LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-12-2004, 05:20 PM   #1
bper
Member
 
Registered: Oct 2003
Posts: 64

Rep: Reputation: 15
Can't connect to internet from RH9 through RH9


Ultimately, I need a RH9 machine (m1) to connect to the internet through another RH9 machine (m2) which acts as a firewall. m2 is connected directly to an smc router which connects to my dsl modem. m1 and m2 are connected by a linksys router.

I can connect directly to the internet from m2 by pinging an outside ip address. I can also ping m2 from m1. But I cannot ping an outside ip address from m1.

My route tables look something like this:

m2:
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
default smc 0.0.0.0 UG 0 0 0 eth1

The first line is an internal subnet on which m1 and m2 connect via linksys.
The second is the outside-world subnet connecting m2 via smc to the dsl modem.
(There are some intervening lines which should not intercept anything.)

m1:
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.2.0 m2 255.255.255.0 U 0 0 0 eth0
default m2 0.0.0.0 UG 0 0 0 eth0

/etc/hosts seems to have the correct names and addresses on m1 and m2.

From a browser on m1, trying to connect to a website times out. Pinging a web site address from m1 just hangs.

Any help that you can give would be appreciated greatly.
 
Old 02-12-2004, 06:50 PM   #2
g-rod
Member
 
Registered: Dec 2003
Location: Long Island, NY USA
Distribution: RedHat, SUSE
Posts: 336

Rep: Reputation: 30
Not sure why you just don't connect both machines to the Linksys route but you problably have a reason. You need to make sure that m2 has ip_forwarding enabled and iptables allows connections from m1 to be forwarded, and the lynksys route has routing entries for the 10.0.1.0/24 network.

1) Linysys Routing - Connect to the router and go to the static routes table on advances settings and add the route to the destination LAN IP 10.0.1.0 Netmask 255.255.255.0 default gateway is the ip address of m2
2) Remove the 192.168.2.x address from m1
3) enable forwarding on m2 with the following
echo 1 >/proc/sys/net/ipv4/ip_forward;
To make perm edit /etc/sysctl and add the line sys.net.ipv4.ip_forward=1
4) On m2 open up iptables for forwarding connection to the m1 subnet run
iptabes -I FORWARD -s 192.168.2.0/24 -j ACCEPT
iptabes -I FORWARD -d 192.168.2.0/24 -j ACCEPT

Or just plug m1 into the Linksys router.
 
Old 02-12-2004, 08:04 PM   #3
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Thanks for responding so quickly, and for your suggestions (youíre in NY Ė very close!).

I added the static route on Linksys and removed the 192.168.2.x address from m1 as you suggested in 1) and 2) above. The value in ip_forward was already 1 (and already permanently set in sysctl.conf ).

Without iptables rules in effect I still experienced the problem so I didnít try your rules suggestion. My iptables rules look a little different, but I believe that they have the same effect as your suggestion.

Is there anything else that may be wrong? Thanks again for your help and insight!
 
Old 02-13-2004, 06:46 AM   #4
g-rod
Member
 
Registered: Dec 2003
Location: Long Island, NY USA
Distribution: RedHat, SUSE
Posts: 336

Rep: Reputation: 30
----------------- --------- -------- ==== --------------- ===
| INTERNET| - | DSL | ---- | SMC| --- | M2 | -----| LINKSYS | -------| M1 |
----------------- --------- -------- ==== --------------- ====

Is this the why yo have things connected?
You are using the linksys router as a hub? (nothing is conned via the wan port)
What is the IP of SMC?
M2 has two interface cards?
Which interface connects to SMC? (eth1 or eth0)
Which interface connects to LINKSYS? (eth1 or eth0)
What are the ip address for the interfaces on M2? (ie eth0=192.168.1.1 & eth1=10.0.1.1)
M1 has only one interface card?
What is M1's ip address?
Can M1 ping M2's ip on eth0?
Can M1 ping M2's ip on eth1?
Can M1 ping SMC's ip?
Sorry for all the questions I am just trying to figure out how things are connected.
 
Old 02-13-2004, 10:50 AM   #5
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Hi,

Thanks again for responding!

Your diagram is an accurate representation of the way the system is connected.
Yes I am using the linksys router as a hub (nothing is connected to the wan port).
The smcís ip is 192.168.2.1
M2 actually has 3 interface cards, but the third card and isnít relevant to this problem.
eth1 on M2 connects to smc.
eth0 on M2 connects to linksys.
eth0 on M2 has ip address 10.0.1.2
eth1 on M2 has ip address 192.168.2.101
Yes, M1 only has 1 interface card.
M1ís ip address is 10.0.1.3
M1 cannot ping M2ís eth1.
M1 cannot ping smc.
M1 can ping M2ís eth0.

I don't mind the questions, I appreciate you taking the time to help.

Regards...
 
Old 02-13-2004, 12:29 PM   #6
g-rod
Member
 
Registered: Dec 2003
Location: Long Island, NY USA
Distribution: RedHat, SUSE
Posts: 336

Rep: Reputation: 30
I know you said you don't have any rules in iptables, but can you post the output anyway?
From m2
iptables -L -n;
and
route -n;
cat /proc/sys/net/ipv4/ip_forward;
 
Old 02-13-2004, 12:53 PM   #7
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Here's the info that you requested:

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1

iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

cat /proc/sys/net/ipv4/ip_forward
1
 
Old 02-13-2004, 01:07 PM   #8
g-rod
Member
 
Registered: Dec 2003
Location: Long Island, NY USA
Distribution: RedHat, SUSE
Posts: 336

Rep: Reputation: 30
So M1 can ping M2 on the same subnet, but cannot ping M2 on an interface on a differnect subnet. The routing tables on M1 and M2 look correct. Niether M1 nor M2 are running firewalls. Maybe it is the Linksys. If it is acting as a hub or switch that couldn't be the case, but ...

Could you try connecting M1 directly into M2 with a crossover cable and try ping 192.168.2.101 as a test?
 
Old 02-17-2004, 01:28 PM   #9
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Hi,

I connected m1 and m2 with a crossover cable and was able to ping m1 from m2 and vice-versa. Therefore, it would appear that the linksys router may be the cause of the problem.

I am looking into it, but if you can think of anything to try please post it.

Thanks for your help!
 
Old 02-17-2004, 05:16 PM   #10
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Since my last post, I bypassed the linksys router with the crossover cable again, and started iptraf on m2. When I tried to ping the smc router from m1, iptraf reported the correct outgoing echo requests on both of m2's ethernet cards but nothing coming back.
This makes me wonder if NAT is working correctly on m2 or is it some setting on the smc router that I still can't find.
 
Old 02-21-2004, 10:05 AM   #11
bper
Member
 
Registered: Oct 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Hi,

I tried to make everything easier by putting all of the machines in question on the same subnet. This did not solve the problem of reaching the outside world over the internet.
Looking at iptraf, it still appeared that the reply was getting lost. I looked to see if my smc router could handle static routing. Unfortunately, it can not. SMC calls this device a NATing device.
I replaced the smc router with a linksys router and the problem went away. As a newbie, I'm still not totally clear of the explanation, but it appears that the linksys router handles something that the smc router does not. I know that the linksys router can do static routing, but I didn't set up any static routes and it still worked with the linksys but not with the smc. The smc is a wireless and the linksys is a wired cable/dsl router.
I still need wireless access, so I am hoping that I can still use the smc as a wireless access point/switch by connecting it to the linksys.

The wireless access that I need is for a windows box not for linux. I have windows machines on a different network to share the same internet connection. The windows PC is wireless but the linux machines are all wired.

Another question. in my previous example, m1 is a web server and m2 is a firewall. With the iptables rules up on m2, I can't hit a website (like google) from a browser on m1. With the rules down, I can.

I also can't hit my tomcat server running on m1 when it sits behind m2. I believe if I plug m1 directly into the linksys router, I can hit it.

Can you think of anything that I should look at in my rules? For example, specific ports? I have a rule which redirects traffic to port 80 on m2 to m1.

Thanks.
 
Old 02-21-2004, 11:25 AM   #12
ronadinihari
LQ Newbie
 
Registered: Feb 2004
Location: Indonesia
Distribution: Redhat Linux 9
Posts: 15

Rep: Reputation: 1
i have a similar problem in my thread posting. (sigh).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect to RH9 via samba br_sriram Linux - Software 2 09-17-2004 06:09 AM
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 03:02 PM
cannot connect to localhost (RH9) DaddyBad Linux - Newbie 10 03-15-2004 12:15 PM
Can't connect to the Internet using dial-up under RH9 juszuf7 Linux - Hardware 9 01-21-2004 11:08 PM
Can`t connect after reinstalling RH9 BajaNick Linux - Networking 3 09-20-2003 01:46 PM


All times are GMT -5. The time now is 07:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration