt.net/public/sparkman/netcalc.htm
You can check your subnet calculations there.
Your ISP should not care about how you have subnetted. They have routed all
traffic for that subnet to you (if they did their job right).
What you doing wrong is a large question. From my point of view the answer
is a lot. I see no firewall here. Even with subnets you have left yourself
wide open to any attack from anywhere. It is a rare thing that I would
allow "real" IP addresses on internal machines in a network. You need to
check out about using ipchains. Rusty's ipchains HOWTO is easy and
complete. It can be found here:
http://www.europe.redhat.com/documentation/HOWTO/IPCHAINS-HOWTO.php3
For my part, on my internal network I use one to one mapping of NAT address
to outside addresses using an internal and external NAT pool. I then tie
the network down using the ipchains rules. I have to admit to using access
lists in my router as well.
Paul Anderson
The way you have things setup the default gateway for your clients is
outside the mask you have set for the client so that the default gateway is
unreachable.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Peltonen
Sent: Friday, December 29, 2000 8:45 AM
To: [EMAIL PROTECTED]
Subject: simple routing problem
WHAT I'M TRYING TO DO
---------------------
I'm trying to connect a network with public ip-addresses to the Internet
via a Linux (Red Hat 6.2) router.
THE PROBLEM
-----------
No routing is happening. I can ping from the router both the Internet and
my own net, but can not ping from my own net the Internet.
I've wrote a diary how I set up my network. Maybe someone could find the
part I'm doing wrong?
CALCULATED THE SUBNETS
----------------------
My ISP has given me the net xxx.xx.xxx.128. So, I have a half C class
network in my use (addresses 129-254).
I divided that net into three parts:
net name netmask ip
.128 dmz1 .192 .129 - .190
.192 dmz2 .224 .193 - .222
.224 router .224 .225 - .224
Dmz2 is for future use. I'm not planning to use it for now.
Have I calculated the subnets correctly?
My ISP doesn't know about the subnets I've created. Is that a problem? I
think that it isn't, as xxx.xx.xxx.128/255.255.255.0 is forwarded to my
router and my router then forwards the packets to right directions, right?
MY PLANNED NETWORK
------------------
HDSL .254
+
|
|
+
eth0 .253
Linux-router
eth1 .190
+
|
|
+
eth0 .129
Linux-client
ROUTER'S KERNEL (2.2.17) SETTINGS
---------------------------------
>From Networkin Options I chose:
* Packet socket
* Kernel/User netlink socket
* Routing messages
* Netlink device emulation
* Network firewalls
* Socket Filtering
* Unix domain sockets
* TCP/IP networking
* IP: multicasting
* IP: advanced router
* IP: policy routing
* IP: equal cost multipath
* IP: use TOS valuee as routing key
* IP: verbose route monitoring
* IP: large routing tables
* IP: fast network address translation
* IP: kernel level autoconficuration
* DHCP support
* IP: firewalling
* IP: firewall packet netling device
* IP: use FWMARK value as routing key
* IP: transparent proxy support
* IP: masquerading
* IP: ICMP masquerading
* IP: optimize as router not host
M IP: tunneling
M IP: GRE tunnels over IP
* IP: broadcast GRE over IP
* IP: aliasing support
* IP: Allow large windows
ROUTER'S NETWORK SETUP
----------------------
I've got RH 6.2 server installation running on my router. I've installed all
updates available.
I ran my network down:
root# /etc/rc.d/init.d/network stop
And then configured the /etc/sysconfig/network file:
--snip--
NETWORKING=yes
# in reality the next one is the real dns name
HOSTNAME=peking
--snip--
Edited the /etc/sysctl.conf file
--snip--
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Disables source route verification
net.ipv4.conf.all.rp_filter = 0
# Enables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
--snip--
I removed /etc/sysconfig/ifcfg-eth* files.
Started the network again:
root# /etc/rc.d/init.d/network start
Now my routing table is empty and ifconfig knows only about the lo
device.
I added my nameserver ip to the /etc/resolv.conf file.
