LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-19-2005, 09:20 AM   #1
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Rep: Reputation: 0
Building a router...


Hello everyone,
I am trying to build a linux box that assigns IP addresses on interfaces eth1 and eth0. Then is able to route traffic between them and to the internet (eth2). I have dhcp set-up and working, but I can't figure out how to get my box to forward requests from eth0 and eth1 to the internet. I can get internet from eth2, what I am pretty sure I need to do is configure port forwarding in some way. I need to get DNS to work as well. Here's my information...

Currently assigned IP addresses/setup...

Internet
|
D-Link Router= 192.168.0.1 --- Other PC's
|
Switch --- Other PC's
|
Linux PC
eth2= 192.168.0.102
eth1= 192.168.2.1 --- PC 192.168.2.99
eth0= 192.168.1.1 --- PC 192.168.1.99

Here is my new dhcp.conf...

Code:
##########################################################
#
# DHCP CLIENT CONFIGURATION SETTINGS
#

# use ad-hoc style name server updating procedures
ddns-update-style ad-hoc;
option domain-name "jasons-dhcp-server.com";

#assign the remote dhcp server hostname/ip addresses
option domain-name-servers 192.168.1.1, 192.168.2.1;

##########################################################
#
# DHCP SERVER CONFIGURATION SETTINGS
#

# assign the defaul lease time (seconds)
default-lease-time 600000000;

# assign the max lease time (seconds)
max-lease-time 720000000;

# eth0 subnet configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.2 192.168.1.99;
  option routers 192.168.1.1;
  option broadcast-address 192.168.1.1;
}

# eth1 subnet configuration
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.2 192.168.2.99;
  option routers 192.168.2.1;
  option broadcast-address 192.168.2.1;
}
Of the dhcp3-server file...

Code:
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/dhcp3-server by the maintainer scripts

#
# This is a POSIX shell fragment
#

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0 eth1"
Now, after some playing around dhcp works! However, that's only half the battle. I want the connecting PCs to be able to access the internet. After troubleshooting a bit I have found that when pinging 192.168.0.1 I can only get as far as eth2 (192.168.0.102).

I have tried enableing ip forwarding and proxy arp on all the interfaces and adding routes but to no avail.

Here are what my routes are currently...

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth2
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth2
I am very grateful for your help.
 
Old 11-19-2005, 09:44 AM   #2
nonzero
Member
 
Registered: Feb 2005
Distribution: Debian FC4 LFS Slackware
Posts: 174

Rep: Reputation: 31
A look at your host.conf, resolv.conf, hosts.allow, and hosts.deny might be helpful.

nz
 
Old 11-19-2005, 10:09 AM   #3
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Original Poster
Rep: Reputation: 0
Of course....

host.conf
Code:
order hosts,bind
multi on
resolv.conf
Code:
search rochester.rr.com
nameserver 192.168.0.1
hosts.allow, not anything really...
Code:
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5), hosts_options(5)
#                   and /usr/doc/netbase/portmapper.txt.gz
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and
# /usr/share/doc/portmap/portmapper.txt.gz for further information.
#
hosts.deny, not much again
Code:
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5), hosts_options(5)
#                  and /usr/doc/netbase/portmapper.txt.gz
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/portmap/portmapper.txt.gz for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.

# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
Hope that helps.



Last edited by THE RADICAL; 11-19-2005 at 05:45 PM.
 
Old 11-19-2005, 05:45 PM   #4
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Original Poster
Rep: Reputation: 0
Update: After some more troubleshooting, I have determined that when I ping the main router (192.168.0.1) the packet is forwarded by eth2 onto 192.168.0.1, it's just that when 192.168.0.1 responds to the request the packet goes to 192.168.0.102 (eth2), and then gets dropped.

So my question is, how do I get incoming requests to direct themselves to the actual sender, instead of the exiting interface (eth2)?

That seems to be my hitch for now, please help!
 
