Slackware server / router setup?

pwatk · 08-06-2010, 05:22 AM

Hi,

Before I start, here is my network diagram:

Code:

 ____________                            192.168.2.1 ____________
[Workstations]<============== wifi ================>[Modem/Router]
|            |             ___________              |  /w DHCP   | 
|            |            [  Server   ]             |  disabled  |
[____________]<=====> eth0|<= dhcpd =>|wlan0 <=====>[____________]
               192.168.1.1|           |192.168.2.254
                          [___________]

The modem/router (on the right) is providing internet and wifi access to the network and due to it's location (which isn't changing) it can only be accessed via wifi.

The server (in the middle) is connected to modem/router (wlan0) and is currently acting as a DHCP server for all devices connected directly to the modem/router or the server's ethernet port (eth0) but on separate subnets. I tried to do this with one subnet but that didn't seam to be such a good idea.

Eventually, I want the server to perform a number of different tasks including acting as a file server for everyone and PXE boot server for anything connected to the ethernet port. I would also like everyone to be able to be able to communicate with each other as well as the server regardless of their connection (via the modem/router (wifi) or direct to the server via ethernet).

This brings me to my first problem...

With my current setup I can ping 192.168.1.1 and 192.168.2.254 from my laptop connected to eth0 (via a crossover cable) but I cannot ping 192.168.2.1 (the modem/router).
I have ip forwarding enabled (via rc.ip_forward) and dhcpd is providing ip addresses for both subnets.

How can I route traffic destined for the internet (and/or other machines connected to the modem/router) from a machine connected to the ethernet port on the server?

Here is my config:

ifconfig:

Code:

eth0      Link encap:Ethernet  HWaddr **:**:**:**:**:**  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::201:2eff:fe27:aea3/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:113 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:10396 (10.1 KiB)  TX bytes:7317 (7.1 KiB)
          Interrupt:21 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:304 (304.0 B)  TX bytes:304 (304.0 B)

wlan0     Link encap:Ethernet  HWaddr **:**:**:**:**:** 
          inet addr:192.168.2.254  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::224:23ff:fe09:1458/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1115 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1085 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:88500 (86.4 KiB)  TX bytes:99574 (97.2 KiB)

route -n:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.2.1     0.0.0.0         UG    1      0        0 wlan0

/etc/rc.d/rc.inet1.conf:

Code:

# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").

# You can configure network interfaces other than eth0,eth1... by setting
# IFNAME[interface] to the interface's name. If IFNAME[interface] is unset
# or empty, it is assumed you're configuring eth<interface>.

# Several other parameters are available, the end of this file contains a
# comprehensive set of examples.

# =============================================================================

# Default gateway IP address:
GATEWAY="192.168.2.1"

# Config information for wlan0:
IFNAME[0]="wlan0"
IPADDR[0]="192.168.2.254"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]="no"
WLAN_ESSID[0]=********
WLAN_MODE[0]=Managed
WLAN_RATE[0]="54M auto"
WLAN_WPA[0]="wpa_supplicant"
WLAN_WPADRIVER[0]="wext"

# Config information for eth0:
IFNAME[1]="eth0"
IPADDR[1]="192.168.1.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]="no"

/etc/dhcpd.conf:

Code:

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
ddns-update-style none;

# Default lease is 1 week (604800 sec.)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 sec.)
max-lease-time 2419200;

#From Ethernet
subnet 192.168.1.0 netmask 255.255.255.0 {
    option broadcast-address 192.168.1.255;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 192.168.1.1;
    option routers 192.168.1.1;
    range 192.168.1.2 192.168.1.100;
    # Allow bootp requests
    allow bootp;
    # Point to the TFTP server:
    next-server 192.168.1.1; 
    range dynamic-bootp 192.168.1.101 192.168.1.150;
    if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
      filename "/slackware-13.1/pxelinux.0";
    }
}

# To Router
subnet 192.168.2.0 netmask 255.255.255.0 {
    option broadcast-address 192.168.2.255;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 192.168.2.1;
    option routers 192.168.2.1;
    range 192.168.2.2 192.168.2.100;
}

bgeddy · 08-06-2010, 08:40 AM

I had a similar setup some years ago and used iptables to look after the NAT side of things. There are lots of references available to set this up and to be honest it was quite a while ago and I can't remember the specifics. Try searching a combination of the terms iptables, router, nat, masquerade for more information. Alien Bob's easy firewall generator is a useful starting point too. Regarding iptables Oskar Andreasson's tutorial is considered one of the best.

