Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I've got a host who which has a static IP but it's really on a NAT'd subnet. It just gets the same IP through MAC based auth (read I must use DHCP). It has an internal network. Essentially it's your standard DSL type set up. Problem is the ISP doesn't have an internal route for getting to my static IP from the internal LAN. This is breaking some apps I have no control over.
Static IP for the whole internet:
My internal IP:
Problem occurs when Y.Y.Y.Y tries to connect to X.X.X.X
I think the ISP didn't set a route for this. I have other hosts on DSL with different ISP that work fine in the exact same config.
Normally I'd play around with routing/iptables till I got something to work. Problem is this particular machine is 30 miles away and I'd have to drive to get to the console in case I screw up.
That said. anyone have any recommendations? Seems simple just don't want to screw up.
X.X.X.X is the static IP which my ISP NAT's outbound traffic from Y.Y.Y.Y whose gateway is Y.Y.0.1. Incoming to X.X.X.X are portforwarded to Y.Y.Y.Y through Y.Y.0.1.
If Y.Y.Y.Y tries to connect to X.X.X.X it is not properly routed. Some beta version file sharing software I'm using needs all peers to connect through a static IP, X.X.X.X. Peers external to my LAN have no problems but peers internal can not reach the X.X.X.X address.
On my home machine (different host) this routing is set up find. I use a DSL modem that does the same NATing/forwarding with the one difference that my connections from my internal lan to my external IP are routed properly.
do you own or have root privilidges on all these machines (the X's and Y's). and which ones are Linux machines? Is Y.Y.0.1 a router? or a PC acting as a router?
So you have a computer with IP X.X.X.X and a LAN behind this computer with IPs Y.Y.Y.Y. with gateway Y.Y.0.1. In order for traffic to correctly go from Y.Y.Y.Y to X.X.X.X then Y.Y.0.1 has to have its routing table configured correctly to forward the packets accordingly. If Y.Y.0.1 is a Linux box, you have to turn on forwarding:
# echo 1 > /proc/sys/net/ipv4/ip_foward
and also setup some iptables stuff:
if you trust all the traffic:
iptables -P FORWARD ACCEPT - this says forward anything that needs to be forwarded.
if the Y.Y.0.1 is a dsl/cable router, you might be able to add static routes (i had to do this with my Linksys router)
in my case i have a 10.0.1.1/24 comming off my linux both that is connected to the Linksys as 192.168.1.101, so in my linksys router i added this:
10.0.0.0 as the ip
255.0.0.0 as the mask (this means anything that begins with 10. will be sent out)
and the default gateway is 192.168.1.101
together all this says , if a packet comes into my linksys router, bound for an ip that begins with 10. , send it to the computer with ip 192.168.1.101.
Next, I had to make sure that all packets that come in my Linux box on 192.168.1.101 that are bound for ip's with 10.0.1.1/24 get forwarded to eth1, and as soon as i get another network card, anything bound for 10.0.2.1/24 will be sent out through eth2.
Bascially, you have to make sure each gateway(router) has its routing tables configured correctly and are setup to forward packets.
A little more info on your network setup is still needed for me to help you further, but im getting sort of a mental picture of what is going on.
this is kind of frustrating to me because if an ISP owns a router, they dont normally do static routes (not that i know of) but instead use routing protocols (RIP, OSPF, BGP) to update the routing tables automatically. It's all part of how the net works. So, for you not to be able to ping SHOULDN't be a problem with routing. I think the Y.Y.0.1 ISP has some kind of firewall setup. Now, if everything behind Y.Y.0.1 is private (192.168.x.x or 10.x.x.x) then you wont be able to ping those obviously, and you say you have a private address also (im guessing its 192.168. or 10.x.x.x as those are the only private address ranges in know about) so sure, if they try to connect to you, it wont work that way either unless your gateway to the internet forwards the requests to you internal IP (DNATing).
To sum it up i'll make some assumptions:
x.x.x.x is private and not seen on the internet
y.y.y.y is public and is seen on the internet (not a 192.168 or a 10.x.x.x)
if you ping y.y.y.y from x.x.x.x, it will work unless you have the following conditions.
1. y.y.0.1 is dropping ping request to prevent DoS attacks (aol does this)
2. y.y.y.y is dropping ping requests for some reason (like reason 1)
3. y.y.0.1 has no route to host y.y.y.y (i.e. y.y.y.y doesnt exsist)
4. X.X.0.1 (your gateway) doesnt forward ping request (highly unlikely and im sure this isnt the case as im sure you can ping say...yahoo.com)
5. Some other reason i'll think of later.
if you ping y.y.y.y, the reply message usually contains the reason it couldnt be pinged:
im probably beating a dead horse, but i hope i help shed some light or extra understanding.
Last edited by Robert0380; 05-19-2003 at 02:08 PM.