Need help configuring 2nd NIC - Slackware, kernel 2.6.21.5

mfoley · 10-02-2008, 05:31 PM

I have installed a second NIC card in my 2.6.21.5 kernel, Slackware distro machine. dmesg shows that the new eth1 card is being recognized:

eth0: RealTek RTL8139 at 0xd000, 40:e0:4c:39:7f:61, IRQ 10
eth0: Identified 8139 chip type 'RTL-8139C'
eth1: RealTek RTL8139 at 0xd400, 00:c0:a8:7b:93:1f, IRQ 5
eth1: Identified 8139 chip type 'RTL-8139C'

So far so good. eth0 is connected behind a Windows Server firewall on the local office lan. That has been working for some time now w/o problem. Now, I want to install a 2nd card connected directly to the Internet. Why? Briefly, this linux host is a webserver. Up to now, the Windows server has been keeping port 443 (https) traffic but routing port 80 (http) requests to the linux box. No problem. However, now we want SSL for the linux box. The solution is to obtain a public static IP and route all http[s] traffic right to the linux machine ... but we still need to keep the lan connection for database request, mail, etc.

The idea is to keep eth0 connected to the lan with its current lan IP: 192.168.0.3, and set up eth1 with the public IP.

Not having any luck!

First conundrum: /etc/rc.inet1.conf only specifies a single default gateway, but surely these two NICs will need separate gateways. Here's my current not-working-for-eth1 rc.inet1.conf:

# Config information for eth0:
IPADDR[0]="192.168.0.3"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="64.129.23.95"
NETMASK[1]="255.255.255.192"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""

# Default gateway IP address:
GATEWAY="192.168.0.1"
#GATEWAY="64.129.23.65"

Please HELP! I've been working on this for days!

gondo · 10-02-2008, 06:25 PM

To get this to work you should:
- use the default gateway which is now commented out.
- add routes to your internal networks.
say, for example, you need to connect to this server from network 192.160.100.0 with netmask 255.255.255.0, you give the command:
"route add -net 192.160.100.0 netmask 255.255.255.0 gw 192.168.0.1"
(I dont know how to add this to a slackware configuration file)

After you have done this, the server should be reachable from the internal lan and from the internet.

However, port-forwarding from the microsoft firewall to the linux server now no longer works. In other words it is not possible to receive mail via the ms firewall and serve webpages using the other interface at the same time.

Reason: the packages, received via the ms firewall, are answered using the interface with the default gateway and are (probably) discarded by the service provider since it does not recognize the source ip number(You can solve this with source-routing but that takes a bit of studying).

Regards,

Gondo

mfoley · 10-03-2008, 06:43 AM

Gondo - thanks for the response. Right now, I'm not too worried about mail. I'll deal with that later. The route command is the same on Slackware as any other "unix". However, I'm a bit confused. You use the example network of 192.160.100.0, why? I don't have such a network. I don't get it. I'm afraid I'm a bit too obtuse for your example. What actual route should I configure? My current route info is:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default server.ohprs.lo 0.0.0.0 UG 1 0 0 eth0

mfoley · 10-04-2008, 09:12 AM

More information ...
Boot info (dmesg):

eth0: VIA Rhine II at 0xfdffe000, 00:e0:4d:74:e1:11, IRQ 21.
eth0: MII PHY found at address 1, status 0x7849 advertising 01e1 Link 0000.
:
8139too Fast Ethernet driver 0.9.28
ACPI: PCI Interrupt 0000:04:03.0[A] -> GSI 16 (level, low) -> IRQ 23
eth1: RealTek RTL8139 at 0x9c00, 40:e0:4c:39:7f:61, IRQ 23
eth1: Identified 8139 chip type 'RTL-8139C'
ACPI: PCI Interrupt 0000:04:04.0[A] -> GSI 17 (level, low) -> IRQ 22
eth2: RealTek RTL8139 at 0x9800, 00:c0:a8:7b:93:1f, IRQ 22
eth2: Identified 8139 chip type 'RTL-8139C'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
eth0: no IPv6 routers present

I have the lan connected to the eth1 8139 card, not the Rhine card. The Rhine card doesn't seem to work. ifconfig -a shows:

eth0 Link encap:Ethernet HWaddr 40:E0:4C:39:7F:61
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::42e0:4cff:fe39:7f61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2731346 errors:0 dropped:0 overruns:0 frame:0
TX packets:2849346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2347092882 (2.1 GiB) TX bytes:2652539464 (2.4 GiB)
Interrupt:23 Base address:0x9c00

eth4 Link encap:Ethernet HWaddr 00:E0:4D:74:E1:11
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:21 Base address:0x2000

eth5 Link encap:Ethernet HWaddr 00:C0:A8:7B:93:1F
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:22 Base address:0x9800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:334398 errors:0 dropped:0 overruns:0 frame:0
TX packets:334398 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1455239331 (1.3 GiB) TX bytes:1455239331 (1.3 GiB)

boot parameters to ifconfig to start the network(s), /etc/rc.d/rc.inet1.conf:

IPADDR[0]="192.168.0.3"
NETMASK[0]="255.255.255.0"

IPADDR[1]="64.129.23.95"
NETMASK[1]="255.255.255.192"
GATEWAY="192.168.0.1"

route gives me:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default server.ohprs.lo 0.0.0.0 UG 1 0 0 eth0

netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2731851 0 0 0 2849781 0 0 0 BMRU
lo 16436 0 334403 0 0 0 334403 0 0 0 LRU

If I do:
ifconfig eth1 64.129.23.95 netmask 255.255.255.192 broadcast 255.255.255.255 up

I get:

SIOCSIFADDR: No such device
eth1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
eth1: ERROR while getting interface flags: No such device
eth1: ERROR while getting interface flags: No such device

I repeat, HELP!

bgeddy · 10-04-2008, 11:39 AM

I take it from you kernel (2.6.21.5) you are running Slackware 12.0. From the 12.0 CHANGES_AND_HINTS

Quote:

Slackware's udev implementation will automatically create rules files for your
optical devices (/etc/udev/rules.d/75-optical-devices.rules) and network
interfaces (/etc/udev/rules.d/75-network-devices.rules) on first boot.
If you add/remove/replace any of this hardware, and/or you "clone" a system
to another hard drive for deployment, you will need to either remove these
two files (so that udev will regenerate them to reflect the new/changed
hardware) or edit them accordingly.

You did this didn't you ?

chort · 10-04-2008, 01:32 PM

For one thing, your OS doesn't recognize eth1 and eth2. From dmesg to how your OS is recognizing them is like this:

eth0 -> eth4
eth1 -> eth0
eth2 -> eth5

You can see that by comparing the HWaddrs.

This is why ifconfig eth1 doesn't work. You'd have to ifconfig eth0, but you're already doing that in your init script (IPADDR[0]). So you should change IPADDR[1] (and the other associated SOANDSO[1] declarations) to IPADDR[4].

For another thing, if you have an interface directly attached to the Internet, you must have your default gateway on that interface (or be using policy routing). If you do not, your routing will be totally broken and no one from the Internet will be able to connect to your webserver.

If there are addresses on your LAN that are not on the same subnet (192.168.0.0/24), you will need to create static routes for them.

mfoley · 10-06-2008, 05:38 AM

bgeddy: ah! no, I didn't know about the udev/rules.d. Is that just something new for release 12? I've been using Slackware for about 15 years, but I've never configured network devices like that. The system just seemed to recognize the the adapters in the past. Maybe just naivete on my part.

chort: yes, I now see that the hardware addresses correspond to the 75-network-devices.rules file mentioned by bgetty. So, I have reconfigured this file to correspond to my hardware setup and ifconfig -a now gives me:

eth0 Link encap:Ethernet HWaddr 40:E0:4C:39:7F:61
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::42e0:4cff:fe39:7f61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:594 errors:0 dropped:0 overruns:0 frame:0
TX packets:407 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54752 (53.4 KiB) TX bytes:41150 (40.1 KiB)
Interrupt:23 Base address:0x9c00

eth1 Link encap:Ethernet HWaddr 00:C0:A8:7B:93:1F
inet addr:64.129.23.95 Bcast:64.129.23.127 Mask:255.255.255.192
inet6 addr: fe80::2c0:a8ff:fe7b:931f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:60 (60.0 b) TX bytes:6317 (6.1 KiB)
Interrupt:22 Base address:0x9800

eth2 Link encap:Ethernet HWaddr 00:E0:4D:74:E1:11
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:21 Base address:0x4000

Where eth0 is my lan and eth1 is the internet connection. So, I think we are making progress! Two questions:

1) right now, I have eth1 connected directly to a linksys router in an attempt to test the card and make sure the card and Linux parts are working and to isolate potential downstream switch issues. Is there any way to 'ping' or telnet to this device (192.168.1.1) or does my current IP and mask for eth1 preclude that? If so, never mind, I'll move on.

2) When I reconnect this to the internet, what exactly should be my route setup command?

route add -net 192.168.0.0/24 ... ?
route add 192.168.0.0 mask 255.255.255.0 ... ?

As you can probably tell, networking is not my forte.

Thanks

bgeddy · 10-06-2008, 12:26 PM

Quote:

bgeddy: ah! no, I didn't know about the udev/rules.d. Is that just something new for release 12? I've been using Slackware for about 15 years, but I've never configured network devices like that. The system just seemed to recognize the the adapters in the past. Maybe just naivete on my part.

Yes - the udev rules changed device name allocation in Slackware 12. This seems to catch everyone out.

Quote:

1) right now, I have eth1 connected directly to a linksys router in an attempt to test the card and make sure the card and Linux parts are working and to isolate potential downstream switch issues. Is there any way to 'ping' or telnet to this device (192.168.1.1) or does my current IP and mask for eth1 preclude that? If so, never mind, I'll move on.

Well for now as you are testing you could add a static route to the linksys box with :

Code:

route add -host 192.168.1.1 dev eth0

But if you have other devices on this subnet it may be better with:

Code:

route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0

There are other ways of doing this with different netmasks but this should work for your testing purposes.

Quote:

2) When I reconnect this to the internet, what exactly should be my route setup command?

I'd tend to let the Slackware rc.inet1 script handle this by setting

Code:

# Default gateway IP address:
GATEWAY="64.129.23.65"

in rc.inet1.conf.. Or if you want to do things yourself :

Code:

route add default gw 64.129.23.65 eth1

One observation - I would definitely setup firewalling on this box as you are directly connecting to the internet.

mfoley · 10-07-2008, 10:12 AM

That worked fine! I just changed the default gateway to 64.129.23.65 and I can still get to the local lan w/o problem. I am also able to get to the linux box from the internet now. So, the big problem was the /etc/udev/rules.d/75-optical-devices.rules messing me up! That should have probably featured more prominently in Slackware documentation.

One thing that is no long working (but not a big deal), I used to be able to ssh to the windows server and it port-forwarded to the linux host. Now, that doesn't work. Neither does forwarding of http port 80. I don't need this now, but I'm curious as to why.

bgeddy · 10-07-2008, 07:14 PM

Well - without knowing the topology of your network I can't really help. My advice was just for the purposes of assisting you with your Slackware problem.

Saying that my gut reaction would be that the Windows machine doesn't know a route to the Slackware box especially as your router is on a different subnet - but again it's very hard to help without more information.

Why not start a new thread and offer more background to the problem at hand ? It may be interesting for you and others.

mfoley · 10-08-2008, 03:26 AM

Thanks bgeddy, but I think I won't start a thread I can't follow through on. I am not the admin for the Windows box and really can't find my wayt around IAS. I suspect you are probably right about the route thing. For my purposes, I can connect to the SQL Server database from Linux/tomcat, samba mount the Windows Server drive, and send email with the Window server as the smart host. So, why port-forwarding is no longer working on Windows is not a top priority. But don't worry! I'm sure I'll be back real soon with questions on fire-walling!

Thanks for your help!!! I'd been messing with this problem on and off for a month and sought out linuxquestions.org because other help forums could not help me figure out the problem.

santu14321 · 02-10-2009, 06:09 AM

hai

iam using linux slack ware version
i don't know how to add an ipaddress to the interface
can any one help me out