RE: [expert] Routing with 2 different subnets
On Mon, 2003-06-23 at 04:03, Ken Walker wrote: > what's cli command to show the following ? > > many thanks > > Ken route > > > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.1.0 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 eth0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 eth0 > > > >Then I changed usb0 to 192.168.0.10 and I had > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.0.10 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 eth0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 eth0 > > > >I switched off the pda, later switched it on again and > >-boom- my eth0 > >was gone! I had > > > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.0.10 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 usb0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 usb0 > > > >WTF! Now I have switched off the pda, usb0 is gone and I > >was left with > >lo as single network device! I did a 'service network > >status' and it > >listed eth0 as active. I did a 'service network stop' and > >then started > >it again and there was eth0 again. > >I switched on the pda and eth0 was gone and usb0 took it's place. > > > >wobo > >-- > >Public GnuPG key available at http://www.wolf-b.de/misc > > > > > > > > > > > __ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
On Monday 23 June 2003 04:03, Ken Walker wrote: > what's cli command to show the following ? /sbin/route Ref: 1. "man route" > > many thanks > > Ken > > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.1.0 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 eth0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 eth0 > > > >Then I changed usb0 to 192.168.0.10 and I had > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.0.10 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 eth0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 eth0 > > > >I switched off the pda, later switched it on again and > >-boom- my eth0 > >was gone! I had > > > >Destination GatewayGenmask Flags Metric > >Ref Use Iface > >192.168.0.10 * 255.255.255.0 U 0 0 > > 0 usb0 > >192.168.0.0 * 255.255.255.0 U 0 0 > > 0 usb0 > >127.0.0.0* 255.0.0.0 U 0 0 > > 0 lo > >default 192.168.0.10.0.0.0 UG0 0 > > 0 usb0 > > > >WTF! Now I have switched off the pda, usb0 is gone and I > >was left with > >lo as single network device! I did a 'service network > >status' and it > >listed eth0 as active. I did a 'service network stop' and > >then started > >it again and there was eth0 again. > >I switched on the pda and eth0 was gone and usb0 took it's place. > > > >wobo > >-- > >Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Routing with 2 different subnets
what's cli command to show the following ? many thanks Ken >Destination GatewayGenmask Flags Metric >Ref Use Iface >192.168.1.0 * 255.255.255.0 U 0 0 > 0 usb0 >192.168.0.0 * 255.255.255.0 U 0 0 > 0 eth0 >127.0.0.0* 255.0.0.0 U 0 0 > 0 lo >default 192.168.0.10.0.0.0 UG0 0 > 0 eth0 > >Then I changed usb0 to 192.168.0.10 and I had >Destination GatewayGenmask Flags Metric >Ref Use Iface >192.168.0.10 * 255.255.255.0 U 0 0 > 0 usb0 >192.168.0.0 * 255.255.255.0 U 0 0 > 0 eth0 >127.0.0.0* 255.0.0.0 U 0 0 > 0 lo >default 192.168.0.10.0.0.0 UG0 0 > 0 eth0 > >I switched off the pda, later switched it on again and >-boom- my eth0 >was gone! I had > >Destination GatewayGenmask Flags Metric >Ref Use Iface >192.168.0.10 * 255.255.255.0 U 0 0 > 0 usb0 >192.168.0.0 * 255.255.255.0 U 0 0 > 0 usb0 >127.0.0.0* 255.0.0.0 U 0 0 > 0 lo >default 192.168.0.10.0.0.0 UG0 0 > 0 usb0 > >WTF! Now I have switched off the pda, usb0 is gone and I >was left with >lo as single network device! I did a 'service network >status' and it >listed eth0 as active. I did a 'service network stop' and >then started >it again and there was eth0 again. >I switched on the pda and eth0 was gone and usb0 took it's place. > >wobo >-- >Public GnuPG key available at http://www.wolf-b.de/misc > > > > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Guillaume Marcais (Samstag, 21. Juni 2003 01:07) > To understand what is going on your networks, use tcpdump on both > network. Do something like: > > # tcpdump -i eth0 -l -n > > and > > # tcpdump -i usb0 -l -n > > Then send pings from your pda and follow the path of the query and > response as it goes through you linux box. First ping 192.168.1.1, > you should see a query and response on usb0. Next ping 192.168.0.1, > you should see query/response on both usb0 and eth0. Your MDK router > has done its routing job if that's the case. 1. started both tcpdump I see the regular activity of usb0 and eth0 2. Pinged usb0 from the pda. Saw the request and reply on usb0 3. Pinged eth0 from pda. Saw the request and reply on usb0 but nothing on eth0. It looks like usb0 is answering instead of eth0 06:01:20.613156 192.168.1.100 > 192.168.0.3: icmp: echo request (DF) 06:01:20.613198 192.168.0.3 > 192.168.1.100: icmp: echo reply There was nothing on eth0. 3. Pinged the router from pda but did not get through. Nothing on eth0 and only the request on usb0: 06:05:24.926697 192.168.1.100 > 192.168.0.1: icmp: echo request (DF) 06:05:25.926478 arp who-has 192.168.1.1 tell 192.168.1.100 06:05:25.926506 arp reply 192.168.1.1 is-at xx:xx:x:xx:xx:xx 06:05:25.928440 192.168.1.100 > 192.168.0.1: icmp: echo request (DF) 06:05:26.926273 192.168.1.100 > 192.168.0.1: icmp: echo request (DF) wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
To understand what is going on your networks, use tcpdump on both network. Do something like: # tcpdump -i eth0 -l -n and # tcpdump -i usb0 -l -n Then send pings from your pda and follow the path of the query and response as it goes through you linux box. First ping 192.168.1.1, you should see a query and response on usb0. Next ping 192.168.0.1, you should see query/response on both usb0 and eth0. Your MDK router has done its routing job if that's the case. Now ping the outside world (google.com is my regurlar scape goat). If you see the ping query going through the linux box but no response ever from you the internet, it is probably, as mentionned before, because the internet router is not configured to NAT the packet with 192.168.1.0/24 source address. If you NAT the packet on the MDK machine, then you should be all set: # iptables -A POSTROUTING -o eth0 -j MASQUERADE -t nat Now the ping should work and you can monitor with tcpdump that the NAT takes place. Hope this helps and the assumptions I made on your network are correct, Guillaume. On Fri, 2003-06-20 at 16:56, Wolfgang Bornath wrote: > ** Wolfgang Bornath (Freitag, 20. Juni 2003 22:37) > > > Oh, wait, you wrote something about setting it up on the router. I'll > > check. > > No that was Seth, sorry. > I entered setup of static routes in my router and entered: > > Destination IP Address: 192.168.1.100 > IP Subnet Mask: 255.255.255.0 > Gateway IP Address: 192.168.0.3 > Metric: 0 > > This did not change anything. Then, remembering that the gateway for the > pda is 192.168.1.1 I set this IP into the router's static route but it > also did not change a thing. I guess that there is no forwarding from > the eth0 to the router because I cannot ping the router from the pda. > > > wobo > -- > Public GnuPG key available at http://www.wolf-b.de/misc > > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
Wobo, You'll also need to enable IP forwarding on the pda and NAT for the 192.168.1.0/24 network on the desktop. On Sat, 21 Jun 2003 04:37, Wolfgang Bornath wrote: > ** Muzza (Freitag, 20. Juni 2003 22:03) > > > Wobo, > > On the desktop > > Put "usb0" back to 192.168.1.1 as it needs to be on a separate > > subnet. Restart the network. You should now have both eth0 and usb0. > > > > Set the pda up to use; > > 192.168.1.100 netmask 255.255.255.255 gateway 192.168.1.1 > > > > Back on the desktop; > > "route add -host 192.168.1.100 netmask 255.255.255.0 dev usb0" > > OK, thanks Muzza, now I am back where I started with the added value > that I can reach eth0 from the pda. > > BTW: route complained about the 'netmask 255.255.255.0' by saying that > "Setting a netmask of 00ff is without meaning with the -host > option". > Same thing it complained about when I used 255.255.255.255 > > Now my route on the desktop looks like: > > Destination RouterGenmask Flags Metric Ref Use Iface > pda * 255.255.255.255 UH 0 00 usb0 > 192.168.1.0 * 255.255.255.0U0 00 usb0 > 192.168.0.0 * 255.255.255.0U0 00 eth0 > 127.0.0.0 * 255.0.0.0U0 00 lo > default 192.168.0.1 0.0.0.0 UG 0 00 eth0 > > route on my pda looks like: > > Destination RouterGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usbf > 127.0.0.0 * 255.0.0.0 U 0 00 lo > default 192.168.1.1 0.0.0.0 UG0 00 usbf > > Leaves me still without Internet access for the pda. > Oh, wait, you wrote something about setting it up on the router. I'll > check. > > wobo -- CYA, Muzza. Registered Linux User 133740 Gentoo Linux Kernel version 2.4.20-gentoo-r5 Current Linux uptime: 12 hours 0 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
On Fri, 20 Jun 2003, Wolfgang Bornath wrote: > I have a small problem with routing. > > 1. Connection to Internet via router --> 192.168.0.1 > > 2. MDK 9.1 with eth0 --> 192.168.0.3 > usb0 --> 192.168.1.1 > > 3. Linux PDA with usbf --> 192.168.1.2 > > Internet connection via eth0 via router is ok > Telnet/ftp connection from usb0 to usbf is ok > I can ping the pda from desktop and vice versa > > Internet access from pda via usbf - usb0 - eth0 - router is not working > (no DNS prob because when I ping an IP I get "Network not reachable". > In my gkrellm I see that the packets go from the pda via usbf, usb0 to > eth0 and out to the router. The packets come back from internet via > router and eth0 but don't go further to usb0 to get to usbf. > > In /etc/sysctl.conf: > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 # I tried '0' before, no success. > > route on MDK shows: > - > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usb0 > 192.168.0.0 * 255.255.255.0 U 0 00 eth0 > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.0.10.0.0.0 UG0 00 eth0 > > route on pda shows: > --- > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usbf > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.1.10.0.0.0 UG0 00 usbf > > When I try to set 192.168.0.1 (Router) as gw for the pda I get a > "Network not reachable" message. OK, wobo, let's see what we can do here ... :) I'd recommend putting them on the same subnet, using "Proxy ARP with Subnetting". See the HOWTO at: http://www.linux.org/docs/ldp/howto/mini/Proxy-ARP-Subnet/index.html To do this, you need to adjust the netmask of the usb0 interface, so that the range it covers is a *subset* of the range that eth0 uses, like so: Int.Network Netmask Broadcast eth0192.168.0.0 255.255.255.0 192.168.0.255 usb0192.168.0.128 255.255.255.128 192.168.0.255 The IP of usb0 should be 192.168.0.129, and the PDA's can be anything from 192.168.0.130 to 192.168.0.254. In /etc/sysctl.conf, you'll probably need: net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.proxy_arp = 1 And in /etc/sysconfig/network: FORWARD_IPV4=true HTH! -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 & 9.0 The engineer is neither optimist nor pessimist. He sees the proverbial half-full/empty glass and says, "The glass is twice as big as there is any need for it to be." Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Wolfgang Bornath (Freitag, 20. Juni 2003 22:37) > Oh, wait, you wrote something about setting it up on the router. I'll > check. No that was Seth, sorry. I entered setup of static routes in my router and entered: Destination IP Address: 192.168.1.100 IP Subnet Mask: 255.255.255.0 Gateway IP Address: 192.168.0.3 Metric: 0 This did not change anything. Then, remembering that the gateway for the pda is 192.168.1.1 I set this IP into the router's static route but it also did not change a thing. I guess that there is no forwarding from the eth0 to the router because I cannot ping the router from the pda. wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Muzza (Freitag, 20. Juni 2003 22:03) > Wobo, > On the desktop > Put "usb0" back to 192.168.1.1 as it needs to be on a separate > subnet. Restart the network. You should now have both eth0 and usb0. > > Set the pda up to use; > 192.168.1.100 netmask 255.255.255.255 gateway 192.168.1.1 > > Back on the desktop; > "route add -host 192.168.1.100 netmask 255.255.255.0 dev usb0" OK, thanks Muzza, now I am back where I started with the added value that I can reach eth0 from the pda. BTW: route complained about the 'netmask 255.255.255.0' by saying that "Setting a netmask of 00ff is without meaning with the -host option". Same thing it complained about when I used 255.255.255.255 Now my route on the desktop looks like: Destination RouterGenmask Flags Metric Ref Use Iface pda * 255.255.255.255 UH 0 00 usb0 192.168.1.0 * 255.255.255.0U0 00 usb0 192.168.0.0 * 255.255.255.0U0 00 eth0 127.0.0.0 * 255.0.0.0U0 00 lo default 192.168.0.1 0.0.0.0 UG 0 00 eth0 route on my pda looks like: Destination RouterGenmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 00 usbf 127.0.0.0 * 255.0.0.0 U 0 00 lo default 192.168.1.1 0.0.0.0 UG0 00 usbf Leaves me still without Internet access for the pda. Oh, wait, you wrote something about setting it up on the router. I'll check. wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
Wobo, On the desktop Put "usb0" back to 192.168.1.1 as it needs to be on a separate subnet. Restart the network. You should now have both eth0 and usb0. Set the pda up to use; 192.168.1.100 netmask 255.255.255.255 gateway 192.168.1.1 Back on the desktop; "route add -host 192.168.1.100 netmask 255.255.255.0 dev usb0" On Sat, 21 Jun 2003 03:48, Wolfgang Bornath wrote: > ** Wolfgang Bornath (Freitag, 20. Juni 2003 20:58) > Now this is really getting out of control! > > route desktop: > This is what I had in the beginning: > > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usb0 > 192.168.0.0 * 255.255.255.0 U 0 00 eth0 > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.0.10.0.0.0 UG0 00 eth0 > > Then I changed usb0 to 192.168.0.10 and I had > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.0.10 * 255.255.255.0 U 0 00 usb0 > 192.168.0.0 * 255.255.255.0 U 0 00 eth0 > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.0.10.0.0.0 UG0 00 eth0 > > I switched off the pda, later switched it on again and -boom- my eth0 > was gone! I had > > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.0.10 * 255.255.255.0 U 0 00 usb0 > 192.168.0.0 * 255.255.255.0 U 0 00 usb0 > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.0.10.0.0.0 UG0 00 usb0 > > WTF! Now I have switched off the pda, usb0 is gone and I was left with > lo as single network device! I did a 'service network status' and it > listed eth0 as active. I did a 'service network stop' and then started > it again and there was eth0 again. > I switched on the pda and eth0 was gone and usb0 took it's place. > > wobo -- CYA, Muzza. Registered Linux User 133740 Gentoo Linux Kernel version 2.4.20-gentoo-r5 Current Linux uptime: 11 hours 5 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Wolfgang Bornath (Freitag, 20. Juni 2003 20:58) > ** Wolfgang Bornath (Freitag, 20. Juni 2003 20:46) > > > On the desktop I set > > route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0 > > Not true, sorry! I wanted to enter this line but I got route > complaining about setting netmask 255.255.255.255 makes no sense > here. So I left it out. > > route add -host 192.168.0.100 dev usb0 Now this is really getting out of control! route desktop: This is what I had in the beginning: Destination GatewayGenmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 00 usb0 192.168.0.0 * 255.255.255.0 U 0 00 eth0 127.0.0.0* 255.0.0.0 U 0 00 lo default 192.168.0.10.0.0.0 UG0 00 eth0 Then I changed usb0 to 192.168.0.10 and I had Destination GatewayGenmask Flags Metric Ref Use Iface 192.168.0.10 * 255.255.255.0 U 0 00 usb0 192.168.0.0 * 255.255.255.0 U 0 00 eth0 127.0.0.0* 255.0.0.0 U 0 00 lo default 192.168.0.10.0.0.0 UG0 00 eth0 I switched off the pda, later switched it on again and -boom- my eth0 was gone! I had Destination GatewayGenmask Flags Metric Ref Use Iface 192.168.0.10 * 255.255.255.0 U 0 00 usb0 192.168.0.0 * 255.255.255.0 U 0 00 usb0 127.0.0.0* 255.0.0.0 U 0 00 lo default 192.168.0.10.0.0.0 UG0 00 usb0 WTF! Now I have switched off the pda, usb0 is gone and I was left with lo as single network device! I did a 'service network status' and it listed eth0 as active. I did a 'service network stop' and then started it again and there was eth0 again. I switched on the pda and eth0 was gone and usb0 took it's place. wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
Wobo, Try "route add -host 192.168.0.100 netmask 255.255.255.0 dev usb0". You should have better luck with that. On Sat, 21 Jun 2003 02:58, Wolfgang Bornath wrote: > ** Wolfgang Bornath (Freitag, 20. Juni 2003 20:46) > > > On the desktop I set > > route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0 > > Not true, sorry! I wanted to enter this line but I got route complaining > about setting netmask 255.255.255.255 makes no sense here. So I left it > out. > > route add -host 192.168.0.100 dev usb0 > > wobo -- CYA, Muzza. Registered Linux User 133740 Gentoo Linux Kernel version 2.4.20-gentoo-r5 Current Linux uptime: 10 hours 18 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
Am Freitag, 20. Juni 2003 20:58 schrieb Wolfgang Bornath: > ** Wolfgang Bornath (Freitag, 20. Juni 2003 20:46) > > > On the desktop I set > > route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0 > > Not true, sorry! I wanted to enter this line but I got route complaining > about setting netmask 255.255.255.255 makes no sense here. So I left it > out. > > route add -host 192.168.0.100 dev usb0 > > wobo Sorry it was from the top of my head, should have said so Steffen Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
On Fri, 2003-06-20 at 06:17, Wolfgang Bornath wrote: > 1. Connection to Internet via router --> 192.168.0.1 > > 2. MDK 9.1 with eth0 --> 192.168.0.3 > usb0 --> 192.168.1.1 > > 3. Linux PDA with usbf --> 192.168.1.2 > > Internet connection via eth0 via router is ok > Telnet/ftp connection from usb0 to usbf is ok > I can ping the pda from desktop and vice versa > > Internet access from pda via usbf - usb0 - eth0 - router is not working > (no DNS prob because when I ping an IP I get "Network not reachable". > In my gkrellm I see that the packets go from the pda via usbf, usb0 to > eth0 and out to the router. The packets come back from internet via > router and eth0 but don't go further to usb0 to get to usbf. The router does not know how to reach the PDA through the MDK system. You need to add a new route to the routing table on the router so it will forward all 192.168.1.0/24 traffic to to gateway 192.168.0.3. Seth [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Wolfgang Bornath (Freitag, 20. Juni 2003 20:46) > On the desktop I set > route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0 Not true, sorry! I wanted to enter this line but I got route complaining about setting netmask 255.255.255.255 makes no sense here. So I left it out. route add -host 192.168.0.100 dev usb0 wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Steffen Barszus (Freitag, 20. Juni 2003 20:05) > I may be false, but I would set them all in one subnet. Of course the > PDA needs a seperate route then on the mdk. (something like 'route > add -host 192.168.0.100 netmask 255.255.255.255 dev usb0' ) Maybe > this works ? Desktop -- router 192.168.0.1 eth0 192.168.0.3 usb0 192.168.0.10 pda - usbf 192.168.0.100 On the desktop I set route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0 Now all devices are on one subnet and I can ping eth0 and usb0 from the pda. But not 192.168.0.1 or any outside IP. If I enter route add default gw 192.168.0.1 (which is the router) I get a "Destination host unreachable" Seems as if I now have the bridge between eth0 and usb0 but not the complete chain: usbf - usb0 - eth0 - router wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
Am Freitag, 20. Juni 2003 15:17 schrieb Wolfgang Bornath: > When I try to set 192.168.0.1 (Router) as gw for the pda I get a > "Network not reachable" message. > > What am I missing? > > wobo I may be false, but I would set them all in one subnet. Of course the PDA needs a seperate route then on the mdk. (something like 'route add -host 192.168.0.100 netmask 255.255.255.255 dev usb0' ) Maybe this works ? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
On Fri, 2003-06-20 at 09:16, Wolfgang Bornath wrote: ... > Conclusion is that eth0 and usb0 have to be in different subnets. > > wobo. If you want to route between two interfaces, they need to be on different networks. If you have two interfaces on the same network that need to pass traffic to/for each other, try looking into bridging. -- Jack Coates Monkeynoodle: A Scientific Venture... http://www.monkeynoodle.org/resume.html Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing with 2 different subnets
** Guy Van Sanden (Freitag, 20. Juni 2003 15:51) > It doesn't work because your on a different subnet from your router. Understood so far. > Your PDA can only reach machines on the 192.168.1 subnet. Right. > Instead, you could reconfigure the MDK machine to route between .0 > and .0 subnets. > So default route on the PDA should be 192.168.1.1 It is already. The packets are getting out to the internet. But they are not coming in. They got stuck at eth0 and are not transmitted to usb0. IOW: Packets go out from subnet .1 to subnet .0 to internet and come in from internet to subnet .0 but are not forwarded to subnet .1. I already tried and changed the usb0 to 192.168.0.10 and the usbf to 192.168.0.100 but then when I ping the pda from desktop it will not work because the machine wants to use eth0 instead of usb0. Conclusion is that eth0 and usb0 have to be in different subnets. wobo. -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Routing with 2 different subnets
Hello It doesn't work because your on a different subnet from your router. Your PDA can only reach machines on the 192.168.1 subnet. Instead, you could reconfigure the MDK machine to route between .0 and .0 subnets. So default route on the PDA should be 192.168.1.1 Kind regards Guy > Hi, > > I have a small problem with routing. > > 1. Connection to Internet via router --> 192.168.0.1 > > 2. MDK 9.1 with eth0 --> 192.168.0.3 > usb0 --> 192.168.1.1 > > 3. Linux PDA with usbf --> 192.168.1.2 > > Internet connection via eth0 via router is ok > Telnet/ftp connection from usb0 to usbf is ok > I can ping the pda from desktop and vice versa > > Internet access from pda via usbf - usb0 - eth0 - router is not working > (no DNS prob because when I ping an IP I get "Network not reachable". > In my gkrellm I see that the packets go from the pda via usbf, usb0 to > eth0 and out to the router. The packets come back from internet via > router and eth0 but don't go further to usb0 to get to usbf. > > In /etc/sysctl.conf: > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 # I tried '0' before, no success. > > route on MDK shows: > - > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usb0 > 192.168.0.0 * 255.255.255.0 U 0 00 eth0 > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.0.10.0.0.0 UG0 00 eth0 > > route on pda shows: > --- > Destination GatewayGenmask Flags Metric Ref Use Iface > 192.168.1.0 * 255.255.255.0 U 0 00 usbf > 127.0.0.0* 255.0.0.0 U 0 00 lo > default 192.168.1.10.0.0.0 UG0 00 usbf > > When I try to set 192.168.0.1 (Router) as gw for the pda I get a > "Network not reachable" message. > > What am I missing? > > wobo > -- > Public GnuPG key available at http://www.wolf-b.de/misc > > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Routing with 2 different subnets
