Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am wondering if anyone could help me with the following issue. I googled it left and right but could resolve it.
I have two computers running Ubuntu 9.04, using static IP, connected via a switch. They can SSH to each other perfectly. And I can ping any websites from these two PCs. But I cannot connect to either of these two PCs from outside the LAN, and cannot even ping them from outside.
It seems that any PCs outside the LAN cannot find these two computers, but these two PCs do have connection to the outside world. How can I solve this problem?
Another problem is that I cannot visit any website through Firefox. The network is disconnected according to the icon on the upper left side of the desktop, although I have no problem in using ping. This is really weird to me. Could this be the problem of network setting? An example of the setting is:
IP: 10.10.4.122
NetMask: 255.255.255.0
Gateway:10.10.4.1
1st DNS: 150.108.2.11
I remember if I use network manager to set up the network, I could visit websites through Firefox. But I can't use ssh. If I set up the network through command line, I can use ssh but can't visit any website. ......so frustrated.
I just noticed that 10.10.4.122 is a private reserved IP address. I guess I can't use
$ssh username@10.10.4.122 to connect to it.
How can I connect to it then? ........
Quote:
Originally Posted by seanwong
Hey All,
I am wondering if anyone could help me with the following issue. I googled it left and right but could resolve it.
I have two computers running Ubuntu 9.04, using static IP, connected via a switch. They can SSH to each other perfectly. And I can ping any websites from these two PCs. But I cannot connect to either of these two PCs from outside the LAN, and cannot even ping them from outside.
It seems that any PCs outside the LAN cannot find these two computers, but these two PCs do have connection to the outside world. How can I solve this problem?
Another problem is that I cannot visit any website through Firefox. The network is disconnected according to the icon on the upper left side of the desktop, although I have no problem in using ping. This is really weird to me. Could this be the problem of network setting? An example of the setting is:
IP: 10.10.4.122
NetMask: 255.255.255.0
Gateway:10.10.4.1
1st DNS: 150.108.2.11
I remember if I use network manager to set up the network, I could visit websites through Firefox. But I can't use ssh. If I set up the network through command line, I can use ssh but can't visit any website. ......so frustrated.
You're going to need to connect to the external IP address from outside of your LAN. (That's the real-world IP of the external (or WAN) interface of your router. In addition to this, since there will be two hosts on your LAN listening on the ssh port, you will likely want to set up a port forward on the router to the host you want to initially shell into from outside..
First off, though, it seems as if you are describing the symptoms of multiple possible configuration issues.
Could you please post the output of the following commands as root?
Basically I am building a simple linux cluster. Several PCs work in LAN and they should be able to connect to each other through ssh. This is not hard to do. I also need one PC of them connected to the WAN. Of course this PC has two network cards, one for LAN (I am using address 192.168.0.1 to 192.168.0.255), the other for WAN. Like you said, I don't know the external address of this PC. The address 10.10.4.125 is assigned to me. I guess that is also a LAN address? not sure.
I am just trying to connect to my PC from outside the LAN. So, there is only one network card in this PC at this moment.
Here is the output of the corresponding commands
$ifconfig
PING www-real.wa1.b.yahoo.com (69.147.76.15) 56(84) bytes of data.
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=1 ttl=53 time=26.2 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=2 ttl=53 time=26.6 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=3 ttl=53 time=26.9 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=4 ttl=53 time=22.5 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=5 ttl=53 time=24.1 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=6 ttl=53 time=23.3 ms
64 bytes from f1.www.vip.re1.yahoo.com (69.147.76.15): icmp_seq=7 ttl=53 time=23.9 ms
--- www-real.wa1.b.yahoo.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6007ms
rtt min/avg/max/mdev = 22.577/24.848/26.956/1.606 ms
$ping 209.191.93.52
Quote:
PING 209.191.93.52 (209.191.93.52) 56(84) bytes of data.
64 bytes from 209.191.93.52: icmp_seq=1 ttl=53 time=50.3 ms
64 bytes from 209.191.93.52: icmp_seq=2 ttl=53 time=49.4 ms
64 bytes from 209.191.93.52: icmp_seq=3 ttl=53 time=49.1 ms
64 bytes from 209.191.93.52: icmp_seq=4 ttl=53 time=49.8 ms
64 bytes from 209.191.93.52: icmp_seq=5 ttl=53 time=49.9 ms
64 bytes from 209.191.93.52: icmp_seq=6 ttl=53 time=49.7 ms
64 bytes from 209.191.93.52: icmp_seq=7 ttl=53 time=50.1 ms
--- 209.191.93.52 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6009ms
rtt min/avg/max/mdev = 49.119/49.802/50.369/0.482 ms
I think what you said makes scene. Could you include more details?
Thanks a bunch!
Quote:
Originally Posted by foodown
You're going to need to connect to the external IP address from outside of your LAN. (That's the real-world IP of the external (or WAN) interface of your router. In addition to this, since there will be two hosts on your LAN listening on the ssh port, you will likely want to set up a port forward on the router to the host you want to initially shell into from outside..
First off, though, it seems as if you are describing the symptoms of multiple possible configuration issues.
Could you please post the output of the following commands as root?
With a routing table that looks like that, your interface properly configured, a router which translates your NAT addresses correctly, and DNS resolving names (all of which you apparently have) I am concerned that firefox will not browse the web . . . nonetheless, as for the external IP and the port forwarding . . .
The specifics of how to look into and modify all of such things will depend on the brand and model of your router, but several generalities apply.
Almost all routers have a default 'router status' display of some kind. Most have a web interface you can access by typing the LAN address of the router into your browser's navigation bar. (So, put 'http://10.10.4.1' into firefox.) On this page, it should show a 'WAN IP' or 'External IP.' This is the IP address assigned to your network by your ISP, and is probably dynamic. (So, it will change sometimes.) THIS is the address you would have to ssh to from outside the LAN.