LVsFINEST · 08-06-2010, 08:10 PM

Try adding a static route such as:

Code:

ip route add 192.168.1.0/24 via 192.168.2.1 dev wlan0

pwatk · 08-07-2010, 02:26 AM

I assume that would equate to:

Code:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1 dev wlan0

GazL · 08-07-2010, 06:05 AM

Quote:

Originally Posted by LVsFINEST

Try adding a static route such as:

Code:

ip route add 192.168.1.0/24 via 192.168.2.1 dev wlan0

That doesn't look right to me. You can't access 192.168.1.0/24 via the wifi router.

Ok, lets redraw the topology map. If I'm understanding the situation correctly this is what the OP is actually trying to do:

Code:

                                                     (  WAN  )
                                                         |
                                                         |
                                           ---------------------------------  
                                           |      Modem / Wifi Router      |
                                           |     wlan0   |      wired      |
                                           | 192.168.2.1 | ???.???.???.??? |
                                           ---------------------------------
                                                  |               |
                                                  |               |
                                                  |        < --------  (wired ethernet unconnected) ------- >            
                                                  |
                                                  |
< ------------------------------------------------------- (wifi subnet 192.168.2.0/24 ) ------------------------- >
               |                                      |                                                     |
               |                                      |                                                     |
    -------------------------               -------------------------------                   ----------------------------
    | 192.168.2.254 (wlan0) |               | 192.168.2.???               |                   |       192.168.2.???      |
    |        Server         |               |   multi-homed workstation(s)|                   | wifi only workstatiom(s) |
    |        DHCPD          |               |              192.168.1.???  |                   ----------------------------
    | 192.168.1.1   (eth0)  |               -------------------------------
    -------------------------                                    |
               |                                                 |
               |                                                 |
< --------------------------------------------- (wired ethernet/crossover subnet 192.168.1.0/24 ) --------------- >
                                         |
                                         |
                               ----------------------------
                               | 192.168.1.???            |
                               | wired only workstation(s)|
                               ----------------------------

When you look at this the situation becomes clearer. My guess is that your ping is failing because you've forgotten to tell your wifi router to use 192.168.2.254 as the gateway for 192.168.1.0/24. Without a route It'll just send the reply out the default gateway.(which will be out over the WAN)

pwatk · 08-07-2010, 02:40 PM

Quote:

When you look at this the situation becomes clearer. My guess is that your ping is failing because you've forgotten to tell your wifi router to use 192.168.2.254 as the gateway for 192.168.1.0/24. Without a route It'll just send the reply out the default gateway.(which will be out over the WAN)

Thanks for your reply.

I thought this could be solved with a static route but I thought I'd have to set this on the server. I'm not exactly sure how I would set this on my Belkin modem/router.

GazL · 08-07-2010, 03:40 PM

Time to read through its manual then.

I'll be very surprised if it doesn't allow at least a few static routes to be entered. If I remember rightly, my linksys wrt allows for 10 of them.

Your only other option would be to use the server as the default gateway for all the workstations on the .1 subnet and have the server do NAT.

pwatk · 08-07-2010, 08:01 PM

Well I figured out I could telnet to a shell on the router.

I added what I thought would be the correct route:

Code:

route add 192.168.1.0 255.255.255.0 192.168.2.254

...bearing in mind the only options are:

Code:

route [add|delete] IP NETMASK GATEWAY INTERFACE

Still no joy

but I learnt something in the process

Looks like I'm gonna get to know iptables/netfilter sooner rather than later (thanks for the links bgeddy

). That's not a bad thing though I primarily built the server to learn with anyway.

GazL · 08-08-2010, 04:17 AM

With that addition (assuming that's all you have to do to make the change take effect on your belkin) everything you've posted looks to be correct to my eyes.

