LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-22-2007, 10:23 PM   #1
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Rep: Reputation: 0
PC can ping by IP, not by dns name


Hello,
I am trying to set up a remote computer in my basement area. Here is my current setup:

Cable modem --> Linksys wireless router --> LAPTOP --> netgear switch --> PC.

Also coming off of the Linksys, I have 2 additional PCs that are wired into the internal LAN ports. All PCs connected to the Linksys router pull a DHCP IP address and DNS info. Pinging and connecting to the Internet is not a problem with these systems.

LAPTOP (Fedora 6) has eth1 (wireless) with a DHCP address of 192.168.1.103, subnet mask of 255.255.255.0, and default gateway of 192.168.1.1.

LAPTOP also has an internal NIC (eth0) configured with a static IP address of 192.168.2.1, subnet mask 255.255.255.0. This connection is wired to a 100M Ethernet switch. LAPTOP can ping and browse without any issue.

The final connection is PC (Fedora 8). It has a single NIC, hard coded as 192.168.2.2, subnet mask 255.255.255.0, default gw is 192.168.2.1. I have hard set /etc/resolv.conf with the same name servers as all other PCs on the LAN.

LAPTOP has forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward). From PC, I can ping Internet hosts by IP addresses, and can load web pages if I know the IP addresses. What is not working is DNS name resolution nor DHCP requests. If I attempt to use DHCP, DHCP broadcasts are dropped at LAPTOP.

I have attempted to add iptables rules on LAPTOP, but am not at LAPTOP at the moment in order to print them out here.

Any assistance would be greatly appreciated!!
 
Old 11-22-2007, 10:34 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
In the host connected to the two subnets, be sure you also configure the routes.

I once used my laptop to give the desktop wireless access to the internet. I used the 192.168.1.0/25 and 192.168.1.128/25 subnets, so my setup was similar to yours. I enabled IP forwarding in the Laptop and setup the routes.

It didn't work, however, until I modprobed the "tcp_conntrack" ( It might have been called ip_conntrack ) kernel module. I think it is called nf_conntrack now in recent kernels, so please forgive me for not remembering the old kernel module name. I don't understand why I needed to modprobe this module because I wasn't using masquerading. Note that I didn't add any firewall changes because I was using the NAT function of the router and not doing in in the laptop.

I did change the router's LAN network to 192.168.1.0/255.255.255.128.

I'm not sure what you mean by pinging dns name. If your internet IP address is registered with dns, you still can't ping it using your registered server's name from inside. Use the lan name or ip address instead.
 
Old 11-22-2007, 10:41 PM   #3
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for the quick reply. When I say I cannot ping dns name, I am referring to www.linuxquestions.org, www.google.com, www.msn.com, etc. Once I have the IP addresses of these websites, I can open Firefox, and type in http://64.179.4.146. Webpage appears as normal.
 
Old 11-22-2007, 11:49 PM   #4
MQMan
Member
 
Registered: Jan 2004
Location: Los Angeles
Distribution: Slack64 13.37
Posts: 535

Rep: Reputation: 36
Which nameservers are you using.

Is there a firewall on LAPTOP that might be blocking the DNS requests from PC.

Cheers.
 
Old 11-23-2007, 02:19 PM   #5
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Original Poster
Rep: Reputation: 0
LAPTOP has iptables running. Even when I disable iptables, I still cannot resolve names.

from PC:

[root@epc ~]# cat /etc/resolv.conf
search triad.rr.com
nameserver 24.25.5.150
nameserver 24.25.5.149
[root@epc ~]# ping www.linuxquestions.org
ping: unknown host www.linuxquestions.org
[root@epc ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:01:02:07:1D2
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::201:2ff:fe07:1dd2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:559 errors:0 dropped:0 overruns:0 frame:0
TX packets:431 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54850 (53.5 KiB) TX bytes:46268 (45.1 KiB)
Interrupt:3 Base address:0xcf80

[root@epc ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
default 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
[root@epc ~]#



