Re: [expert] routing problem
Dan Swartzendruber wrote: > > you make some good points. on the other hand, my feeling is that > if he is going to configure this linux box as a router, it should > participate as a router. e.g. the routers on the respective network > segments should treat it as such - either with static routes to the > subnets or by running some dynamic protocol. Agreed. That's why I ended one posting (has ascii diagram) with: "BTW, you have no default route... so the LM8.0 machine will not pass traffic between NetA and NetB..." Maybe that was too subtle... :^) Pierre
Re: [expert] routing problem
you make some good points. on the other hand, my feeling is that if he is going to configure this linux box as a router, it should participate as a router. e.g. the routers on the respective network segments should treat it as such - either with static routes to the subnets or by running some dynamic protocol.
Re: [expert] routing problem
Yes, I agree. Discussion here of late have been interesting and informative. And without rancour! Let's try to keep it that way...Ian > Ian Cottrell wrote: > > > > Technically, true, but for all intents and purposes, on networks such as we > > commonly discuss here, default route=gateway of last restort. Easily > > justified oversimplification! (=: > > > > However, you are right and I will stop equating them in future > > messagesIan > > Glad you took it the way it was intended... I'm just trying to a) clarify > when I can, and b) provide mini-tutorials... I enjoy reading those msgs that > go a tad beyond the original question. > > Then again, my wife often complains I go into too much detail... "All I > wanted was a yes/no!" :^D > > Cheers, > Pierre > > > > Ian Cottrell wrote: > > > > > > > > Doug > > > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* > > > > files? > > > > As someone else pointed out, you are trying to use your 2 machines as > > > > gateways, which will not work. You need only one gateway defined, that > > > > being the default route or 'gateway of last resort'..Ian > > > > > > Ian, > > > > > > Not to get too picky; but since you seem to equate default route and gw of > > > last resort :^) > > > > > > Oversimplified: > > > > > > Default route: direction to send traffic when the target is not > > > "contained" within existing route table entries; usually to a specific gw > > > (just out say "eth0" requires proxy ARP). Actually, it is contained > > > within 0.0.0.0/0.0.0.0 > > > > > > Default network: "A router that is generating the default for a network > > > also may need a default of its own. One way of doing this is to specify a > > > static route to the network 0.0.0.0 through the appropriate router."** > > > > > > Gateway of last resort: not available to RIPv1 (only one choice -- > > > 0.0.0.0). With more complex routing protocols, "there might be several > > > networks that can be candidates for the system default. The router uses > > > both administrative distance and metric information to determine the > > > default route (gateway of last resort)."** As in: several default routes, > > > one of which is "last resort". > > > > > > ** See also: > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cipro > > > ute. htm#xtocid16743154 > > > > > > HTH, > > > Pierre > > -- > Support Linux development: http://www.linux-mandrake.com/donations/ > Last reboot reason: 01/03/27: winter storm 6hr power outage
Re: [expert] routing problem
Ian Cottrell wrote: > > Technically, true, but for all intents and purposes, on networks such as we > commonly discuss here, default route=gateway of last restort. Easily > justified oversimplification! (=: > > However, you are right and I will stop equating them in future > messagesIan Glad you took it the way it was intended... I'm just trying to a) clarify when I can, and b) provide mini-tutorials... I enjoy reading those msgs that go a tad beyond the original question. Then again, my wife often complains I go into too much detail... "All I wanted was a yes/no!" :^D Cheers, Pierre > > Ian Cottrell wrote: > > > > > > Doug > > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > > > As someone else pointed out, you are trying to use your 2 machines as > > > gateways, which will not work. You need only one gateway defined, that > > > being the default route or 'gateway of last resort'..Ian > > > > Ian, > > > > Not to get too picky; but since you seem to equate default route and gw of > > last resort :^) > > > > Oversimplified: > > > > Default route: direction to send traffic when the target is not "contained" > > within existing route table entries; usually to a specific gw (just out say > > "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 > > > > Default network: "A router that is generating the default for a network also > > may need a default of its own. One way of doing this is to specify a static > > route to the network 0.0.0.0 through the appropriate router."** > > > > Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). > > With more complex routing protocols, "there might be several networks that can > > be candidates for the system default. The router uses both administrative > > distance and metric information to determine the default route (gateway of > > last resort)."** As in: several default routes, one of which is "last > > resort". > > > > ** See also: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute. > > htm#xtocid16743154 > > > > HTH, > > Pierre -- Support Linux development: http://www.linux-mandrake.com/donations/ Last reboot reason: 01/03/27: winter storm 6hr power outage
Re: [expert] routing problem
