LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to improve my illogical yet working ICS connection? (http://www.linuxquestions.org/questions/linux-networking-3/how-to-improve-my-illogical-yet-working-ics-connection-798539/)

Cyberman 03-28-2010 10:52 PM

How to improve my illogical yet working ICS connection?
 
Alright, so I recently setup an ICS connection.
I've done this before, but for some odd reason, there have been a lot of weird issues.

First off, I've been using firestarter.
I've used firestarter before and I've done ICS with firestarter before.

In general, I've had to assign my gateway address after all of the start up scripts launch. In other words, I have to go into the Gnome GUI, reconfigure the gateway address of the local network card (that which connects to another computer to provide ICS), and from there restart the client's connection.

It's been really weird.

In general, things would seem ok if I could simply have /etc/init.d/networking restart take hold of the gateway line that exists in /etc/network/interfaces.

Unfortunately, it doesn't seem to want to do that.
Instead, it seems to want to tell me that it fails to load eth1, which is the card connected to the other box to flow in/out ICS. That's silly.

I don't know how to better figure out this issue.
I can tell you that the gateway is not constant, however.
The gateway is the IP address the school provides me from the router.
I'm setting up ICS, because it's just another one of those things I setup with SSH, DHCP, FTP, and backuppc. I'm methodical like that. I want it there.

Here is the dhcpd.conf
It works fine.

Code:

workstation@taiwan:~$ cat /etc/dhcp3/dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
#

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style interim;
ignore client-updates;

# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers 127.0.0.1;

#####################################
default-lease-time 21600;
max-lease-time 43200;


subnet 192.168.0.0 netmask 255.255.255.0 {
option domain-name-servers 127.0.0.1;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option routers 192.168.0.111;
range dynamic-bootp 192.168.0.100 192.168.0.254;
option ip-forwarding off;
}
###############################


# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers 127.0.0.1;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.  If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts.  These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.  Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.  The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

host compaq {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.0.101;
}


Here is the /etc/network/interfaces

It would appear that /etc/init.d/networking restart does not want to load eth1

Code:

workstation@taiwan:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.0.111
netmask 255.255.255.0
gateway 10.51.17.65

In general, the gateway has to be the IP address I've been assigned from the "outside" router.

Weird.


taiwan:~# cat /etc/firestarter/configuration
Code:

#-----------( Firestarter Configuration File )-----------#

# --(External Interface)--
# Name of external network interface
IF="eth0"
# Network interface is a PPP link
EXT_PPP="off"

# --(Internal Interface--)
# Name of internal network interface
INIF="eth1"

# --(Network Address Translation)--
# Enable NAT
NAT="on"
# Enable DHCP server for NAT clients
DHCP_SERVER="on"
# Forward server's DNS settings to clients in DHCP lease
DHCP_DYNAMIC_DNS="on"

# --(Inbound Traffic)--
# Packet rejection method
#  DROP:  Ignore the packet
#  REJECT: Send back an error packet in response
STOP_TARGET="DROP"

# --(Outbound Traffic)--
# Default Outbound Traffic Policy
#  permissive: everything not denied is allowed
#  restrictive everything not allowed is denied
OUTBOUND_POLICY="permissive"

# --(Type of Service)--
# Enable ToS filtering
FILTER_TOS="off"
# Apply ToS to typical client tasks such as SSH and HTTP
TOS_CLIENT="off"
# Apply ToS to typical server tasks such as SSH, HTTP, HTTPS and POP3
TOS_SERVER="off"
# Apply ToS to Remote X server connections
TOS_X="off"
# ToS parameters
#  4:  Maximize Reliability
#  8:  Maximize-Throughput
#  16: Minimize-Delay
TOSOPT=8

# --(ICMP Filtering)--
# Enable ICMP filtering
FILTER_ICMP="off"
# Allow Echo requests
ICMP_ECHO_REQUEST="on"
# Allow Echo replies
ICMP_ECHO_REPLY="on"
# Allow Traceroute requests
ICMP_TRACEROUTE="off"
# Allow MS Traceroute Requests
ICMP_MSTRACEROUTE="off"
# Allow Unreachable Requests
ICMP_UNREACHABLE="off"
# Allow Timestamping Requests
ICMP_TIMESTAMPING="off"
# Allow Address Masking Requests
ICMP_MASKING="off"
# Allow Redirection Requests
ICMP_REDIRECTION="off"
# Allow Source Quench Requests
ICMP_SOURCE_QUENCHES="off"

# --(Broadcast Traffic)--
# Block external broadcast traffic
BLOCK_EXTERNAL_BROADCAST="on"
# Block internal broadcast traffic
BLOCK_INTERNAL_BROADCAST="off"

# --(Traffic Validation)--
# Block non-routable traffic on the public interfaces
BLOCK_NON_ROUTABLES="off"

# --(Logging)--
# System log level
LOG_LEVEL=info

At first, I was having weird issues with the client on the ICS connection.
So, I checked if it was a DNS issue.
I was able to ping the google IP address, but I couldn't get a "ping google.com" out of the deal.
So, I went over to the server side and added the gateway to the eth1 card via Gnome GUI Network.

That seemed to have worked.

However, it seems I keep having weird issues.
I have to keep reloading firestarter and the network once in a while to get things to hold.
I'm not sure what's going on.

So far:

1. I restarted the computer
2. It told me during startup that it failed to load eth1
3. The DHCP server will assign the client an IP address
4. The client can ping the IP address of google
5. The client cannot ping google.com
6. The gateway address for eth1 is going to be eth0's assigned IP address from the outside DHCP server.
7. It seems like things won't take place unless I mess with the gateway criteria in "Network" gui in Gnome.

g_davis 04-02-2010 12:53 PM

Consider modifying your DHCP server configuration
 
In reading your configuration files it appears that your DHCP is set to issue addresses on the same subnet as the dynamic address given to your eth1 adapter which (I assume) is provided by your school's DHCP server.

You cannot do this. You will need to create a separate DHCP scope such as 192.168.1.x and connect clients through your ICS on a unique subnet.

What is happening is your DHCP server is competing with the school's DHCP server which explains why sometimes you can get it working, but it eventually stops working.

The amusing thing, the school's IT tech is probably sitting at his desk trying to figure out who the jerk is that's causing DHCP collisions on his network. :)


All times are GMT -5. The time now is 01:53 AM.