Configured the network settings:
root# ifconfig eth0 xxx.xx.xxx.253 netmask 255.255.255.224 up
root# ifconfig eth1 xxx.xx.xxx.190 netmask 255.255.255.192 up
root# route add default gw xxx.xx.xxx.254
The settings look like this now:
root# ifconfig
eth0 Link encap:Ethernet HWaddr 00:80:5F:BC:FE:37
inet addr:xxx.xx.xxx.253 Bcast:xxx.xx.xxx..255
Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:223 errors:0 dropped:0 overruns:0 frame:0
TX packets:346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:3 Base address:0x7000
eth1 Link encap:Ethernet HWaddr 00:D0:B7:BD:9E:3C
inet addr:xxx.xx.xxx..190 Bcast:xxx.xx.xxx.255
Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3583 errors:0 dropped:0 overruns:0 frame:0
TX packets:625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
xxx.xx.xxx.224 0.0.0.0 255.255.255.224 U 0 0 0 eth0
xxx.xx.xxx.128 0.0.0.0 255.255.255.192 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xx.xxx.254 0.0.0.0 UG 0 0 0 eth0
I checked that I sure was forwarding the packets:
root# cat /proc/sys/net/ipv4/ip_forward
1
And that I can ping everybody:
root# ping xxx.xx.xxx.253
PING xxx.xx.xxx.253 (xxx.xx.xxx.253) from xxx.xx.xxx.253 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.253: icmp_seq=0 ttl=255 time=338 usec
root# ping xxx.xx.xxx.190
PING xxx.xx.xxx.190 (xxx.xx.xxx.190) from xxx.xx.xxx.190 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.190: icmp_seq=0 ttl=255 time=374 usec
root# ping xxx.xx.xxx.254
PING xxx.xx.xxx.254 (xxx.xx.xxx.254) from xxx.xx.xxx.253 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.254: icmp_seq=0 ttl=255 time=1.646 msec
root# ping ftp.funet.fi
PING ftp.funet.fi (193.166.0.148) from xxx.xx.xxx.253 : 56(84) bytes of
data.
64 bytes from ftp.funet.fi (193.166.0.148): icmp_seq=0 ttl=248 time=7.329
msec
THE CLIENT MACHINE'S SETTINGS
-----------------------------
I'm running RH 6.2 (full install) on the client machine too.
Ran the network down:
root# /etc/rc.d/init.d/network stop
And edited the /etc/sysconfig/network file:
--snip--
NETWORKING=yes
# in reality the next one is the real dns name
HOSTNAME=antarktis
--snip--
I removed /etc/sysconfig/ifcfg-eth* files.
Started the network again:
root# /etc/rc.d/init.d/network start
Now my routing table is empty and ifconfig knows only about the lo
device.
I added my nameserver ip to the /etc/resolv.conf file.
Configured the network settings:
root# ifconfig eth0 xxx.xx.xxx.129 netmask 255.255.255.192 up
root# route add default gw xxx.xx.xxx.190
And the settings look like this now:
root# ifconfig
eth0 Link encap:Ethernet HWaddr 00:10:5A:72:8D:AC
inet addr:xxx.xx.xxx.129 Bcast:xxx.xx.xxx.255
Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1877078 errors:1 dropped:0 overruns:0 frame:1
TX packets:1341156 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:863692 errors:0 dropped:0 overruns:0 frame:0
TX packets:863692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
root# route -n
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
xxx.xx.xxx.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xx.xxx.190 0.0.0.0 UG 0 0 0 eth0
Tried if I can find the default gateway:
root# ping xxx.xx.xxx.190
PING xxx.xx.xxx.190 (xxx.xx.xxx.190) from xxx.xx.xxx.129 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.190: icmp_seq=0 ttl=255 time=407 usec
Ok. How about the router's eth0:
[root@cayman network-scripts]# ping xxx.xx.xxx.253
PING xxx.xx.xxx.253 (xxx.xx.xxx.253) from xxx.xx.xxx.129 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.253: icmp_seq=0 ttl=255 time=394 usec
Ok. And what might the HDSL-router say:
# ping xxx.xx.xxx.254
PING xxx.xx.xxx.254 (xxx.xx.xxx.254) from xxx.xx.xxx.129 : 56(84) bytes of
data.
No replies. Just silence.
What I'm doing wrong???
A bit hopeles,
Peter
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list