Technically, true, but for all intents and purposes, on networks such as we commonly discuss here, default route=gateway of last restort. Easily justified oversimplification! (=: However, you are right and I will stop equating them in future messagesIan > Ian Cottrell wrote: > > > > Doug > > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > > As someone else pointed out, you are trying to use your 2 machines as > > gateways, which will not work. You need only one gateway defined, that > > being the default route or 'gateway of last resort'..Ian > > Ian, > > Not to get too picky; but since you seem to equate default route and gw of > last resort :^) > > Oversimplified: > > Default route: direction to send traffic when the target is not "contained" > within existing route table entries; usually to a specific gw (just out say > "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 > > Default network: "A router that is generating the default for a network also > may need a default of its own. One way of doing this is to specify a static > route to the network 0.0.0.0 through the appropriate router."** > > Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). > With more complex routing protocols, "there might be several networks that can > be candidates for the system default. The router uses both administrative > distance and metric information to determine the default route (gateway of > last resort)."** As in: several default routes, one of which is "last > resort". > > ** See also: > http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute. > htm#xtocid16743154 > > HTH, > Pierre
Re: [expert] routing problem
Ian Cottrell wrote: > > Doug > How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? > As someone else pointed out, you are trying to use your 2 machines as > gateways, which will not work. You need only one gateway defined, that > being the default route or 'gateway of last resort'..Ian Ian, Not to get too picky; but since you seem to equate default route and gw of last resort :^) Oversimplified: Default route: direction to send traffic when the target is not "contained" within existing route table entries; usually to a specific gw (just out say "eth0" requires proxy ARP). Actually, it is contained within 0.0.0.0/0.0.0.0 Default network: "A router that is generating the default for a network also may need a default of its own. One way of doing this is to specify a static route to the network 0.0.0.0 through the appropriate router."** Gateway of last resort: not available to RIPv1 (only one choice -- 0.0.0.0). With more complex routing protocols, "there might be several networks that can be candidates for the system default. The router uses both administrative distance and metric information to determine the default route (gateway of last resort)."** As in: several default routes, one of which is "last resort". ** See also: http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/ciproute.htm#xtocid16743154 HTH, Pierre
Re: [expert] routing problem
Dan Swartzendruber wrote: > > On Tue, 5 Jun 2001, Pierre Fortin wrote: > > > > > Assuming the routers are there to access Net[AB], you can turn on proxy ARP as > > Nathan suggested in his reply to simplify other host configuration requirements > > and reduce unnecessary router hops and resultant ICMP redirects. > > > > Proxy ARP -- a short course: when a host ARPs for a remote destination without > > trying to go thru a GW, a router which knows how to get to that destination will > > Proxy ARP reply allowing the host to send its packets to what it thinks is the > > destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the > > best route, just a viable route; but in your case, unless the topology is more > > complex, only the best router will reply since the other router would have to > > route packets back out the same interface they come in on... not what routers > > are 'trained' to do... > > i guess. i really don't like doing proxy arp, and it's almost never > necessary. Welll... there are some choices (a sampling): 1) define a gateway in all hosts. When a host wants to get to a remote host, it finds the gw in its table and ARPs for the gw, then sends the packets to the gw. 2) don't define gw in hosts. Let them ARP for the destination and any router(s) which knows how to get there (without routing back over the incoming interface) will respond. Now, lets look at some potential problems: In 1), what happens when the gw dies? What if there is an alternate gw? Are the gws configured to backup each other in the event one fails? If so, the backup router must take over the failing router's IP address, and maintain its own... In 2), the slowest ARP reply wins; in certain topologies, this can be extremely detrimental to traffic (we wrote an ARP responder circa 1988 so that a promiscuous server could late (~500ms) ARP-reply hosts with the proper proxy router's MAC). However, it simplifies host configs for alternate routing. [Proxy] ARP is local only; but it can help simplify some network configuration issues... There is no hard and fast rule for all networks; just a lot of reasoned compromises... Pierre PS: Yes I have negative opinions on certain protocols; but unlike proxy ARP, those "deserve" it.. :^D
Re: [expert] routing problem
Doug How about posting your /etc/sysconfig/network-scripts/ifcfg-eth* files? As someone else pointed out, you are trying to use your 2 machines as gateways, which will not work. You need only one gateway defined, that being the default route or 'gateway of last resort'..Ian > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses > and netmasks, and found everything to be correct. > > From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I > can't reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the most > simple and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy > > >
Re: [expert] routing problem
On Tue, 5 Jun 2001, Pierre Fortin wrote: > > Assuming the routers are there to access Net[AB], you can turn on proxy ARP as > Nathan suggested in his reply to simplify other host configuration requirements > and reduce unnecessary router hops and resultant ICMP redirects. > > Proxy ARP -- a short course: when a host ARPs for a remote destination without > trying to go thru a GW, a router which knows how to get to that destination will > Proxy ARP reply allowing the host to send its packets to what it thinks is the > destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the > best route, just a viable route; but in your case, unless the topology is more > complex, only the best router will reply since the other router would have to > route packets back out the same interface they come in on... not what routers > are 'trained' to do... i guess. i really don't like doing proxy arp, and it's almost never necessary.
Re: [expert] routing problem
Doug Gough wrote: > > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses and >netmasks, and found everything to be correct. > > >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. >From your "cont'd" followup post: > Sorry, I forgot to say that I can ping the 10.10.0.0 network from the router. So... you can't *and* can. :> OK... here's the deal... you are pointing packets destined to 10.10.x.x at 10.10.90.99 *BUT* that router CAN'T route them if it has the same netmask 'cuz it would have to route them back out to the same segment... NetA---10.10.90.99---+---[eth0[LM8.0]eth1]---+---131.103.1.10---NetB | | 10.10.0.0 131.103.1.0 Instead, remove the GW entries which will allow the LM8.0 box to ARP request directly to the hosts (which are local) rather and *trying* to hop in/out of 10.10.90.99 or 131.103.1.10. Assuming the routers are there to access Net[AB], you can turn on proxy ARP as Nathan suggested in his reply to simplify other host configuration requirements and reduce unnecessary router hops and resultant ICMP redirects. Proxy ARP -- a short course: when a host ARPs for a remote destination without trying to go thru a GW, a router which knows how to get to that destination will Proxy ARP reply allowing the host to send its packets to what it thinks is the destination (hence "proxy"). Note that a Proxy ARP reply is no guarantee of the best route, just a viable route; but in your case, unless the topology is more complex, only the best router will reply since the other router would have to route packets back out the same interface they come in on... not what routers are 'trained' to do... BTW, you have no default route... so the LM8.0 machine will not pass traffic between NetA and NetB... HTH, Pierre > I've read as much as I can find on the subject, undoubtebly missing the most simple >and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy
Re: [expert] routing problem
On Wed, 6 Jun 2001, Nathan Callahan wrote: > You have it set so that 131.103.1.10 and 10.10.90.99 are gateways. This > probably isn't what you want, as it means that these hosts are assumed > to be responsible for all traffic bound for their respective networks. > > If you remove the "gw x.x.x.x" parts from the respective routing tables, > it will probably work. i was wondering about that myself... > The other thing is that you may need to turn on "proxy arp" if you want > the computer to act as a bridge between these networks. This can be > done with > > echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp > > I think that this is only nessessary if you need the box to be > transparent (like a switch) and probably only if the machines on either > side don't know that they are on different networks. with different networks on each side, proxy arp is not his problem.
Re: [expert] routing problem
You have it set so that 131.103.1.10 and 10.10.90.99 are gateways. This probably isn't what you want, as it means that these hosts are assumed to be responsible for all traffic bound for their respective networks. If you remove the "gw x.x.x.x" parts from the respective routing tables, it will probably work. The other thing is that you may need to turn on "proxy arp" if you want the computer to act as a bridge between these networks. This can be done with echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp I think that this is only nessessary if you need the box to be transparent (like a switch) and probably only if the machines on either side don't know that they are on different networks. Regards, Nathan Callahan On Wednesday, June 6, 2001, at 09:33 AM, Doug Gough wrote: > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP > addresses and netmasks, and found everything to be correct. > > From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, > but I can't reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the > most simple and obvious :-) > > Any hints and help would be appreciated. > > Thank You > Doug Gough > Computer Services > Pacific Academy > > >
Re: [expert] routing problem
On Tue, 5 Jun 2001, Doug Gough wrote: > I'm not able to get my LM8.0 box to work as a router between to LANs. > > When it boots, I get a message saying IP forwarding is on. > > My routing table is very simple, using static routing as follows > > 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 > 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U0 0 0 lo > > It couldn't get much simpler. I have checked and rechecked the IP addresses and >netmasks, and found everything to be correct. > > >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. > > I've read as much as I can find on the subject, undoubtebly missing the most simple >and obvious :-) > > Any hints and help would be appreciated. sorry i came in the middle, so if someone has suggested this already, please forgive me. have you enabled IP forwarding?
[expert] routing problem
I'm not able to get my LM8.0 box to work as a router between to LANs. When it boots, I get a message saying IP forwarding is on. My routing table is very simple, using static routing as follows 131.103.1.0 131.103.1.10255.255.255.0 UG 0 0 0 eth1 10.10.0.0 10.10.90.99 255.255.0.0 UG 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U0 0 0 lo It couldn't get much simpler. I have checked and rechecked the IP addresses and netmasks, and found everything to be correct. >From the 131.103.1.0 network, I can ping 131.103.1.10 and 10.10.90.99, but I can't >reach anything else on the 10.10.0.0 network. I've read as much as I can find on the subject, undoubtebly missing the most simple and obvious :-) Any hints and help would be appreciated. Thank You Doug Gough Computer Services Pacific Academy