Hi, I have a small problem with routing. 1. Connection to Internet via router --> 192.168.0.1 2. MDK 9.1 with eth0 --> 192.168.0.3 usb0 --> 192.168.1.1 3. Linux PDA with usbf --> 192.168.1.2 Internet connection via eth0 via router is ok Telnet/ftp connection from usb0 to usbf is ok I can ping the pda from desktop and vice versa Internet access from pda via usbf - usb0 - eth0 - router is not working (no DNS prob because when I ping an IP I get "Network not reachable". In my gkrellm I see that the packets go from the pda via usbf, usb0 to eth0 and out to the router. The packets come back from internet via router and eth0 but don't go further to usb0 to get to usbf. In /etc/sysctl.conf: # Controls IP packet forwarding net.ipv4.ip_forward = 1 # I tried '0' before, no success. route on MDK shows: - Destination GatewayGenmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 00 usb0 192.168.0.0 * 255.255.255.0 U 0 00 eth0 127.0.0.0* 255.0.0.0 U 0 00 lo default 192.168.0.10.0.0.0 UG0 00 eth0 route on pda shows: --- Destination GatewayGenmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 00 usbf 127.0.0.0* 255.0.0.0 U 0 00 lo default 192.168.1.10.0.0.0 UG0 00 usbf When I try to set 192.168.0.1 (Router) as gw for the pda I get a "Network not reachable" message. What am I missing? wobo -- Public GnuPG key available at http://www.wolf-b.de/misc Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 5 Mar 2003 17:00:36 -0800 Todd Lyons <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Adolfo Bello wrote on Wed, Mar 05, 2003 at 08:55:29PM -0400 : > > > > I should say that I never expected the kind of problem that you > > pointed out: somebody deleting his/her own subnet from the routing > > table. Definitely, I learned something today. > > In Mandrake (and RH), it's easily rectified with: > service network restart > because the ifup script adds a network route as part of its default > functionality. > > Of course if you're logged in remotely, that's not really an option, > however, crontab or at is your friend here. > > Blue skies... Todd Exactly... besides, it's quicker than typing "route add -net 192. netmask 255" Of course, the original poster hasn't come back to say there wasn't a more plausible *host route* either... :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adolfo Bello wrote on Wed, Mar 05, 2003 at 08:55:29PM -0400 : > > I should say that I never expected the kind of problem that you pointed > out: somebody deleting his/her own subnet from the routing table. > Definitely, I learned something today. In Mandrake (and RH), it's easily rectified with: service network restart because the ifup script adds a network route as part of its default functionality. Of course if you're logged in remotely, that's not really an option, however, crontab or at is your friend here. Blue skies... Todd - -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ Hey, I'm perfectly reasonable once you realize I'm right. -- John Buttery on Mutt Users ML Mandrake Cooker Devel Version, Kernel 2.4.21-0.11mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Zp20lp7v05cW2woRAo52AKCJ2TT+YyrZx/9HV+dkehoR5BET3QCfa8KS OJSF50i5YVn274N8ec90rgU= =3sUs -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 13:45, Pierre Fortin wrote: > But the route table might have a host route added... you're right that > no-one would deliberately delete their subnet route; but adding a host > route would give the same net result... I used the phrase "positively > confirm" -- the answer is no in this case if a host route is added... > > *My* point was that routing problems per se (not firewall related) are > best viewed with route than traceroute and/or ifconfig... I agree totally with you about this. But you also wanted to learn how to use ifconfig for a routing problem and I answered you :-) > > Anyway... the original poster is not forthcoming with the info... can we > assume that somewhere in the forest there was the sound of "Ooopsss... > Duh!" that we didn't hear? :^) I should say that I never expected the kind of problem that you pointed out: somebody deleting his/her own subnet from the routing table. Definitely, I learned something today. Saludos -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 13:45, Pierre Fortin wrote: > But the route table might have a host route added... you're right that > no-one would deliberately delete their subnet route; but adding a host > route would give the same net result... I used the phrase "positively > confirm" -- the answer is no in this case if a host route is added... > > *My* point was that routing problems per se (not firewall related) are > best viewed with route than traceroute and/or ifconfig... I agree totally with you about this. But you also wanted to learn how to use ifconfig for a routing problem and I answered you :-) > > Anyway... the original poster is not forthcoming with the info... can we > assume that somewhere in the forest there was the sound of "Ooopsss... > Duh!" that we didn't hear? :^) I should say that I never expected the kind of problem that you pointed out: somebody deleting his/her own subnet from the routing table. Definitely, I learned something today. Saludos -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On 05 Mar 2003 12:22:51 -0400 Adolfo Bello <[EMAIL PROTECTED]> wrote: > On Wed, 2003-03-05 at 11:48, Pierre Fortin wrote: > > > Here's a concrete example to illustrate my point -- NO changes were > > made which would be visible to ifconfig output... feel free to try it > > yourself... > > > > Here, routing is direct between the hosts... > > # route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref > > Use Iface > > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 > > 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 > > 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 > > 0 > > eth0 > > # traceroute bones > > traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte > > packets > > 1 www (192.168.1.100) 0.873 ms 0.315 ms 0.202 ms > > > > Here, the routing is through my gateway... sound like the original > > issue...? > > # route del -net 192.168.1.0 netmask 255.255.255.0 > > # route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref > > Use Iface > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 > > 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 > > 0 > > eth0 > > > > # traceroute bones > > traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte > > packets > > 1 r41 (192.168.1.1) 0.628 ms 3.133 ms 0.212 ms <-- > > 2 linux (192.168.1.100) 0.340 ms 0.603 ms 0.247 ms > > > > Working backwards without benefit of the above, can traceroute > > positively confirm the missing entry in "route"...? > > I would say that it can: one hop implies a direct connection, two or > more hops implies the connection is going through the gateway. > > However I get your point. But then again you have to manually delete the > destination subnet you belong to from the routing table. There are two > things that I asked to help this guy: the output of the traceroute > command from one box to the other (in your first example there is one > hop, then it is a direct connection). If for some reason there is more > than one hop, then either the boxes are in different subnets or you > manually delete the subnet you belong to, which I assumed that nobody > might. > But the route table might have a host route added... you're right that no-one would deliberately delete their subnet route; but adding a host route would give the same net result... I used the phrase "positively confirm" -- the answer is no in this case if a host route is added... *My* point was that routing problems per se (not firewall related) are best viewed with route than traceroute and/or ifconfig... Anyway... the original poster is not forthcoming with the info... can we assume that somewhere in the forest there was the sound of "Ooopsss... Duh!" that we didn't hear? :^) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 11:48, Pierre Fortin wrote: > Here's a concrete example to illustrate my point -- NO changes were made > which would be visible to ifconfig output... feel free to try it > yourself... > > Here, routing is direct between the hosts... > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse > Iface > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo > 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 > eth0 > # traceroute bones > traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte > packets > 1 www (192.168.1.100) 0.873 ms 0.315 ms 0.202 ms > > Here, the routing is through my gateway... sound like the original > issue...? > # route del -net 192.168.1.0 netmask 255.255.255.0 > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse > Iface > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo > 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 > eth0 > > # traceroute bones > traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte > packets > 1 r41 (192.168.1.1) 0.628 ms 3.133 ms 0.212 ms <-- > 2 linux (192.168.1.100) 0.340 ms 0.603 ms 0.247 ms > > Working backwards without benefit of the above, can traceroute positively > confirm the missing entry in "route"...? I would say that it can: one hop implies a direct connection, two or more hops implies the connection is going through the gateway. However I get your point. But then again you have to manually delete the destination subnet you belong to from the routing table. There are two things that I asked to help this guy: the output of the traceroute command from one box to the other (in your first example there is one hop, then it is a direct connection). If for some reason there is more than one hop, then either the boxes are in different subnets or you manually delete the subnet you belong to, which I assumed that nobody might. -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On 05 Mar 2003 10:46:39 -0400 Adolfo Bello <[EMAIL PROTECTED]> wrote: > On Wed, 2003-03-05 at 10:02, Pierre Fortin wrote: > > On 05 Mar 2003 09:50:02 -0400 Adolfo Bello <[EMAIL PROTECTED]> > > wrote: > > > > > On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > > > > OK... let's try again... for a start, can you give the output of > > > > "route-n" for each host? > > > > > > > > > > Or the output of "ifconfig eth0" for each box. > > ^^ > > I'm looking forward to learning how you discover a _routing_ problem > > from the output of ifconfig... :> > Answer: are the two boxes in the same subnet? Here's a concrete example to illustrate my point -- NO changes were made which would be visible to ifconfig output... feel free to try it yourself... Here, routing is direct between the hosts... # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 # traceroute bones traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte packets 1 www (192.168.1.100) 0.873 ms 0.315 ms 0.202 ms Here, the routing is through my gateway... sound like the original issue...? # route del -net 192.168.1.0 netmask 255.255.255.0 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 # traceroute bones traceroute to bones.pfortin.com (192.168.1.100), 30 hops max, 38 byte packets 1 r41 (192.168.1.1) 0.628 ms 3.133 ms 0.212 ms <-- 2 linux (192.168.1.100) 0.340 ms 0.603 ms 0.247 ms Working backwards without benefit of the above, can traceroute positively confirm the missing entry in "route"...? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 10:02, Pierre Fortin wrote: > On 05 Mar 2003 09:50:02 -0400 Adolfo Bello <[EMAIL PROTECTED]> wrote: > > > On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > > > OK... let's try again... for a start, can you give the output of > > > "route-n" for each host? > > > > > > > Or the output of "ifconfig eth0" for each box. > ^^ > I'm looking forward to learning how you discover a _routing_ problem from > the output of ifconfig... :> In theory, if the two boxes are the same subnet they communicate directly and don't even need a gateway to talk to each other. That's the reason why I asked for the output of ifconfig. An untrabasic routing problem. -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 10:02, Pierre Fortin wrote: > On 05 Mar 2003 09:50:02 -0400 Adolfo Bello <[EMAIL PROTECTED]> wrote: > > > On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > > > OK... let's try again... for a start, can you give the output of > > > "route-n" for each host? > > > > > > > Or the output of "ifconfig eth0" for each box. > ^^ > I'm looking forward to learning how you discover a _routing_ problem from > the output of ifconfig... :> Answer: are the two boxes in the same subnet? -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On 05 Mar 2003 09:50:02 -0400 Adolfo Bello <[EMAIL PROTECTED]> wrote: > On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > > OK... let's try again... for a start, can you give the output of > > "route-n" for each host? > > > > Or the output of "ifconfig eth0" for each box. ^^ I'm looking forward to learning how you discover a _routing_ problem from the output of ifconfig... :> Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > OK... let's try again... for a start, can you give the output of "route > -n" for each host? > Or the output of "ifconfig eth0" for each box. -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 08:55, Pierre Fortin wrote: > OK... let's try again... for a start, can you give the output of "route > -n" for each host? > > Somehow, I've always believed what a system tells me over what a user > tells me... :) I back this one, at least regarding to system config :-) -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Tue, 04 Mar 2003 21:13:47 -0800 Sevatio <[EMAIL PROTECTED]> wrote: > Pierre Fortin wrote: > > On Tue, 04 Mar 2003 20:35:06 -0800 Sevatio <[EMAIL PROTECTED]> wrote: > > > > > >>OS: Mandrake 9.0 > >> > >>I'm not sure if this is possible but I'll see if any of you guys know > >>how to do this. > >> > >>I have a cable modem connected to a hub. Then two linux boxes > >connected> > >>to that hub. They each have their own IP addresses. When I transfer > >>files from one to the other, the speed is limited by the speed of my > >>internet connection (which is around 256kbps). > >> > >>How do I make it so that my linux boxes can transfer files at the > >>maximum LAN speed of the hub? Or to rephrase: how do I route the > >>packets so that they don't have to go out to the internet and then > >come >back to the other pc but instead go straight through the hub from > >one pc> > >>to another? > > > > > > Are the IP addresses in the same subnet? What are the IP addresses > > _and_ netmasks on each* host? > > > > * asymmetric routing is a possibility if all hosts don't agree on > > their view of the subnet. > > > > > > Yes, same subnets (255.255.255.248) for both pcs. OK... let's try again... for a start, can you give the output of "route -n" for each host? Somehow, I've always believed what a system tells me over what a user tells me... :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Wed, 2003-03-05 at 01:13, Sevatio wrote: > Pierre Fortin wrote: > > On Tue, 04 Mar 2003 20:35:06 -0800 Sevatio <[EMAIL PROTECTED]> wrote: > > > > > >>OS: Mandrake 9.0 > >> > >>I'm not sure if this is possible but I'll see if any of you guys know > >>how to do this. > >> > >>I have a cable modem connected to a hub. Then two linux boxes connected > >> > >>to that hub. They each have their own IP addresses. When I transfer > >>files from one to the other, the speed is limited by the speed of my > >>internet connection (which is around 256kbps). > >> > >>How do I make it so that my linux boxes can transfer files at the > >>maximum LAN speed of the hub? Or to rephrase: how do I route the > >>packets so that they don't have to go out to the internet and then come > >>back to the other pc but instead go straight through the hub from one pc > >> > >>to another? > > > > > > Are the IP addresses in the same subnet? What are the IP addresses _and_ > > netmasks on each* host? > > > > * asymmetric routing is a possibility if all hosts don't agree on their > > view of the subnet. > > > > > > Yes, same subnets (255.255.255.248) for both pcs. Can you traceroute one box from the other and post the output? -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //cel: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager: www.tun-tun.com (# 609-6213) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
Pierre Fortin wrote: On Tue, 04 Mar 2003 20:35:06 -0800 Sevatio <[EMAIL PROTECTED]> wrote: OS: Mandrake 9.0 I'm not sure if this is possible but I'll see if any of you guys know how to do this. I have a cable modem connected to a hub. Then two linux boxes connected to that hub. They each have their own IP addresses. When I transfer files from one to the other, the speed is limited by the speed of my internet connection (which is around 256kbps). How do I make it so that my linux boxes can transfer files at the maximum LAN speed of the hub? Or to rephrase: how do I route the packets so that they don't have to go out to the internet and then come back to the other pc but instead go straight through the hub from one pc to another? Are the IP addresses in the same subnet? What are the IP addresses _and_ netmasks on each* host? * asymmetric routing is a possibility if all hosts don't agree on their view of the subnet. Yes, same subnets (255.255.255.248) for both pcs. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
Greg Meyer wrote: On Tuesday 04 March 2003 11:35 pm, Sevatio wrote: OS: Mandrake 9.0 I'm not sure if this is possible but I'll see if any of you guys know how to do this. I have a cable modem connected to a hub. Then two linux boxes connected to that hub. They each have their own IP addresses. When I transfer files from one to the other, the speed is limited by the speed of my internet connection (which is around 256kbps). How do I make it so that my linux boxes can transfer files at the maximum LAN speed of the hub? Or to rephrase: how do I route the packets so that they don't have to go out to the internet and then come back to the other pc but instead go straight through the hub from one pc to another? DO both boxes have public ip addrresses from your isp? One of those SOHO router/switches translating private addresses to public would allow this. Are you sure it is a hub, or is it a swtich? Yes, public ip addresses on each pc. The hub is just a dumb hub. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Tue, 4 Mar 2003 23:41:52 -0500 Greg Meyer <[EMAIL PROTECTED]> wrote: > On Tuesday 04 March 2003 11:35 pm, Sevatio wrote: > > OS: Mandrake 9.0 > > > > I'm not sure if this is possible but I'll see if any of you guys know > > how to do this. > > > > I have a cable modem connected to a hub. Then two linux boxes > > connected to that hub. They each have their own IP addresses. When I > > transfer files from one to the other, the speed is limited by the > > speed of my internet connection (which is around 256kbps). > > > > How do I make it so that my linux boxes can transfer files at the > > maximum LAN speed of the hub? Or to rephrase: how do I route the > > packets so that they don't have to go out to the internet and then > > come back to the other pc but instead go straight through the hub from > > one pc to another? > > > DO both boxes have public ip addrresses from your isp? One of those > SOHO router/switches translating private addresses to public would allow > this. Are you sure it is a hub, or is it a swtich? > The problem is most likely in the setup of the hosts. Hubs and plain switches operate at Layer 2 and this is a Layer 3 (routing) problem among the hosts -- they're probably not in the same subnet as viewed by EACH host. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Tue, 04 Mar 2003 20:35:06 -0800 Sevatio <[EMAIL PROTECTED]> wrote: > OS: Mandrake 9.0 > > I'm not sure if this is possible but I'll see if any of you guys know > how to do this. > > I have a cable modem connected to a hub. Then two linux boxes connected > > to that hub. They each have their own IP addresses. When I transfer > files from one to the other, the speed is limited by the speed of my > internet connection (which is around 256kbps). > > How do I make it so that my linux boxes can transfer files at the > maximum LAN speed of the hub? Or to rephrase: how do I route the > packets so that they don't have to go out to the internet and then come > back to the other pc but instead go straight through the hub from one pc > > to another? Are the IP addresses in the same subnet? What are the IP addresses _and_ netmasks on each* host? * asymmetric routing is a possibility if all hosts don't agree on their view of the subnet. > Thanks, > > Sevatio > > > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Routing Question
On Tuesday 04 March 2003 11:35 pm, Sevatio wrote: > OS: Mandrake 9.0 > > I'm not sure if this is possible but I'll see if any of you guys know > how to do this. > > I have a cable modem connected to a hub. Then two linux boxes connected > to that hub. They each have their own IP addresses. When I transfer > files from one to the other, the speed is limited by the speed of my > internet connection (which is around 256kbps). > > How do I make it so that my linux boxes can transfer files at the > maximum LAN speed of the hub? Or to rephrase: how do I route the > packets so that they don't have to go out to the internet and then come > back to the other pc but instead go straight through the hub from one pc > to another? > DO both boxes have public ip addrresses from your isp? One of those SOHO router/switches translating private addresses to public would allow this. Are you sure it is a hub, or is it a swtich? -- Greg Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Routing Question
OS: Mandrake 9.0 I'm not sure if this is possible but I'll see if any of you guys know how to do this. I have a cable modem connected to a hub. Then two linux boxes connected to that hub. They each have their own IP addresses. When I transfer files from one to the other, the speed is limited by the speed of my internet connection (which is around 256kbps). How do I make it so that my linux boxes can transfer files at the maximum LAN speed of the hub? Or to rephrase: how do I route the packets so that they don't have to go out to the internet and then come back to the other pc but instead go straight through the hub from one pc to another? Thanks, Sevatio Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] routing/DNS problems - wireless connection sharing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 28 November 2002 9:49 am, Praedor Tempus wrote: > I am getting mixed success with my wireless connection > sharing. I am finally figuring out certain aspects > that need to be handled to get it working but one > baffles me still. > > I get a modem connection on box 1 which is ad-hoc > wireless connected to box 2. After the connection, > box 1 can use the internet OK but box 2 doesn't get > DNS - it can only use the internet if IP addresses are > used while site names lead to unknown host messages. > > I have checked my routing tables and they are fine. I > also have iptables setup to NAT. I am just not able > to get name resolution on box 2 from box 2. At the > moment, to get it working I have had to manually add > the DNS IP on box 2 assigned by the modem connection. > > How do I get name resolution to work? I am not > running a local DNS (and would prefer not to). I > SHOULD be able to use the DNS settings of box 1 to get > name resolution on box 2. What settings need to be > looked at on which box to get this working? It HAS > worked before but I have no idea how/why - while now > it doesn't. > > My iptables-save output is: > > # Generated by iptables-save v1.2.5 on Thu Nov 28 > 10:45:49 2002 > *filter > > :INPUT ACCEPT [2753:2158267] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [3352:376728] > > -A INPUT -i eth0 -p udp -m udp --sport 68 --dport 67 > -j ACCEPT > -A INPUT -i eth0 -p tcp -m tcp --sport 68 --dport 67 > -j ACCEPT > -A INPUT -i eth0 -p udp -m udp --sport 67 --dport 68 > -j ACCEPT > -A INPUT -i eth0 -p tcp -m tcp --sport 67 --dport 68 > -j ACCEPT > -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT > -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A FORWARD -s 192.168.0.0/255.255.255.0 -j ACCEPT > -A FORWARD -i eth0 -j ACCEPT > -A FORWARD -m state --state RELATED,ESTABLISHED -j > ACCEPT > COMMIT > # Completed on Thu Nov 28 10:45:49 2002 > # Generated by iptables-save v1.2.5 on Thu Nov 28 > 10:45:49 2002 > *nat > > :PREROUTING ACCEPT [202:12816] > :POSTROUTING ACCEPT [464:37631] > :OUTPUT ACCEPT [468:37967] > > -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j > MASQUERADE > -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j > MASQUERADE > COMMIT > # Completed on Thu Nov 28 10:45:49 2002 > > My box 1 routing table contains: > > Kernel IP routing table > Destination Gateway Genmask Flags > Metric RefUse Iface > 128.211.132.5 0.0.0.0 255.255.255.255 UH > 0 00 ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U > 0 00 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U > 0 00 lo > 0.0.0.0 128.211.132.5 0.0.0.0 UG > 0 00 ppp0 > > Anyone have any wisdom to put forth? On box 2, how do > I setup DNS (with linuxconf?) Right now, I have box > 1's IP as its DNS (192.168.0.1). This is also its > gateway. > > praedor > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com What is in the resolv.conf on both boxes assuming that they are both *nix machines? YOu should have your dns information there. I had to setup /etc/resolv.conf on my PDA so that it could use the dns as well. - -- - Altoine B Maximum Time Unlimited Chicago Based and Operated http://pgp.mit.edu - 61. Yes, I chowned all the files to belong to pvcs. Is that a problem to you? --Top 100 things you don't want the sysadmin to say - 2.4.19-19nds Mandrake Linux release 9.1 (Cooker) for i586 - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE95mdoxjybQmhmUgYRAukJAJ47EYtev24GroMFLL1FRt8G2CXUeQCgsspH v8Bsxrf5AAVXf+eqEIalp84= =I6LJ -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] routing/DNS problems - wireless connection sharing
On Thu, Nov 28, 2002 at 07:49:05AM -0800, Praedor Tempus wrote: > How do I get name resolution to work? I am not > running a local DNS (and would prefer not to). I > SHOULD be able to use the DNS settings of box 1 to get > name resolution on box 2. What settings need to be > looked at on which box to get this working? It HAS > worked before but I have no idea how/why - while now > it doesn't. Give box 2 the address of box 1 as the DNS server. Set up the iptables on box 1 to forward DNS traffic from box 2 to box 1's DNS server. I think the responses should automatically go back to the right place as the masquerading kicks in. Be careful doing this: if you accidentally redirect too much traffic, you might end up redirecting DNS responses back to the DNS server. Which would be bad... It's a long time since I've poked IP tables, and I don't have a box to hand to experiment on, so I can't tell you to try particular commands. And I may be barking up completely the wrong approach anyway... -- Tommy Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] routing/DNS problems - wireless connection sharing
I am getting mixed success with my wireless connection sharing. I am finally figuring out certain aspects that need to be handled to get it working but one baffles me still. I get a modem connection on box 1 which is ad-hoc wireless connected to box 2. After the connection, box 1 can use the internet OK but box 2 doesn't get DNS - it can only use the internet if IP addresses are used while site names lead to unknown host messages. I have checked my routing tables and they are fine. I also have iptables setup to NAT. I am just not able to get name resolution on box 2 from box 2. At the moment, to get it working I have had to manually add the DNS IP on box 2 assigned by the modem connection. How do I get name resolution to work? I am not running a local DNS (and would prefer not to). I SHOULD be able to use the DNS settings of box 1 to get name resolution on box 2. What settings need to be looked at on which box to get this working? It HAS worked before but I have no idea how/why - while now it doesn't. My iptables-save output is: # Generated by iptables-save v1.2.5 on Thu Nov 28 10:45:49 2002 *filter :INPUT ACCEPT [2753:2158267] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3352:376728] -A INPUT -i eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 67 --dport 68 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i lo -j ACCEPT -A FORWARD -s 192.168.0.0/255.255.255.0 -j ACCEPT -A FORWARD -i eth0 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Thu Nov 28 10:45:49 2002 # Generated by iptables-save v1.2.5 on Thu Nov 28 10:45:49 2002 *nat :PREROUTING ACCEPT [202:12816] :POSTROUTING ACCEPT [464:37631] :OUTPUT ACCEPT [468:37967] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE COMMIT # Completed on Thu Nov 28 10:45:49 2002 My box 1 routing table contains: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 128.211.132.5 0.0.0.0 255.255.255.255 UH 0 00 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 128.211.132.5 0.0.0.0 UG 0 00 ppp0 Anyone have any wisdom to put forth? On box 2, how do I setup DNS (with linuxconf?) Right now, I have box 1's IP as its DNS (192.168.0.1). This is also its gateway. praedor __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Routing confusion !!! ????
Hello there Well I am a newbie in UNIX routing ... & yesterday I was reading a book that tell you how to turn your hosts into routers ... Well I have worked most of the time in windows environments ...so I was confused between the default gateway "address of the router in windows " & making your host with 2 network interfaces a router... what do we do when we run demons like routed & gated on our hosts ... do we use them to point to a router on our network or we use them to make our host a router ? the book sort of discuss both in a combine way so I am confused how do we enable ip forwarding thanks a lot Faisal ??? ???
RE: [expert] Routing Firewalls With Mandrake
The new program to do firewalling, masquerade, portforwarding etc is iptables (kernel 2.4). ipchains was used in kernel 2.2. I don't use any frontend to do my firewall settings I use the iptables command in a shell script. There are good howtos (netfilter-howto, nat-howto) on how to set up a packet filtering firewall and NAT (masquerading, port-forwarding, etc. at) on netfilter.filewatcher.org They are written by the guy who does the kernel programming of this stuff so they are accurate... Another node if you want to use ip_forwarding (routing, masquerading) on a redhat like system (this includes LM) you must set net.ipv4.ip_forward=yes in your /etc/sysctl.conf file... This took me quite a lot of time to figure out on my RH7.1 router. On 17-Jul-2001 Dalton Calford wrote: > I am looking for the best firewall configuration software for Mandrake > version 8. > The firewall that comes in the control panel is next to useless and the tech > support centre for mandrake told me that they do not support Bastille. > > What I am trying to do is this. > > I have two locations, Office1 and Office2 > both locations have a router that connects them to the internet and each has > 32 ip addresses. > The router at each location connects directly to a system we call a SAN > (system access node) so we have SAN1 at Office1 and SAN2 at Office2 > Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet > segment in the office. > eth0 connects to the router for the office and nothing else. > eth1 connects to the rest of the routable ip addresses and is a DMZ. > eth2 connects to the rest of the office workstations and uses a non-routable > ip block. > All traffic has to travel through the SAN in order to get to any other > ethernet segment. > The SAN acts as a NAT server for the non-routable ip addresses, and acts as a > intelligent firewall vs a simple filter for the DMZ machines. > The two SAN's need to set up a secure VPN between them extending the > non-routable block accross the two offices. > > The setup is a little more complex than that, but, if I can set that up, I > can extrapolate the rest. > > My problem is, I know that the firewalling and masqaurading rules have > changed between the 2.2 and 2.4 kernels. I am getting conflicting > instructions from the different books and how-to's depending on what is > newer. I have also found that mandrake makes some assumptions towards > security and configuration that conflict with some of the How-to's. > > I need to know, where can I find the how-to's that support Mandrake 8.0 and > address my design needs? > Is there a configuration tool that supports the design I require? > Has anyone else had any experience in this? > > Mandrake Tech support was useless, even with sitting on hold for 15 minutes > while the guy goes to ask someone else what NAT is. > > Although I have always supported Mandrake and bought the Prosuite Edition, I > am now regreting having spent the money for support that the company does not > really provide. > > best regards > > Dalton > -- E-Mail: Gregor Maier <[EMAIL PROTECTED]> Date: 18-Jul-2001 Time: 13:12:36 --
[expert] Routing Firewalls With Mandrake
I am looking for the best firewall configuration software for Mandrake version 8. The firewall that comes in the control panel is next to useless and the tech support centre for mandrake told me that they do not support Bastille. What I am trying to do is this. I have two locations, Office1 and Office2 both locations have a router that connects them to the internet and each has 32 ip addresses. The router at each location connects directly to a system we call a SAN (system access node) so we have SAN1 at Office1 and SAN2 at Office2 Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet segment in the office. eth0 connects to the router for the office and nothing else. eth1 connects to the rest of the routable ip addresses and is a DMZ. eth2 connects to the rest of the office workstations and uses a non-routable ip block. All traffic has to travel through the SAN in order to get to any other ethernet segment. The SAN acts as a NAT server for the non-routable ip addresses, and acts as a intelligent firewall vs a simple filter for the DMZ machines. The two SAN's need to set up a secure VPN between them extending the non-routable block accross the two offices. The setup is a little more complex than that, but, if I can set that up, I can extrapolate the rest. My problem is, I know that the firewalling and masqaurading rules have changed between the 2.2 and 2.4 kernels. I am getting conflicting instructions from the different books and how-to's depending on what is newer. I have also found that mandrake makes some assumptions towards security and configuration that conflict with some of the How-to's. I need to know, where can I find the how-to's that support Mandrake 8.0 and address my design needs? Is there a configuration tool that supports the design I require? Has anyone else had any experience in this? Mandrake Tech support was useless, even with sitting on hold for 15 minutes while the guy goes to ask someone else what NAT is. Although I have always supported Mandrake and bought the Prosuite Edition, I am now regreting having spent the money for support that the company does not really provide. best regards Dalton
Re: [expert] routing problem
Dan Swartzendruber wrote: > > you make some good points. on the other hand, my feeling is that > if he is going to configure this linux box as a router, it should > participate as a router. e.g. the routers on the respective network > segments should treat it as such - either with static routes to the > subnets or by running some dynamic protocol. Agreed. That's why I ended one posting (has ascii diagram) with: "BTW, you have no default route... so the LM8.0 machine will not pass traffic between NetA and NetB..." Maybe that was too subtle... :^) Pierre
Re: [expert] routing problem
you make some good points. on the other hand, my feeling is that if he is going to configure this linux box as a router, it should participate as a router. e.g. the routers on the respective network segments should treat it as such - either with static routes to the subnets or by running some dynamic protocol.
