Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, yesterday, after about 10 hours of working on it, I finally got my slack box set up as a firewall. It was working this morning and late last night.
It's noisy though, and I thought it was the PS fan, so I tore everything apart and replaced the fan with a 34mm x 60mm on that's quieter.
Turns out it was the HDD making all the noise anyway.
Anyway! I plugged everything back in, and guess what! Nothing works!
I can ping the internet from my linux box, I can't seem to ping my LAN with a
Code:
ping 192.168.0.1
, I get a Destinationhost unreachable, and I get that ever popular, Request Timed Out when attempting to ping eth1....192.168.1.1 from my XP machine.
I changed NOTHING software-wise. What is going on?!
root@iceberg2:/etc# cat dhcpd.conf
#dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
# Global options
default-lease-time 3600; # 24h
max-lease-time 86400; # 24h
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.150; #obviously the range of ips to use
option subnet-mask 255.255.255.0; #subnet mask to give to dhcp client
option broadcast-address 192.168.1.255; #broadcast address to give client
option routers 192.168.1.1; #this is your router (eth1 if you configure it like above)
option domain-name-servers 128.95.120.1; #uncomment this and add your isp's dns server
#option domain-name-servers 192.168.1.1; #unless your like me and have your own or have a second one
option domain-name "glacier.ice"; #this is the domainname that will be given out
}
ddns-update-style ad-hoc;
Like I said, I'm pretty sure everything is the same as it was yesterday...
I'm running MonMotha's 2.3.8, does everything look right?! I'm sort of thinking it has something to do with the forwarding in rc.netshare.
I added both rc.netshare and rc.firewall to my rc.local so they boot on startup...
I have no idea what all the errors are for LO and eth0.... I assume the errors for eth1 are from trying to ping my lan, but I just rebooted the linux box, soooo...
Well, you should be able to do ping from a 192.168.1.x machine to this machine. Masquerading comes into picture when you try to go to internet from 192.168.1.x machine.
Make sure that you do ping from 192.168.1.x and not 192.168.0.x (I assumed that was a typo from your side)
Just in case, if masquerading gives trouble, see if this works:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 128.208.38.213
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Well, as long as you are not routing, you can use any IP you feel like to communicate on the same subnet. Once you care about accessing other networks ( routing packets from one network to another ), you have to start caring. The are may classes of IP addresses, but for now just think of them as being public or private. Public IP's are routable by Internet routing devices ( routers! ), and Private IP's are not. Private IP's are separated into 3 groups of networks, 10.0.0.x, 172.168.17-31.x , and 192.168.0.x , where the "x" denoted that parts that can change. 192.168.0.x is particularly popular for home network as it supports 254 devices, which is plenty in most cases.
Now, for computers on your home network ( say, 192.168.0.x ), to communicate with each other it needs to know 3 things, and I will explain each in turn:
IP Address - this is how it can know if data is meant for it or not. The process is a bit more involved than that, but to keep it simple, the IP address uniquely identifies the computer on the network.
Subnet Mask: this tells the computer how much of it's IP address is the network address, and how much of it is unique to the computer. i.e. if the computers IP address is 192.168.0.1, then the mask of 255.255.255.0 tells it that the "192.168.0" part is the network address, and the "1" part is the computers address on that network.
Gateway: The "gateway" connected the computer's local network to another network. It is also called a router. A router can route data between multiple networks, and it keeps getting more complicated from there. Just know that if the computer needs to send data to computer that is not on it's local network, then it has to send that data to the "gateway" to get it there. The subnet mask also comes into play here. When the computer prepares to send data out, it needs to know if the destination is on its local network, or on another network, so that it can either send it directly or through the gateway. So, what it does is us the subnet mask against the destination IP address to see if it is on the same network or not. So it needs to send data to 24.102.16.48, by using it's subnet mask, it sees the network is 24.102.16 ( note that the dest computer could have a different mask it uses ). which does not match 192.168.0 , so the data is sent through the gateway.