The only things I can think of now are just to check that what you've configured is actually taking place.

cat /proc/sys/net/ipv4/ip_forward

to confirm that forwarding is enabled (it should be "1")

iptables -vL

to check that forwarded packets aren't being dropped because of some existing firewall rule.

Check that the laptop is using the correct network settings it is being served by dhcp from the server and silly stuff of that nature.

Best of luck.

pwatk · 08-08-2010, 07:42 AM

IP forwarding is enabled and there are no firewall rules set (everything says "policy ACCEPT").

I forgot to issue the `save' command in the router but it made no difference when I did.

After reading this post [linuxhomenetworking.com] I'm wondering if it has something to do with my dhcpd.conf or rc.inet1.conf.

pwatk · 08-10-2010, 01:41 PM

Ok some things are working and others aren't.

I currently have these two routes set in the modem/router:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     192.168.2.254   255.255.255.255 UGH   1      0        0 br0
192.168.1.0     192.168.2.254   255.255.255.0   UG    1      0        0 br0

The first route was an accident that I thought I had removed but appeared again after rebooting the router.

However, I am now able to ping the router and view it's browser interface from the 192.168.1.* subnet but I still can't access the internet.

I assume having both these routes set isn't probably helping. Which one should I remove?

Thanks.

GazL · 08-10-2010, 01:55 PM

Get rid of the top one. it's got the wrong netmask.

pwatk · 08-12-2010, 12:28 PM

Still no joy.

I'm wondering if I need to set another route or if I need to start delving in to iptables/netfilter

I grabbed my wifes laptop and done a traceroute from both directions (this is something else I need), these were the results:

My laptop on the 192.168.1.* subnet:

Code:

# traceroute -I 192.168.2.4
traceroute to 192.168.2.4 (192.168.2.4), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.157 ms  0.151 ms  0.148 ms
 2  192.168.2.4 (192.168.2.4)  3.784 ms  4.854 ms  4.859 ms

My wife's laptop on the 198.168.2.* subnet:

Code:

# traceroute -I 192.168.1.2
traceroute to 192.168.1.2 (192.168.1.2), 30 hops max, 40 byte packets using UDP
 1  192.168.2.1 (192.168.2.1)  1.526 ms   0.976 ms   0.887 ms
 2  192.168.2.254 (192.168.2.254)  2.594 ms   2.487 ms   3.443 ms
 3  192.168.1.2 (192.168.1.2)  2.694 ms   2.941 ms   2.486 ms

Everything seams ok but does this look correct, should the default gateway be the first hop here?

Code:

# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=8.04 ms
From 192.168.2.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.2.254)
64 bytes from 192.168.1.2: icmp_seq=2 ttl=63 time=2.57 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=63 time=1.93 ms

This is what I see if I ping my laptop. I assume this just means the static route is working. Would it be wise to place a route in the other direction?

Proposed route using my routers syntax:

Code:

route add 192.168.2.0 255.255.255.0 192.168.1.1

Thanks again.

GazL · 08-12-2010, 02:00 PM

Those first 2 traceroutes and the ping look to be working just fine and are exactly what I'd expect to see. All your local routing seems ok and you shouldn't need any additional routes adding to anything. The redirect is because the workstations on the 2.0 subnet don't know to use 2.254 and 2.1 tells them about it. You could avoid the redirect by adding a "route add 192.168.1.0 255.255.255.0 192.168.2.254" to each of your workstation/laptops on the 2.0 subnet but its a lot of trouble to go to and I don't believe it is necessary.

If you can access your wireless router from the 1.2 machine but you can't access the internet beyond it, then it's possible that your wireless router isn't doing the NAT translation properly for the 1.0 subnet. If that's the case then you could probably work around it by setting your server box to do it's own NAT translation and then your wireless router will think everything is coming from 2.254. But I'm pretty much guessing here as I don't know anything about the NAT setup inside the belkin routers.

pwatk · 08-12-2010, 04:41 PM

Thanks GazL, you've been an absolute legend helping me narrow this down

.

I'll see what I can find out about the router and start learning how to use iptables. I've been meaning to spend some time on it anyway.