Re: [expert] routing problem
Yes, I agree. Discussion here of late have been interesting and informative. And without rancour! Let's try to keep it that way...Ian > Ian Cottrell wrote: > > > > Technically, true, but for all intents and purposes, on networks such as we > > commonly discuss here, default route=gateway of last restort. Easily > > justified oversimplification! (=: > > > > However, you are right and I will stop equating them in future > > messagesIan > > Glad you took it the way it was intended... I'm just trying to a) clarify > when I can, and b) provide mini-tutorials... I enjoy reading those msgs that > go a tad beyond the original question. > > Then again, my wife often complains I go into too much detail... "All I > wanted was a yes/no!" :^D > > Cheers, > Pierre > > > > Ian Cottrell wrote: > > > > > > > > Doug > > > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* > > > > files? > > > > As someone else pointed out, you are trying to use your 2 machines as > > > > gateways, which will not work. You need only one gateway defined, that > > > > being the default route or 'gateway of last resort'..Ian > > > > > > Ian, > > > > > > Not to get too picky; but since you seem to equate default route and gw of > > > last resort :^) > > > > > > Oversimplified: > > > > > > Default route: direction to send traffic when the target is not > > > "contained" within existing route table entries; usually to a specific gw > > > (just out say "eth0" requires proxy ARP). Actually, it is contained > > > within 0.0.0.0/0.0.0.0 > > > > > > Default network: "A router that is generating the default for a network > > > also may need a default of its own. One way of doing this is to specify a > > > static route to the network 0.0.0.0 through the appropriate router."** > > > > > > Gateway of last resort: not available to RIPv1 (only one choice -- > > > 0.0.0.0). With more complex routing protocols, "there might be several > > > networks that can be candidates for the system default. The router uses > > > both administrative distance and metric information to determine the > > > default route (gateway of last resort)."** As in: several default routes, > > > one of which is "last resort". > > > > > > ** See also: > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cipro > > > ute. htm#xtocid16743154 > > > > > > HTH, > > > Pierre > > -- > Support Linux development: http://www.linux-mandrake.com/donations/ > Last reboot reason: 01/03/27: winter storm 6hr power outage
Re: [expert] routing problem
Ian Cottrell wrote: > > Technically, true, but for all intents and purposes, on networks such as we > commonly discuss here, default route=gateway of last restort. Easily > justified oversimplification! (=: > > However, you are right and I will stop equating them in future > messagesIan Glad you took it the way it was intended... I'm just trying to a) clarify when I can, and b) provide mini-tutorials... I enjoy reading those msgs that go a tad beyond the original question. Then again, my wife often complains I go into too much detail... "All I wanted was a yes/no!" :^D Cheers, Pierre > > Ian Cottrell wrote: > > > > > > Doug > > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > > > As someone else pointed out, you are trying to use your 2 machines as > > > gateways, which will not work. You need only one gateway defined, that > > > being the default route or 'gateway of last resort'..Ian > > > > Ian, > > > > Not to get too picky; but since you seem to equate default route and gw of > > last resort :^) > > > > Oversimplified: > > > > Default route: direction to send traffic when the target is not "contained" > > within existing route table entries; usually to a specific gw (just out say > > "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 > > > > Default network: "A router that is generating the default for a network also > > may need a default of its own. One way of doing this is to specify a static > > route to the network 0.0.0.0 through the appropriate router."** > > > > Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). > > With more complex routing protocols, "there might be several networks that can > > be candidates for the system default. The router uses both administrative > > distance and metric information to determine the default route (gateway of > > last resort)."** As in: several default routes, one of which is "last > > resort". > > > > ** See also: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute. > > htm#xtocid16743154 > > > > HTH, > > Pierre -- Support Linux development: http://www.linux-mandrake.com/donations/ Last reboot reason: 01/03/27: winter storm 6hr power outage
Re: [expert] routing problem
Technically, true, but for all intents and purposes, on networks such as we commonly discuss here, default route=gateway of last restort. Easily justified oversimplification! (=: However, you are right and I will stop equating them in future messagesIan > Ian Cottrell wrote: > > > > Doug > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > > As someone else pointed out, you are trying to use your 2 machines as > > gateways, which will not work. You need only one gateway defined, that > > being the default route or 'gateway of last resort'..Ian > > Ian, > > Not to get too picky; but since you seem to equate default route and gw of > last resort :^) > > Oversimplified: > > Default route: direction to send traffic when the target is not "contained" > within existing route table entries; usually to a specific gw (just out say > "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 > > Default network: "A router that is generating the default for a network also > may need a default of its own. One way of doing this is to specify a static > route to the network 0.0.0.0 through the appropriate router."** > > Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). > With more complex routing protocols, "there might be several networks that can > be candidates for the system default. The router uses both administrative > distance and metric information to determine the default route (gateway of > last resort)."** As in: several default routes, one of which is "last > resort". > > ** See also: > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute. > htm#xtocid16743154 > > HTH, > Pierre
Re: [expert] routing problem
Ian Cottrell wrote: > > Doug > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > As someone else pointed out, you are trying to use your 2 machines as > gateways, which will not work. You need only one gateway defined, that > being the default route or 'gateway of last resort'..Ian Ian, Not to get too picky; but since you seem to equate default route and gw of last resort :^) Oversimplified: Default route: direction to send traffic when the target is not "contained" within existing route table entries; usually to a specific gw (just out say "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 Default network: "A router that is generating the default for a network also may need a default of its own. One way of doing this is to specify a static route to the network 0.0.0.0 through the appropriate router."** Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). With more complex routing protocols, "there might be several networks that can be candidates for the system default. The router uses both administrative distance and metric information to determine the default route (gateway of last resort)."** As in: several default routes, one of which is "last resort". ** See also: http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute.htm#xtocid16743154 HTH, Pierre
Re: [expert] routing problem
Dan Swartzendruber wrote: > > On Tue, 5 Jun 2001, Pierre Fortin wrote: > > > > > Assuming the routers are there to access Net[AB], you can turn on proxy ARP as > > Nathan suggested in his reply to simplify other host configuration requirements > > and reduce unnecessary router hops and resultant ICMP redirects. > > > > Proxy ARP -- a short course: when a host ARPs for a remote destination without > > trying to go thru a GW, a router which knows how to get to that destination will > > Proxy ARP reply allowing the host to send its packets to what it thinks is the > > destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the > > best route, just a viable route; but in your case, unless the topology is more > > complex, only the best router will reply since the other router would have to > > route packets back out the same interface they come in on... not what routers > > are 'trained' to do... > > i guess. i really don't like doing proxy arp, and it's almost never > necessary. Welll... there are some choices (a sampling): 1) define a gateway in all hosts. When a host wants to get to a remote host, it finds the gw in its table and ARPs for the gw, then sends the packets to the gw. 2) don't define gw in hosts. Let them ARP for the destination and any router(s) which knows how to get there (without routing back over the incoming interface) will respond. Now, lets look at some potential problems: In 1), what happens when the gw dies? What if there is an alternate gw? Are the gws configured to backup each other in the event one fails? If so, the backup router must take over the failing router's IP address, and maintain its own... In 2), the slowest ARP reply wins; in certain topologies, this can be extremely detrimental to traffic (we wrote an ARP responder circa 1988 so that a promiscuous server could late (~500ms) ARP-reply hosts with the proper proxy router's MAC). However, it simplifies host configs for alternate routing. [Proxy] ARP is local only; but it can help simplify some network configuration issues... There is no hard and fast rule for all networks; just a lot of reasoned compromises... Pierre PS: Yes I have negative opinions on certain protocols; but unlike proxy ARP, those "deserve" it.. :^D
Re: [expert] routing problem
Doug How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? As someone else pointed out, you are trying to use your 2 machines as gateways, which will not work. You need only one gateway defined, that being the default route or 'gateway of last resort'..Ian > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses > and netmasks, and found everything to be correct. > > From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I > can't reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the most > simple and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy > > >
Re: [expert] routing problem
On Tue, 5 Jun 2001, Pierre Fortin wrote: > > Assuming the routers are there to access Net[AB], you can turn on proxy ARP as > Nathan suggested in his reply to simplify other host configuration requirements > and reduce unnecessary router hops and resultant ICMP redirects. > > Proxy ARP -- a short course: when a host ARPs for a remote destination without > trying to go thru a GW, a router which knows how to get to that destination will > Proxy ARP reply allowing the host to send its packets to what it thinks is the > destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the > best route, just a viable route; but in your case, unless the topology is more > complex, only the best router will reply since the other router would have to > route packets back out the same interface they come in on... not what routers > are 'trained' to do... i guess. i really don't like doing proxy arp, and it's almost never necessary.
Re: [expert] routing problem
Doug Gough wrote: > > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses and >netmasks, and found everything to be correct. > > >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. >From your "cont'd" followup post: > Sorry, I forgot to say that I can ping the 10.10.0.0 network from the router. So... you can't *and* can. :> OK... here's the deal... you are pointing packets destined to 10.10.x.x at 10.10.90.99 *BUT* that router CAN'T route them if it has the same netmask 'cuz it would have to route them back out to the same segment... NetA---10.10.90.99---+---[eth0[LM8.0]eth1]---+---131.103.1.10---NetB | | 10.10.0.0 131.103.1.0 Instead, remove the GW entries which will allow the LM8.0 box to ARP request directly to the hosts (which are local) rather and *trying* to hop in/out of 10.10.90.99 or 131.103.1.10. Assuming the routers are there to access Net[AB], you can turn on proxy ARP as Nathan suggested in his reply to simplify other host configuration requirements and reduce unnecessary router hops and resultant ICMP redirects. Proxy ARP -- a short course: when a host ARPs for a remote destination without trying to go thru a GW, a router which knows how to get to that destination will Proxy ARP reply allowing the host to send its packets to what it thinks is the destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the best route, just a viable route; but in your case, unless the topology is more complex, only the best router will reply since the other router would have to route packets back out the same interface they come in on... not what routers are 'trained' to do... BTW, you have no default route... so the LM8.0 machine will not pass traffic between NetA and NetB... HTH, Pierre > I've read as much as I can find on the subject, undoubtebly missing the most simple >and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy
Re: [expert] routing problem
On Wed, 6 Jun 2001, Nathan Callahan wrote: > You have it set so that 131.103.1.10 and 10.10.90.99 are gateways. This > probably isn't what you want, as it means that these hosts are assumed > to be responsible for all traffic bound for their respective networks. > > If you remove the "gw x.x.x.x" parts from the respective routing tables, > it will probably work. i was wondering about that myself... > The other thing is that you may need to turn on "proxy arp" if you want > the computer to act as a bridge between these networks. This can be > done with > > echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp > > I think that this is only nessessary if you need the box to be > transparent (like a switch) and probably only if the machines on either > side don't know that they are on different networks. with different networks on each side, proxy arp is not his problem.
Re: [expert] routing problem
You have it set so that 131.103.1.10 and 10.10.90.99 are gateways. This probably isn't what you want, as it means that these hosts are assumed to be responsible for all traffic bound for their respective networks. If you remove the "gw x.x.x.x" parts from the respective routing tables, it will probably work. The other thing is that you may need to turn on "proxy arp" if you want the computer to act as a bridge between these networks. This can be done with echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp I think that this is only nessessary if you need the box to be transparent (like a switch) and probably only if the machines on either side don't know that they are on different networks. Regards, Nathan Callahan On Wednesday, June 6, 2001, at 09:33 AM, Doug Gough wrote: > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP > addresses and netmasks, and found everything to be correct. > > From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, > but I can't reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the > most simple and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy > > >
Re: [expert] routing problem
On Tue, 5 Jun 2001, Doug Gough wrote: > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses and >netmasks, and found everything to be correct. > > >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the most simple >and obvious :-) > > Any hints and help would be appreciated. sorry i came in the middle, so if someone has suggested this already, please forgive me. have you enabled IP forwarding?
[expert] routing problems cont.
Sorry, I forgot to say that I can ping the 10.10.0.0 network from the router. Thank You Doug Gough Computer Services Pacific Academy
[expert] routing problem
I'm not able to get my LM8.0 box to work as a router between to LANs. When it boots, I get a message saying IP forwarding is on. My routing table is very simple, using static routing as follows 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U0 0 0 lo It couldn't get much simpler. I have checked and rechecked the IP addresses and netmasks, and found everything to be correct. >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. I've read as much as I can find on the subject, undoubtebly missing the most simple and obvious :-) Any hints and help would be appreciated. Thank You Doug Gough Computer Services Pacific Academy
Re: [expert] routing.... how to setup simple routing.
checkout netfilter and iproute2, just saw a message on another list where they used netfilter to mark the packets according to destination, then used the iproute2 to route the packets according to the mark. Just might be what you're looking for -Dennis On Mon, 4 Jun 2001, Pierre Fortin wrote: > Franki wrote: > > > > Hi again peoples... > > > > I have discovered that our ADSL connection is in bridged mode, can't be > > changed and is the reason for the virtual IP's not listening on the net > > side... > > > > So, they tell me that the way around this, is to assign the IP's to internal > > machines, and route them through the gateway... > > > > I don't want any of our internal machines to have public IP's,,, > > > > So, I thougth, I know, I will put another linux box behind the gateway and > > have it listening for those IP's and have it routed though the gateway, then > > I can use portforwarding on that new box to connect to the internal > > machines. > > > > Then in a burst of thought (unusual for me :-) I thought, since the gateway > > has two network carts, eth0 (to the internet)h and eth1 (to the internal > > network), why can't I set the ip alises to eth1 and then route them through > > eth0 to allow connections to them over the net > > > > I think that will work and will solve my problems, but I am alittle unsure > > how to go about it... > > (never had to setup routing before, but was very plesently surprised how > > easy port forwarding was to setup, and I'm hoping that routing is the same.) > > > > So, say the eth0 internet gateway IP was 203.59.43.18 (its not but for > > discussion purposes it'll do) > > > > and eth1, the internal NIC is set to listen for 203.59.43.22, 23, 24 and 25 > > > > how would I setup routing so that those address's are routed through eth0??? > > By changing at least one IP address > > the last octet of each address is: > .18 = 00010010 > .22 = 00010110 > .23 = 00010111 > .24 = 00011000 > .25 = 00011001 > then, using masks like this: > (/28) = all boxes in same net > 1000 (/29) = 18,22,23 in one net; 24, 25 in other > 1100 (/30) = 3 subnets: 18; 23, 23; 24, 25 > > If .18 was changed to .1-.15 or .33-.254, a netmask of /28 would work (=2 > 14-host subnets); but the subnet sizes may conflict with your ISP. Since the > ISP connection is "bridged", you or other customers could interfere with each > other depending on the setup... To route internally, you would need: > 2 6-host subnets (16-address range) > 3 2-host subnets (12-address range) > > Starting to see where your ISP would be unhappy...? > > SO... how about some real addresses...? It may be that the addresses you were > assigned cannot be separated by a router. > > It may be that your ISP's policies/pricing could force you into using a real > router or a single IP and IPMasq... I think there is a way to setup Linux as a > bridge; but since your link is also bridged, you may not like the results. > > > any help would be seriously appreciated, if I don't work something out, they > > are going to insist that all the internal machines have public IP's > > something I REALLY don't want to do... > > So why do you have 5 IP addresses assigned vs 1+NAT (IPMasq)...? > > Pierre > > > please can anyone help me out here??? > > > > many thanks and kindest regards.. > > > > Frank > > Perth WA > > -- > Support Linux development: http://www.linux-mandrake.com/donations/ > Last reboot reason: 01/03/27: winter storm 6hr power outage >
Re: [expert] routing.... how to setup simple routing.
Sounds like ipchains would work here. Assign the outsideip#/port to insideip#/port. I believe redirect is the command to use. If you check the man pages they will explain how to use the redirect command. On Mon, 4 Jun 2001, Pierre Fortin wrote: > Franki wrote: > > > > Hi again peoples... > > > > I have discovered that our ADSL connection is in bridged mode, can't be > > changed and is the reason for the virtual IP's not listening on the net > > side... > > > > So, they tell me that the way around this, is to assign the IP's to internal > > machines, and route them through the gateway... > > > > I don't want any of our internal machines to have public IP's,,, > > > > So, I thougth, I know, I will put another linux box behind the gateway and > > have it listening for those IP's and have it routed though the gateway, then > > I can use portforwarding on that new box to connect to the internal > > machines. > > > > Then in a burst of thought (unusual for me :-) I thought, since the gateway > > has two network carts, eth0 (to the internet)h and eth1 (to the internal > > network), why can't I set the ip alises to eth1 and then route them through > > eth0 to allow connections to them over the net > > > > I think that will work and will solve my problems, but I am alittle unsure > > how to go about it... > > (never had to setup routing before, but was very plesently surprised how > > easy port forwarding was to setup, and I'm hoping that routing is the same.) > > > > So, say the eth0 internet gateway IP was 203.59.43.18 (its not but for > > discussion purposes it'll do) > > > > and eth1, the internal NIC is set to listen for 203.59.43.22, 23, 24 and 25 > > > > how would I setup routing so that those address's are routed through eth0??? > > By changing at least one IP address > > the last octet of each address is: > .18 = 00010010 > .22 = 00010110 > .23 = 00010111 > .24 = 00011000 > .25 = 00011001 > then, using masks like this: > (/28) = all boxes in same net > 1000 (/29) = 18,22,23 in one net; 24, 25 in other > 1100 (/30) = 3 subnets: 18; 23, 23; 24, 25 > > If .18 was changed to .1-.15 or .33-.254, a netmask of /28 would work (=2 > 14-host subnets); but the subnet sizes may conflict with your ISP. Since the > ISP connection is "bridged", you or other customers could interfere with each > other depending on the setup... To route internally, you would need: > 2 6-host subnets (16-address range) > 3 2-host subnets (12-address range) > > Starting to see where your ISP would be unhappy...? > > SO... how about some real addresses...? It may be that the addresses you were > assigned cannot be separated by a router. > > It may be that your ISP's policies/pricing could force you into using a real > router or a single IP and IPMasq... I think there is a way to setup Linux as a > bridge; but since your link is also bridged, you may not like the results. > > > any help would be seriously appreciated, if I don't work something out, they > > are going to insist that all the internal machines have public IP's > > something I REALLY don't want to do... > > So why do you have 5 IP addresses assigned vs 1+NAT (IPMasq)...? > > Pierre > > > please can anyone help me out here??? > > > > many thanks and kindest regards.. > > > > Frank > > Perth WA > > -- > Support Linux development: http://www.linux-mandrake.com/donations/ > Last reboot reason: 01/03/27: winter storm 6hr power outage >
Re: [expert] Routing / NAT problem
Nathan Callahan <[EMAIL PROTECTED]> wrote: > I've got a problem which must be solved by tomorrow. > > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. > > I cannot set up a VPN at the moment, it will be done in the near future. > > If anyone has a good clue on this one, please tell me. Do you have a linux box there with a 2.4 kernel? (OR a 2.2, for that matter). I can think of a couple of methods. 1 - a slightly modified NAT setup - go do a search for "Rusty's firewalling howto" (I think it was - not this rusty, someone else ;-), or look in the archives from April or May I think where I posted some actual urls. Those will tell you how to set up NAT - just modify the setup scripts to make the final destination 123.456.78.90 (as it were ;-) instead of anywhere. I think! ;-) 2 - use (open)ssh to set up the vpn until your 'real' vpn is ready (but then, once its set up, why bother 'fixing' something that ain't broke? ;-) Again, I've not had to do this, but there are plenty of good howto's out there. And I think I'd try this one first, as its been done before ;-) rc Rusty Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED] Voice: (480) 345-3621 SnailMail: Schlumberger ATE FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 ICBM: 33 20' 44"N 111 53' 47"W
Re: [expert] Routing / NAT problem
Nathan Callahan wrote: > > I've got a problem which must be solved by tomorrow. This reply does not constitute accepting the monkey... :^) > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. Are you saying packets from 192.168.(!100).* need to be re-routed to an impossible (n.456.n.n) address...? :> > I cannot set up a VPN at the moment, it will be done in the near future. You are looking for a NAT solution; sounds like you want a remote network segment to appear locally as 192.168.100.*... VPN requires work at the far end; so does GRE... might as well bite the bullet and do the work once... Pierre > If anyone has a good clue on this one, please tell me. > > Nathan Callahan
Re: [expert] routing.... how to setup simple routing.
Franki wrote: > > Hi again peoples... > > I have discovered that our ADSL connection is in bridged mode, can't be > changed and is the reason for the virtual IP's not listening on the net > side... > > So, they tell me that the way around this, is to assign the IP's to internal > machines, and route them through the gateway... > > I don't want any of our internal machines to have public IP's,,, > > So, I thougth, I know, I will put another linux box behind the gateway and > have it listening for those IP's and have it routed though the gateway, then > I can use portforwarding on that new box to connect to the internal > machines. > > Then in a burst of thought (unusual for me :-) I thought, since the gateway > has two network carts, eth0 (to the internet)h and eth1 (to the internal > network), why can't I set the ip alises to eth1 and then route them through > eth0 to allow connections to them over the net > > I think that will work and will solve my problems, but I am alittle unsure > how to go about it... > (never had to setup routing before, but was very plesently surprised how > easy port forwarding was to setup, and I'm hoping that routing is the same.) > > So, say the eth0 internet gateway IP was 203.59.43.18 (its not but for > discussion purposes it'll do) > > and eth1, the internal NIC is set to listen for 203.59.43.22, 23, 24 and 25 > > how would I setup routing so that those address's are routed through eth0??? By changing at least one IP address the last octet of each address is: .18 = 00010010 .22 = 00010110 .23 = 00010111 .24 = 00011000 .25 = 00011001 then, using masks like this: (/28) = all boxes in same net 1000 (/29) = 18,22,23 in one net; 24, 25 in other 1100 (/30) = 3 subnets: 18; 23, 23; 24, 25 If .18 was changed to .1-.15 or .33-.254, a netmask of /28 would work (=2 14-host subnets); but the subnet sizes may conflict with your ISP. Since the ISP connection is "bridged", you or other customers could interfere with each other depending on the setup... To route internally, you would need: 2 6-host subnets (16-address range) 3 2-host subnets (12-address range) Starting to see where your ISP would be unhappy...? SO... how about some real addresses...? It may be that the addresses you were assigned cannot be separated by a router. It may be that your ISP's policies/pricing could force you into using a real router or a single IP and IPMasq... I think there is a way to setup Linux as a bridge; but since your link is also bridged, you may not like the results. > any help would be seriously appreciated, if I don't work something out, they > are going to insist that all the internal machines have public IP's > something I REALLY don't want to do... So why do you have 5 IP addresses assigned vs 1+NAT (IPMasq)...? Pierre > please can anyone help me out here??? > > many thanks and kindest regards.. > > Frank > Perth WA -- Support Linux development: http://www.linux-mandrake.com/donations/ Last reboot reason: 01/03/27: winter storm 6hr power outage
Re: [expert] Routing / NAT problem
Thanks for the input. On Monday, June 4, 2001, at 10:26 PM, Randy Kramer wrote: > This is probably a bad clue, but I thought I'd throw it out and see if > it might be workable: How about adding a line to your routing table to > set up the internet address (123.456.78.90) as a gateway to subnet > 192.168.100.0/24? Tried that, didn't work. Unfortunately the pack is not translated for the new network and gets thrown out onto the net as a packet bound for 192.168.100.?... Not good. I have actually got the answer now, I think. What I need to do is masquerade the packet, then port forward it to the port that it came in on, on the target host. ipchains can't do this, but someone put me onto ipmasqadm, which looks like it can. iptables can do it too, but the gateway in question is running a 2.2 kernel. Thanks people. If anyone notices a glaring flaw in my logic, feel free to put it out. > I can't tell you more about how to do it -- is there a command like > addroute or routeadd, or can you do this in netconf? > > And, I don't know if it will work, > > And, if it does work to get the packets there, I'm not sure that the > internet machines will do something useful with them or just attempt to > send them back to you (or /dev/null). > > Sorry, I know I'm not being real helpful, more curious than anything, > Randy Kramer > Nathan Callahan wrote: >> >> I've got a problem which must be solved by tomorrow. >> >> I need to be able to take all packets bound for a particular local >> subnet (eg 192.168.100.0/24) and instead send them off (probably using >> GRE encapsulation) to an internet address (eg 123.456.78.90) instead. >> >> I cannot set up a VPN at the moment, it will be done in the near >> future. >> >> If anyone has a good clue on this one, please tell me. >> >> Nathan Callahan >
Re: [expert] Routing / NAT problem
This is probably a bad clue, but I thought I'd throw it out and see if it might be workable: How about adding a line to your routing table to set up the internet address (123.456.78.90) as a gateway to subnet 192.168.100.0/24? I can't tell you more about how to do it -- is there a command like addroute or routeadd, or can you do this in netconf? And, I don't know if it will work, And, if it does work to get the packets there, I'm not sure that the internet machines will do something useful with them or just attempt to send them back to you (or /dev/null). Sorry, I know I'm not being real helpful, more curious than anything, Randy Kramer Nathan Callahan wrote: > > I've got a problem which must be solved by tomorrow. > > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. > > I cannot set up a VPN at the moment, it will be done in the near future. > > If anyone has a good clue on this one, please tell me. > > Nathan Callahan
[expert] routing.... how to setup simple routing.
Hi again peoples... I have discovered that our ADSL connection is in bridged mode, can't be changed and is the reason for the virtual IP's not listening on the net side... So, they tell me that the way around this, is to assign the IP's to internal machines, and route them through the gateway... I don't want any of our internal machines to have public IP's,,, So, I thougth, I know, I will put another linux box behind the gateway and have it listening for those IP's and have it routed though the gateway, then I can use portforwarding on that new box to connect to the internal machines. Then in a burst of thought (unusual for me :-) I thought, since the gateway has two network carts, eth0 (to the internet)h and eth1 (to the internal network), why can't I set the ip alises to eth1 and then route them through eth0 to allow connections to them over the net I think that will work and will solve my problems, but I am alittle unsure how to go about it... (never had to setup routing before, but was very plesently surprised how easy port forwarding was to setup, and I'm hoping that routing is the same.) So, say the eth0 internet gateway IP was 203.59.43.18 (its not but for discussion purposes it'll do) and eth1, the internal NIC is set to listen for 203.59.43.22, 23, 24 and 25 how would I setup routing so that those address's are routed through eth0??? any help would be seriously appreciated, if I don't work something out, they are going to insist that all the internal machines have public IP's something I REALLY don't want to do... please can anyone help me out here??? many thanks and kindest regards.. Frank Perth WA
[expert] Routing / NAT problem
I've got a problem which must be solved by tomorrow. I need to be able to take all packets bound for a particular local subnet (eg 192.168.100.0/24) and instead send them off (probably using GRE encapsulation) to an internet address (eg 123.456.78.90) instead. I cannot set up a VPN at the moment, it will be done in the near future. If anyone has a good clue on this one, please tell me. Nathan Callahan
[expert] Routing
Hello there! I ´m trying to configure a LAN router using linux with statics routes. The idea is to route between token ring an Fast-Ethernet subnets. My configuration is the following: 1 PC with two cards, one token ring card (IBM auto 16/4) and one fast ethernet (3com 3c905c). I installed Mandrake and loaded the corresponding modules without trouble. The card configuration is the following: route add 172.19.15.0 netmask 255.255.255.0 172.19.15.158 up (for eth0) route add 172.19.16.0 netmask 255.255.255.0 172.19.16.1 up (for tr0) I had also set: echo 1 > /proc/sys/net/ipv4/ip_forward The problem is that I can see from the ethernet subnet the token ring card of Linux, but only this card, not the rest of the machines under the token ring subnet, and viceversa, from token ring I receive an ICMP reply from the eth0 card of the Linux server but none of the machines under the ethernet subnet. Does it needs same parameter to make the internal routing between eth0 to tr0 and viceversa ?. Other problem is that when I configure the tr0 card, I try to set a mask of 255/24 but it doen´t take this parameter because when I check it whith ifconfig i get a mask of 255/16. Any idea ?, ..with eth0 I don´t have any problem related like this one. Thanks in advance for some help. Jorge Carminati.
Re: [expert] Routing + multiple nics
You have to enable routing with a sysctl in /proc I think. Can't exactly recall. In any case, you could do bridging too. Check your make xconfig for the network section. "Ji-Haw, Foo" <[EMAIL PROTECTED]> said: > you have to enable ip forwarding when you recompile your kernel. check that > in your make config. > > regards, > > Foo Ji-Haw ([EMAIL PROTECTED]) > T-Nova > raum 6067 > extension 3466 > > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, September 14, 1999 11:33 AM > Subject: [expert] Routing + multiple nics > > > > > > > > how do u configure the routing table to move all traffic from one nic to > the > > other and vice versa? I'm setting up a network traffic system where we > need to > > capture data going from our WAN to our LAN and vice versa. In short the > linux > > box is only suppose to route between eth0 and eth1 while eth2 is used for > > telnetting. > > > > i've put in route add -net eth0 and route > add > > -net eth1 it still doesn't route any > traffic > > between nics. > > > > I'm using 2 3C509 and 1 3C905 nic. All the cards are up and running. > > > > > -- Rudd-O Jefe de operaciones Alpha Omega Creative Solutions
Re: [expert] Routing + multiple nics
you have to enable ip forwarding when you recompile your kernel. check that in your make config. regards, Foo Ji-Haw ([EMAIL PROTECTED]) T-Nova raum 6067 extension 3466 - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 14, 1999 11:33 AM Subject: [expert] Routing + multiple nics > > > how do u configure the routing table to move all traffic from one nic to the > other and vice versa? I'm setting up a network traffic system where we need to > capture data going from our WAN to our LAN and vice versa. In short the linux > box is only suppose to route between eth0 and eth1 while eth2 is used for > telnetting. > > i've put in route add -net eth0 and route add > -net eth1 it still doesn't route any traffic > between nics. > > I'm using 2 3C509 and 1 3C905 nic. All the cards are up and running. > >
[expert] Routing + multiple nics
how do u configure the routing table to move all traffic from one nic to the other and vice versa? I'm setting up a network traffic system where we need to capture data going from our WAN to our LAN and vice versa. In short the linux box is only suppose to route between eth0 and eth1 while eth2 is used for telnetting. i've put in route add -net eth0 and route add -net eth1 it still doesn't route any traffic between nics. I'm using 2 3C509 and 1 3C905 nic. All the cards are up and running.
Re: [expert] routing and my network
duncan hall wrote: > > Hi, > > I have a linux server at a clients office that is connected to their > network but not to the internet. I can dial into the linux server on > their network and telnet and browse that server from my linux server in > my office. > > What I want to be able to do is enable some sort of routing so that when > I am dialed into the linux server at my clients office it can be seen by > all of the computers on my local network. > > How can I do this? > > Dunc Follow the IP Forwarding advice given on the list earlier in the week. That'll allow clients on your local network to use you as a gateway to the remote network. -- Steve Philp Network Administrator Advance Packaging Corp. [EMAIL PROTECTED]
[expert] routing and my network
Hi, I have a linux server at a clients office that is connected to their network but not to the internet. I can dial into the linux server on their network and telnet and browse that server from my linux server in my office. What I want to be able to do is enable some sort of routing so that when I am dialed into the linux server at my clients office it can be seen by all of the computers on my local network. How can I do this? Dunc
