LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-28-2005, 08:05 AM   #1
dooda5555
LQ Newbie
 
Registered: Apr 2005
Location: Montreal, Canada
Distribution: Ubuntu
Posts: 11

Rep: Reputation: 0
Linux box as a gateway/router


Hi, I decided to add a linux box between my DSL router/modem (GNET BB0060), and my Linksys router, to eventually act as a firewall. However, it seems that the packets that are coming from Linksys router, are not routing properly to my GNET modem. However, traffic that is initiated from the linux box makes its way to the router/modem without any issue, and routes to the Internet.

Here are some more details:

- 10.0.0.0 /30 between linux box and Linksys (linksys is 10.0.0.1 ... Linux box P2P is 10.0.0.2)

- 192.168.7.0 /24 between linux box and GNET router/modem (GNET is 192.168.7.1 .... Linux box is at 192.168.7.2)

++++

linux:~ # netstat -ar
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 * 255.255.255.252 U 0 0 0 eth0
192.168.7.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.7.1 0.0.0.0 UG 0 0 0 eth1

+++++

linux:~ # arp -a
? (192.168.7.1) at 00:30:EB6:4F:48 [ether] on eth1
? (10.0.0.1) at 00:06:25:9C:CB:7D [ether] on eth0

+++++

linux:~ # lspci

-- snip --
0000:00:09.0 Ethernet controller: Lite-On Communications Inc LNE100TX (rev 20)
0000:00:0b.0 Ethernet controller: D-Link System Inc RTL8139 Ethernet (rev 10)
-- snip --

++++++++++

Here's an example that it doesn't work. From a Windows workstation that connects to the Linksys, I can ping the LAN IP of the linux box at IP 10.0.0.2, as well as the WAN IP of the linux box at IP 192.168.7.2. However, I cannot ping the LAN (inside interface) of the GNET router/modem at IP 192.168.7.1. However, like I said before from the Linux box no problem :

linux:~ # ping 192.168.7.1
PING 192.168.7.1 (192.168.7.1) 56(84) bytes of data.
64 bytes from 192.168.7.1: icmp_seq=1 ttl=64 time=0.469 ms
64 bytes from 192.168.7.1: icmp_seq=2 ttl=64 time=0.406 ms
64 bytes from 192.168.7.1: icmp_seq=3 ttl=64 time=0.420 ms

--- 192.168.7.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.406/0.431/0.469/0.036 ms

+++++++++++

If you look at the routing table provided earlier, dynamic routing seems to have done its job properly, where traffic from the Linux box routes to gateway 192.168.7.1.

Any idea what's going on? Oh, by the way, linux box is Suse 9.1, haven't touched anything regarding firewall yet, just chose the basic installation of Suse 9.1.
 
Old 04-28-2005, 10:37 AM   #2
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
Are you using NAT on the Linux box? If not, then your problem is probably that the GNET router has no route to the 10 network. When it receives the ping from 10.0.0.1, it will look for a route to the 10 network so it can send a response. Not finding a route to the 10 network, it most likely will send the reply to it's default gateway which should be pointing to your ISP. What it does with the packet really depends on the software running on the router but it will not automatically forward the packet back through 192.168.7.2.
If your GNET router supports static routes, you could configure a static route on it that says "to reach the 10.0.0.0 network, send packets through 192.168.7.2". Many small DSL routers don't support static routes. Even if they do, some only support NAT on one subnet.
I have a small 3Com router at home. I tried to set up the same type of network you have with a Linux box acting as a firewall between my home network and the 3Com router that connects to the Internet. I can configure a static route on the 3Com router so that it will respond to pings from machines on the home network on the other side of the Linux box. However, the 3Com router will only preform NAT on the subnet that is actually attached to it's LAN interface so I couldn't reach the Internet from the home network.

The solution I ended up with was to set up IP Masquerading on the Linux box. That way, any packet that reaches the 3Com router from my home network has a source IP address of the interface on the Linux box that connects to the 3Com router. Basically I was using double NAT. It worked OK but there was a slight performance hit on the network because each packet had to be translated twice.

If the GNET router doesn't support static routes or it will only allow NAT on one subnet, your easiest option will be to use IP Masquerading on the Linux box if you want to use it as a firewall.
Another option is to use proxy ARP. If you're not familiar with it, it's more complicated to set up than IP masquerading.

Added Later:
After re-reading your post, I see that you also have a Linksys router in the mix which could make things even more complicated. Is it a router/switch combo where you could use it as only a switch or does it have to work as a router?

Last edited by cowanrl; 04-28-2005 at 10:41 AM.
 
Old 04-29-2005, 01:06 PM   #3
dooda5555
LQ Newbie
 
Registered: Apr 2005
Location: Montreal, Canada
Distribution: Ubuntu
Posts: 11

Original Poster
Rep: Reputation: 0
Your suggestion to add a static route route on the GNET, to announce network 10.0.0.0 /30 to forward to gateway 192.168.7.2 worked, thanks.

Ben
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using a Linux box as a residential gateway on my LAN LordFett Linux - Newbie 9 12-21-2005 05:20 PM
VPN gateway with linux BOX jobbe314 Linux - Networking 5 08-02-2005 09:43 PM
Linux box as Gateway to internet for Windows Network bickyz Linux - Networking 11 11-29-2004 06:06 PM
XP Box won't take DHCP information or an IP from Linux gateway Diademed Linux - Newbie 2 10-22-2004 05:47 PM
gateway for a linux router?? jmono Linux - Networking 12 11-17-2003 09:33 PM


All times are GMT -5. The time now is 07:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration