Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have 3 Linux RH 9 machines in my LAN.
I want to access internet on all the 3 machines.
Till now i am able to access all machines but not the internet. Internet is available only on 1 machine in which i have 2 NIC's. One is from my ISP and other is local lan card.
Can any body suggest my how to bring internet on all the 3 machines.
If IP tables is the solution, then please tell me how to configure those tables.
IP add of my server machine is 192.***.*.1
IP address of my ISP 10.*****
DNS =61.******
Common gateway=10.******
eth0 is my Local lan
eth1 is for internet distribution
in my eth1 i have statically given the IP info of my ISP and in route, i have given all the IP address of 3 machines in the destination Network and given the gateway of my ISP.
In eth0 ie Local Lan, I have given IP address of my machine statically instead of automatically obtain becoz in automatic connection i could activate my eth0.
Now with these settings i am only able to get internet on my machine with 2 NIC's but i can ping all of my 3 machines on the lan
I am having problems with the DSL router ( Cisco 678 ).
What I have done is split my home network up into 2 networks, and insecure one and a securre one. Looking from the Internet, here is the setup I am using while testing the firewall router:
Test setup:
DSL Line->Cisco 678 -> Switch ( 10.0.0.0/24 network ) -> Firewall eth0 -> Firewall eth0 -> test computer eth0 ( network is 10.0.1.0/24 ) .
I have a laptopn on 10.0.1.0/24 and a workstation on 10.0.0.0/24 and they can ping/ssh each other with no problems. The only problem I have, at the moment is the while all the computers on 10.0.0.0/24 network can ping the router and be pinged by it , the lapt and router are not communicating at all. I set up the router to route packets for the 10.0.1.0/24 network the same way I set up the workstation ( which is on the same network as the router ), but it just gives me a timeout. It can ping the firewall/router interface on its local network, but either it isn't using the fw/router to route packets for the 10.0.1.0/24 network, or the fw/router is refusing to route them. The second isn't very likely since it is routing for all of my linux workstations.
To recap , from my workstation I can ping the DSL router, both nic's in the linux FW/Router, and the laptop the is connected to the fw/router. From my DSL router, I can ping all interfaces on its network, but cannot ping the fw/router eth1 ( 10.0.1.0/24) interface nor the laptop on that interface.
Also note that I have turned off all of my DSL routers filters and stopped all IPTables services on the linux machines to simplifiy troubleshooting.
Any ideas? My plan is to have a setup like this:
DSL Line->Cisco 678 -> Firewall eth0( 10.0.0.0/24 network ) -> Firewall eth0( 10.0.1.0/24 network ) -> switch -> all of my computers ( 10.0.1.0/24 ) .
Here are a few routing tables:
laptop ( that pings everything except the DSL router )
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 10.0.1.1 255.255.255.0 UG 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
workstation ( same as laptop but it can ping the DSL router )
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.1.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth0
192.168.0.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
DSL Router
[TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF] [AGE]
0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 0
10.0.0.0 255.255.255.0 0.0.0.0 1 LA ETH0 0
10.0.1.0 255.255.255.0 10.0.0.2 2 SAR ETH0 0
66.0.0.0 255.0.0.0 0.0.0.0 1 A WAN0-0 0
FirewallDestination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
For now I am going with a workaround that I found - transparent bridging.
So what I did it made the firewall system transparent to my network, it copies everything in between the two interfaces, and filters the packets as they pass through. It doens't even need an IP address!
After you are done, you will only have access to the firewall from the keyboard/mouse connected to it, but it can be dangerous to try and remotely configure firewall rules anyhow ( you could disconnect yourself accidently and not get back in! ). One note is that older kernels ( older than 2.4-18, I presume ) did not have bridging capability enabled by default, but the kernel that came with Mandrake 9.1 did, so all I needed to install were the bridging tools referenced above.
I read somewhere that the downside of transparent bridging is you can only process incoming packets and not outgoing ones. I will put that to the test in a bit .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.