Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Ultimately, I need a RH9 machine (m1) to connect to the internet through another RH9 machine (m2) which acts as a firewall. m2 is connected directly to an smc router which connects to my dsl modem. m1 and m2 are connected by a linksys router.
I can connect directly to the internet from m2 by pinging an outside ip address. I can also ping m2 from m1. But I cannot ping an outside ip address from m1.
My route tables look something like this:
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
default smc 0.0.0.0 UG 0 0 0 eth1
The first line is an internal subnet on which m1 and m2 connect via linksys.
The second is the outside-world subnet connecting m2 via smc to the dsl modem.
(There are some intervening lines which should not intercept anything.)
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.2.0 m2 255.255.255.0 U 0 0 0 eth0
default m2 0.0.0.0 UG 0 0 0 eth0
/etc/hosts seems to have the correct names and addresses on m1 and m2.
From a browser on m1, trying to connect to a website times out. Pinging a web site address from m1 just hangs.
Any help that you can give would be appreciated greatly.
Not sure why you just don't connect both machines to the Linksys route but you problably have a reason. You need to make sure that m2 has ip_forwarding enabled and iptables allows connections from m1 to be forwarded, and the lynksys route has routing entries for the 10.0.1.0/24 network.
1) Linysys Routing - Connect to the router and go to the static routes table on advances settings and add the route to the destination LAN IP 10.0.1.0 Netmask 255.255.255.0 default gateway is the ip address of m2
2) Remove the 192.168.2.x address from m1
3) enable forwarding on m2 with the following
echo 1 >/proc/sys/net/ipv4/ip_forward;
To make perm edit /etc/sysctl and add the line sys.net.ipv4.ip_forward=1
4) On m2 open up iptables for forwarding connection to the m1 subnet run
iptabes -I FORWARD -s 192.168.2.0/24 -j ACCEPT
iptabes -I FORWARD -d 192.168.2.0/24 -j ACCEPT
Thanks for responding so quickly, and for your suggestions (youíre in NY Ė very close!).
I added the static route on Linksys and removed the 192.168.2.x address from m1 as you suggested in 1) and 2) above. The value in ip_forward was already 1 (and already permanently set in sysctl.conf ).
Without iptables rules in effect I still experienced the problem so I didnít try your rules suggestion. My iptables rules look a little different, but I believe that they have the same effect as your suggestion.
Is there anything else that may be wrong? Thanks again for your help and insight!
Is this the why yo have things connected?
You are using the linksys router as a hub? (nothing is conned via the wan port)
What is the IP of SMC?
M2 has two interface cards?
Which interface connects to SMC? (eth1 or eth0)
Which interface connects to LINKSYS? (eth1 or eth0)
What are the ip address for the interfaces on M2? (ie eth0=192.168.1.1 & eth1=10.0.1.1)
M1 has only one interface card?
What is M1's ip address?
Can M1 ping M2's ip on eth0?
Can M1 ping M2's ip on eth1?
Can M1 ping SMC's ip?
Sorry for all the questions I am just trying to figure out how things are connected.
Your diagram is an accurate representation of the way the system is connected.
Yes I am using the linksys router as a hub (nothing is connected to the wan port).
The smcís ip is 192.168.2.1
M2 actually has 3 interface cards, but the third card and isnít relevant to this problem.
eth1 on M2 connects to smc.
eth0 on M2 connects to linksys.
eth0 on M2 has ip address 10.0.1.2
eth1 on M2 has ip address 192.168.2.101
Yes, M1 only has 1 interface card.
M1ís ip address is 10.0.1.3
M1 cannot ping M2ís eth1.
M1 cannot ping smc.
M1 can ping M2ís eth0.
I don't mind the questions, I appreciate you taking the time to help.
So M1 can ping M2 on the same subnet, but cannot ping M2 on an interface on a differnect subnet. The routing tables on M1 and M2 look correct. Niether M1 nor M2 are running firewalls. Maybe it is the Linksys. If it is acting as a hub or switch that couldn't be the case, but ...
Could you try connecting M1 directly into M2 with a crossover cable and try ping 192.168.2.101 as a test?
Since my last post, I bypassed the linksys router with the crossover cable again, and started iptraf on m2. When I tried to ping the smc router from m1, iptraf reported the correct outgoing echo requests on both of m2's ethernet cards but nothing coming back.
This makes me wonder if NAT is working correctly on m2 or is it some setting on the smc router that I still can't find.
I tried to make everything easier by putting all of the machines in question on the same subnet. This did not solve the problem of reaching the outside world over the internet.
Looking at iptraf, it still appeared that the reply was getting lost. I looked to see if my smc router could handle static routing. Unfortunately, it can not. SMC calls this device a NATing device.
I replaced the smc router with a linksys router and the problem went away. As a newbie, I'm still not totally clear of the explanation, but it appears that the linksys router handles something that the smc router does not. I know that the linksys router can do static routing, but I didn't set up any static routes and it still worked with the linksys but not with the smc. The smc is a wireless and the linksys is a wired cable/dsl router.
I still need wireless access, so I am hoping that I can still use the smc as a wireless access point/switch by connecting it to the linksys.
The wireless access that I need is for a windows box not for linux. I have windows machines on a different network to share the same internet connection. The windows PC is wireless but the linux machines are all wired.
Another question. in my previous example, m1 is a web server and m2 is a firewall. With the iptables rules up on m2, I can't hit a website (like google) from a browser on m1. With the rules down, I can.
I also can't hit my tomcat server running on m1 when it sits behind m2. I believe if I plug m1 directly into the linksys router, I can hit it.
Can you think of anything that I should look at in my rules? For example, specific ports? I have a rule which redirects traffic to port 80 on m2 to m1.