So, if the IP were 70.94.221.53, you'd have to do an 'ssh yourusername@70.94.221.53'
One way to get around keeping up with your current WAN IP is to run a dynamic DNS client like the one from http://www.no-ip.com
This one is free and you run it on just one of the linux hosts on your LAN. The client updates no-ip's DNS whenever your WAN IP changes, so you could just connect to thehostyoupick.no-ip.com.
eg - 'ssh yourusername@thehostyoupick.no-ip.com'
(I think they actually have many second-level domains to choose from.)
This is also handy if you want to run your own mail server and receive email at yourusername@thehostyoupick.no-ip.com.
Now, since there are multiple hosts on your LAN listening on the ssh port, you should set up port forwarding to whichever one you want to connect to initially. (All the machines on your LAN "share" the one real IP address . . . the NAT IPs (10.x.x.x) cannot be routed on the "real" Internet. So, the port forward tells your router which machine will accept incoming connections on that port, like your ssh connection.)
Generally, router web interfaces call port forwards 'virtual hosts' 'virtual servers' or something like that. Some even call it port forwarding.
Essentially, you need to set up a TCP forward for external port 22 to internal port 22, IP 10.10.4.125. (Or, whichever machine you want to hit when you connect from outside. If you need a different one, you can ssh over to any machine on your LAN from the command line of the first one that you set up the port forward to.)
On my router, it would look like this:
Code:
Enable Desc Port Type Address Private Port
------ ---- ---- ---- ------- ------------
X ssh2 22 TCP 10.10.4.125 22
Of course, since you indicated in your last post that one of your machines is bridging the entire LAN into your WAN connection, perhaps your second NIC is going into a terminal adapter? Even still, it may have a web interface on its LAN IP . . . more often than routers, TAs actually have a telnet interface, but the same principles apply. Generally in this case, however, the port forward would most likely not be an option. However, your indication that all of the machines on your LAN can already reach the outside with similar configurations suggests that what is happening in your case is 'ethernet bridging' whereby the ethernet segments on both sides of the machine with two NICs are effectively one . . . then you should still set up the forwarding.
I hope this helps and doesn't read like the rambling it felt like when I was typing it.
Back to firefox . . . you mentioned it "showing the network disconnected" in your post. Where exactly is that shown? In your window manager? Have you checked another browser just to make sure it's not a firefox issue?
Last edited by foodown; 06-07-2009 at 12:00 AM.
Reason: messed up the preformatted text
Thank you for your post. That helps a lot.
I finally get an IP in WAN and switch to Ubuntu. Now it works perfectly.
Quote:
Originally Posted by foodown
With a routing table that looks like that, your interface properly configured, a router which translates your NAT addresses correctly, and DNS resolving names (all of which you apparently have) I am concerned that firefox will not browse the web . . . nonetheless, as for the external IP and the port forwarding . . .
The specifics of how to look into and modify all of such things will depend on the brand and model of your router, but several generalities apply.
Almost all routers have a default 'router status' display of some kind. Most have a web interface you can access by typing the LAN address of the router into your browser's navigation bar. (So, put 'http://10.10.4.1' into firefox.) On this page, it should show a 'WAN IP' or 'External IP.' This is the IP address assigned to your network by your ISP, and is probably dynamic. (So, it will change sometimes.) THIS is the address you would have to ssh to from outside the LAN.
So, if the IP were 70.94.221.53, you'd have to do an 'ssh yourusername@70.94.221.53'
One way to get around keeping up with your current WAN IP is to run a dynamic DNS client like the one from http://www.no-ip.com
This one is free and you run it on just one of the linux hosts on your LAN. The client updates no-ip's DNS whenever your WAN IP changes, so you could just connect to thehostyoupick.no-ip.com.
eg - 'ssh yourusername@thehostyoupick.no-ip.com'
(I think they actually have many second-level domains to choose from.)
This is also handy if you want to run your own mail server and receive email at yourusername@thehostyoupick.no-ip.com.
Now, since there are multiple hosts on your LAN listening on the ssh port, you should set up port forwarding to whichever one you want to connect to initially. (All the machines on your LAN "share" the one real IP address . . . the NAT IPs (10.x.x.x) cannot be routed on the "real" Internet. So, the port forward tells your router which machine will accept incoming connections on that port, like your ssh connection.)
Generally, router web interfaces call port forwards 'virtual hosts' 'virtual servers' or something like that. Some even call it port forwarding.
Essentially, you need to set up a TCP forward for external port 22 to internal port 22, IP 10.10.4.125. (Or, whichever machine you want to hit when you connect from outside. If you need a different one, you can ssh over to any machine on your LAN from the command line of the first one that you set up the port forward to.)
On my router, it would look like this:
Code:
Enable Desc Port Type Address Private Port
------ ---- ---- ---- ------- ------------
X ssh2 22 TCP 10.10.4.125 22
Of course, since you indicated in your last post that one of your machines is bridging the entire LAN into your WAN connection, perhaps your second NIC is going into a terminal adapter? Even still, it may have a web interface on its LAN IP . . . more often than routers, TAs actually have a telnet interface, but the same principles apply. Generally in this case, however, the port forward would most likely not be an option. However, your indication that all of the machines on your LAN can already reach the outside with similar configurations suggests that what is happening in your case is 'ethernet bridging' whereby the ethernet segments on both sides of the machine with two NICs are effectively one . . . then you should still set up the forwarding.
I hope this helps and doesn't read like the rambling it felt like when I was typing it.
Back to firefox . . . you mentioned it "showing the network disconnected" in your post. Where exactly is that shown? In your window manager? Have you checked another browser just to make sure it's not a firefox issue?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