From LAPTOP:
[root@omni6k ~]# ping www.linuxquestions.org
PING www.linuxquestions.org (64.179.4.146) 56(84) bytes of data.
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=1 ttl=45 time=41.7 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=2 ttl=45 time=42.9 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=3 ttl=45 time=43.9 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=4 ttl=45 time=44.3 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=5 ttl=45 time=44.5 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=6 ttl=45 time=42.4 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=7 ttl=45 time=41.6 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=8 ttl=45 time=42.4 ms

--- www.linuxquestions.org ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 16109ms
rtt min/avg/max/mdev = 41.688/43.011/44.569/1.062 ms
[root@omni6k ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:04:75:19:90:57
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::204:75ff:fe19:9057/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:442 errors:0 dropped:0 overruns:0 frame:0
TX packets:590 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49000 (47.8 KiB) TX bytes:57178 (55.8 KiB)
Interrupt:10 Base address:0xe400

[root@omni6k ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:02:2D:2D:CD:25
inet addr:192.168.1.103 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::202:2dff:fe2d:cd25/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8288 errors:12 dropped:12 overruns:0 frame:12
TX packets:4978 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10496008 (10.0 MiB) TX bytes:1052301 (1.0 MiB)
Interrupt:3 Base address:0x100

[root@omni6k ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
[root@omni6k ~]#


---------------------------------
From PC, when I ping www.linuxquestions, i see the following in Wireshark:
Name: www.linuxquestions.org.triad.rr.com

triad.rr.com is appended to every query that is put out.

If I edit /etc/resolv.conf and remove the search triad.rr.com, the DNS queries are submitted properly, but the response is never forwarded back to PC.

I will attempt to save and post the screenshot from the Wireshark capture.
 
Old 11-23-2007, 02:22 PM   #6
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Original Poster
Rep: Reputation: 0
Just realized I cannot post attachments yet.
 
Old 11-23-2007, 03:59 PM   #7
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292

Rep: Reputation: 46
How does your router know to send traffic for 192.168.2.x to your laptop?

Either
  • you have to add that route to your router (and to every pc in 192.168.1.x that you want to be able to communicate with 192.168.2.x) -- don't know if that is possible with the Linksys router, though.
  • or your laptop will have to masquerade the 192.168.2.x subnet.
(You can also do a mix: masquerade all traffic to router/Internet, but add routes to all pcs in 192.168.1.x)

Frankly, I'm baffled how you were able to get anything through at all so far.

As to DHCP: The sensible (and probably only possible) solution is to make your laptop the dhcp server for the 192.168.2.x network. (Because your Linksys will most likely never even know of the existence of that network)

Rupert
 
Old 11-23-2007, 05:31 PM   #8
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Original Poster
Rep: Reputation: 0
I'm not as much concerned with PCs on the 192.168.1.1 network seeing the 192.168.2.0 network as much as I am trying to get the 192.168.2.0 network to see the Internet.

How would I masquerade the 192.168.2 subnet?
 
Old 11-23-2007, 05:52 PM   #9
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292

Rep: Reputation: 46
e.g.
Code:
iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j SNAT --to 192.168.1.103
If that IP address is not permanent, do instead:
Code:
iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j MASQUERADE
 
Old 11-23-2007, 06:04 PM   #10
nbowman
LQ Newbie
 
Registered: Oct 2003
Location: NC
Distribution: Redhat 9
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for the quick reply. When I tried both of these commands, I got the error message:

[root@omni6k neal]# iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j MASQUERADE
iptables v1.3.8: Can't use -i with POSTROUTING

Try `iptables -h' or 'iptables --help' for more information.

Any other suggestions?
 
Old 11-24-2007, 01:38 AM   #11
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292

Rep: Reputation: 46
Oops.
Just leave out '-i eth0'.
 
  


Reply

Tags
iptables, multihomed


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LAN/ADSL Router ping working but DNS ping fails R N Ghosh Linux - Networking 1 01-13-2006 07:44 AM
can't ping DNS wmburke Linux - Wireless Networking 7 06-08-2005 02:12 PM
Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS, and DNS Records Lookup netoknet General 1 05-09-2005 03:43 AM
ping via DNS? ryedunn Linux - Networking 3 10-11-2004 03:13 PM
Can't Ping DNS gbell72 Linux - Networking 1 10-20-2003 12:35 PM


All times are GMT -5. The time now is 04:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration