totally off topic : checked out your website and noticed you photograph landscapes (among other things). Back in the "good" old windows days I made a little "msn space" thing , chances are you might just find some nice shots of Norwegian nature there.

link : http://spaces.msn.com/members/happyhd

Why I'm I writing about a microsoft service regarding personal photos in a linux forum ?

No idea. If you (or others) check out the pictures, enjoy.

Hi Crispy,

I appreciate the kind words and you taking the time to look at the website...many hours of work went into putting that up and of course the photography...took way more time than I could even hope to measure. These days I cant get away from the computer long enough to go take any photos...arghh!

Anyways, got more questions for you. Finally got server up and running with the Mepis 3.3 SoHo software and while the server can connect, none of the computers up under it can. I have turned off the firewall, tried enabling as many settings as possible through the myriad options in Webmin panel, still no luck. cant even see the clients in the show current and expired leases area. Which I could when it was running off the cd. I installed it to the hard drive, restarted the system with no other changes and then could not see clients leases and of course no client could connect to the internet or share files. I am ready to go back to Windows....or give up on the idea of a secure network under a Linux server...

Hotshoe Tom aka Thomas Womack

I would like to help you, please (as previously suggested) post the output from the commands ifconfig, route and arp. Ifconfig output needed from both NICs on the server.

Also, did I understand your network setup correctly ?

SAR

Hi Crispy,

HEre is the text from the log files you requested. Had to figure out how to access the information and save it...I want to compare what I am sending you now with what I have saved on the hard drive for the installed system. Maybe we can see some things that need to be changed. Anyways, here is the text from each of the log files in turn when running from the CD.

arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.1 ether 00:11:95:7A:05:40 C eth0

ifconfg
eth0 Link encap:Ethernet HWaddr 00:50:FC:9C:9D:B9
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:fcff:fe9c:9db9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1018 errors:0 dropped:0 overruns:0 frame:0
TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:421200 (411.3 KiB) TX bytes:26027 (25.4 KiB)
Interrupt:10 Base address:0xcf00

eth1 Link encap:Ethernet HWaddr 00:0D:87:79:77:E2
inet addr:192.168.79.1 Bcast:192.168.79.255 Mask:255.255.255.0
inet6 addr: fe80::20d:87ff:fe79:77e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4130 (4.0 KiB) TX bytes:8909 (8.7 KiB)
Interrupt:10 Base address:0xad00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2230 errors:0 dropped:0 overruns:0 frame:0
TX packets:2230 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:390171 (381.0 KiB) TX bytes:390171 (381.0 KiB)

root@1[root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.79.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0


As I said, this is from the default CD setup...clients cannot see the server or the internet or each other. I tried disabling the firewall in webmin per another suggestion I got elsewhere and it didn't help.

Hope this gives you enough to go on, I can also send the same files as created by the installed system. You'll probably need them eventually if we can get this thing going from the CD, the installed system should be easy (HAHA).

Hotshoe Tom

now we're getting somewhere..

## Router ##

Your routers IP seems to be 192.168.0.1 , if you go into the router admin interface by typing 192.168.0.1 in a browser from the server, can you see listings of your internal network there ?

Is the router set to DHCP or static IP ?

Do your router have an option to assign some computers with a static IP while still running DHCP for the rest ? I know D-Link has this , not sure for your brand.


## Internal network ##

Do you know if any of the 8 pcs can see the router ?

I'm thinking that your pcs does't have the router as default gateway. This is set in /etc/network/interfaces on Debian. See if you have that file and what is there.
Check what the system says : type "route" in a console/terminal on one of the 8 pcs.
Post it here.

Hi Crispy,

now we're getting somewhere..

## Router ##

Your routers IP seems to be 192.168.0.1 , if you go into the router admin interface by typing 192.168.0.1 in a browser from the server, can you see listings of your internal network there ?

Yes, the Router with that address is connected to the DSL modem on one side and the server on the other. It is a D-Link DI-604. Under the WAN tab, it is set for Dynamic IP address. Under the DHXP tab, the dhcp option is turned on. I can see 3 clients connected directly to the router besides the server. Anything that is connected under the server is invisible.

Is the router set to DHCP or static IP ? The DI-604 is set to DHCP

Do your router have an option to assign some computers with a static IP while still running DHCP for the rest ? I know D-Link has this , not sure for your brand.

Yes, that is the way it is currently configured. The d-link router sees the server and shows up under fixed dhcp setting.

## Internal network ##

Do you know if any of the 8 pcs can see the router ?

No they cant. They have active leases that are being renewed, but no packet transfer from the internet is taking place. Cant see the server, cant see the internet, and mostly cant see each other. I have one machine ( a windoz xp client box ) that can see a linux client box, but when I go into samba on the linux box, it does not see the windoz box. Both have active leases on the server.

I'm thinking that your pcs does't have the router as default gateway.
This is set in /etc/network/interfaces on Debian. See if you have that file and what is there.

I tried looking at /etc/network/interfaces but got a 'permission denied' response when typed directly in a console window, and yes I was logged in as root! By using the GUI and going into Routing & Gateways under the Networking tab, I was able to set that to 192.168.0.1 from the 192.168.79.1 it was set to. Then I reran the route function on one of the 8 clients and it gave me exactly the same results ( kinda puzzling huh?), even after stopping and restarting that connection. Here is the text from the route function:

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.79.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.79.1 0.0.0.0 UG 0 0 0 eth0
Check what the system says : type "route" in a console/terminal on one of the 8 pcs.

Post it here.


Thanks for the help Crispy.... hope this gives you some idea of what to do next....

Hotshoe Tom

Ok...

There might be a little misunderstanding here, as I wrote before, have I understood your network setup correctly ?

The 8 pcs are connected to the router, but is the server between the router and the DSL connection ? (this is my impression). Or is the router directly connected to the DSL box ?


....and believe me, there is a BIG difference....

Hi Crispy,

Here is the setup:

DSL -> Dlink Router -> Server -> 8 port switch ->client
->client
->client

etc.

The Dlink addy is 192.168.0.1, not sure what the switch is...you have the other numbers. Does this help make it clearer?

Hotshoe Tom

Hi Tom

This makes things clearer indeed !

The problem is (you might have this one figured out) that the server doesn't forward packets between eth0 and eth1 , ie it's not working as a router. I will not try to explain this cause I haven't succesfully done that myself. What I do know about is a setup where your server AND the switch are connected to the router. That, btw, is something you might want to investigate... having the server as server and the router as firewall. Or route everything by the server first :

DSL --- Router --- Switch --- Clients

Server - connected to the router

That being said, the setup you want is doable, I have seen threads in here explaining it

Summary :

Your server have internet access because it find the router as default gateway at 192.168.0.1.

The clients should have the router as default gateway, but they can't get to the router cause the packets never get there. The switch doesn't know where the router is, all it sees is the clients and the server. Your server is every packet's dead end right now.

In your setup, the crucial is getting the server to act as router/gateway between your internal network and the router/DSL connection. I know this can be done with Iptables or Ipchains or 3dparty software. However, if this is how you want it, I really don't see why you need a second router (the Dlink one). Not putting you down or anything, I should have seen this before , my apologies , but I recommend having either the pc OR the router functioning as , well, router. You can use the server as firewall in addition if you want.

Some links you might like :

Linux Router Project : http://pigtail.net/LRP/
Debian Router : http://gate-bunker.p6.msu.ru/~berk/router.html
You will like this one : http://www2.linuxjournal.com/article/3546


Again, I should have seen this more clearly before.

All this said, I honestly believe that you are closer to the solution than you think.


Keep posting... I'm curious... hopefully others have more to say on this

SAR

Hi Crispy,

First of all let me say thanks for sticking with me on this one. I know it has not been easy to visualize the setup I am trying to use. There are two reasons for doing it this way. One I want all internal computers that I use and that my wife uses for our respective businesses behind a double layer of protection, that is a hardware firewall in the dlink router and the software firewall in the server. Secondly, I want a way to connect a client's computer up to my internet connection so that it cannot access the rest of our doubly protected network. This is to protect myself from any virus or other malware that might exist on the client's computer. After all, when people bring me their computer, it is because it is sick and until I get into it and figure out what is wrong, I dont want any chance of whatever it is infected with attacking any machine on the network. So there will be unused ports on the dlink router that I can use for my client's computers to access the internet behind a reasonably secure hardware firewall. Once I am sure their machine is squeaky clean, then and only then would I consider connecting it up to the internal network. As it stands now, anytime I hook up a client's computer to the network, I have to disconnect all the other machines here out of self defense.

Having said all of that, I will poke around on those links you sent me and see if I can figure out why the packets are not being passed through the server to the client machines downstream. Yeah, and you were right, I had figured out that they werent being passed, it is the WHY that puzzles me at this point. Oh well, this is a learning experience and when I finally do figure it out, I am sure it will be a simple answer, I bet I will be kicking myself.... for not having thought of it before.

I'll let you know if I get any other flashes of insight....

Hotshoe Tom....puzzled, yes, mighty puzzled...

Glad to help


Looking forward to hear about your progress on this


SAR