You can configure a computer to be it's own gateway, and then it assumes all destination are local and can communicate with it's neighbors, but nothing else. There are exceptions to this, but I am trying to keep it simple.
IP Masquerading comes into play ( mostly ) when computers on a private network need to access a public network. Since the private IP addresses are purposely not routed by Public routers, the private IP's are translated or masqueraded into one or more public IP addresses, this is also known as NAT ( network address translation ), and the device that performes this service keeps all the translations straight so data goes out and is returned to the correct systems. A cool thing about Linux is that it can easily do NAT,Firewall, and Routing functions.
All my relevant files are up there, I believe, are they not correct?
As of now, I'm leaning towards a problem with the DHCP leases, rather than actual configuration issues.
Umm, just to get this strait, my setup looks like:
.............X- Internet
..............|
..............X - Linux box/firewall/dhcp/etc
...............|
.......----------------
.......|...................|
......XP box.........Roommate's box
I can ping from Linux to internet, but I don't get the correct 192.168.x.x ip from the linux box on my XP machines, and I can't access the internet through the linux box
Originally posted by Diademed I can ping from Linux to internet, but I don't get the correct 192.168.x.x ip from the linux box
on my XP machines, and I can't access the internet through the linux box
On your XP box, please post the output of:
route print
Also, your dhcpd.conf file looks like it has a type-o. Look at the subnet definition
Code:
subnet 192.168.1.0 netmask 255.255.25.0 {
Based on how your linux box is configured the netmask should be 255.255.255.0
Originally posted by scowles On your XP box, please post the output of:
route print
Also, your dhcpd.conf file looks like it has a type-o. Look at the subnet definition
Code:
subnet 192.168.1.0 netmask 255.255.25.0 {
Based on how your linux box is configured the netmask should be 255.255.255.0
I noticed that too..... thing is, it worked with the 255.255.25.0... it was a copy and paste job from another thread. Sorry it took so long, I've half given up on this.
Argh! it worked before!
I think it's an issue with my DHCP leases, if I haven't said that before, it worked for almost exactly one day, then quit.
Okay... this is long... after a ipconfig /release ipconfig /renew combo, route print reads:
Son of a gun, I hope it doesn't autoformat my message, or else I'll have to come back and redo all those spaces with periods!!!
haha, too bad there's no copy and paste in cmd apparently!
anyway, hope this helps.... looks a little conveluted to me, natural instinct says purge it and start over to see if it works. Let me know if I should.
Cheers,
-Dia
EDIT: Argh! Autoformat!
But then again, my roommates computer didn't work when connected to it either... soooooo
Based on the output of the route print, your XP box is not on the same subnet as your linux box. i.e. Where is the 192.168.1.0/24 network. In fact, the only IP configuration shown is the ZEROCONF stuff (169.254.0.0). Which is the default network address when a winders box cannot contact a DHCP server on bootup.
Looks like you need to either resovle the problems with your DHCP server -or- manually configure your XP box to be part of the same subnet as your linux box.
I'd much rather 'resolve my dhcp server', but I'm mostly lost there, and judging from the volume of posts, so are plenty of people. I have an idea on what to do to set my XP box to that subnet, but is there a reason that my dhcp isn't working?
Can you help me with either of thoese, scowles?
It used to!
Work, I mean. For 1 day.
But then, that means nothing, doesn't it?
EDIT:
You say it can't find it on bootup.... I changed cables and did an ipconfig /release /renew while my machine was running....
Would it change anything if I changed the cables and THEN rebooted:?
Now that I think about it, that's what I had to do to get it back to how it is now.....
Pardon me for poking in. On one hand you wish to say you would like to connect from 192.168.x.x and then you say your subnet mask is 255.255.255.0. Shouldn't subnet mask be 255.255.0.0.?
my lan; my xp box, is connected (not now, but I if it were working, it would be) to my Linux box, so my XP machine should have an 192.168.x.x addy assigned to it. my linux box should have whatever my university dhcp server assigns to it.
are you saying eth1 should have a submask of 255.255.0.0?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.