Old 11-19-2005, 09:29 PM   #5
nonzero
Member
 
Registered: Feb 2005
Distribution: Debian FC4 LFS Slackware
Posts: 174

Rep: Reputation: 31
These are a little dated but may help.

http://www.linuxgazette.com/issue36/tag/a.html
http://www.bitzenbytes.com/Content-Arcanum-18-1-20.html

Looks like a classic routing problem to me.

nz
 
Old 11-20-2005, 10:35 AM   #6
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Original Poster
Rep: Reputation: 0
I'm not sure,

I've checked my addressing scheme, netmasks and gateways and from my understanding I believe those settings are ok. I really think that the problem lies with eth2 for some reason not knowing what to do with incomming packets on the internal LAN.

For possible solutions I was thinking about adding a route or some iptables script? Unfortunately I am relatively new at doing both. I remember using an iptables script from http://www.aboutdebian.com/proxy.htm that actually worked for one of the interfaces (eth0 or eth1) but would not work for them simutaniously.

Is there a script or a route I can add to help eth2 to understand where to send incomming requests from PC's behind this router?

-Cheers
 
Old 11-20-2005, 09:51 PM   #7
nonzero
Member
 
Registered: Feb 2005
Distribution: Debian FC4 LFS Slackware
Posts: 174

Rep: Reputation: 31
See 'man traceroute', specifically the -s option, as in;
%>traceroute -s 192.168.0.102 192.168.0.1, and
%>traceroute -s 192.168.0.102 192.168.2.99. You get the idea.
I think you will get a 'timeout' or 'network unreachable on one of these.

My personal preference is static routes initially until I get a feel for what the topology is going to be. I then implement DHCP with this information. Sure, it's more typing but I get a better feel for where the packets are going. But, my networks are small, less than 20 nodes. I am not a professional network engineer, yet, so complicated Visio or Dia network maps are not in my toolbox either.
Is this a mixed *nix/Windows network? How do the machines directly off the D-Link router perform? Exactly how many nodes (machines) are on this network?

nz

EDIT: Saw this below your thread: http://www.linuxquestions.org/questi...hreadid=384888

Last edited by nonzero; 11-20-2005 at 09:57 PM.
 
Old 11-21-2005, 11:45 AM   #8
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Original Poster
Rep: Reputation: 0

I get a timeout on the following (as expected)

traceroute -s 192.168.1.1 192.168.0.1
traceroute -s 192.168.2.1 192.168.0.1

I was thinking that static routes would be a solution as well, however my D-Link doesn't support it. I think my only option is to use NAT. I have never worked with NAT though but I need to somehow mask requests coming from behind my linux box with the outgoing IP 192.168.0.102, so that my router knows what to do with them. Then when they come back to the linux box, eth2 takes off the mask and moves them along.

Any idea on how to do this?

Here's the break down of my network...

D-Link ------ PC1 (DHCP) WinXP
|
|
Switch ------- PC2 (DHCP) WinXP
|
|
|
Linux Router (Ubuntu)
|
L eth2 192.168.0.102
L eth1 192.168.2.1 ---------- PC (DHCP) Win98
L eth0 192.168.2.1 ----------- PC (DHCP) WinXP

Your probably asking yourself, why doesn't he link up to the d-link or the switch, instead of going through all that. Answer is cause I want to learn hehe.

Cheers

Last edited by THE RADICAL; 11-21-2005 at 11:47 AM.
 
Old 11-21-2005, 04:35 PM   #9
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
first off, these:
Quote:
# eth0 subnet configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.99;
option routers 192.168.1.1;
option broadcast-address 192.168.1.1;
}

# eth1 subnet configuration
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.99;
option routers 192.168.2.1;
option broadcast-address 192.168.2.1;
}
should be:
Code:
# eth0 subnet configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.2 192.168.1.99;
  option routers 192.168.1.1;
  option broadcast-address 192.168.1.255;
}

# eth1 subnet configuration
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.2 192.168.2.99;
  option routers 192.168.2.1;
  option broadcast-address 192.168.2.255;
}
But, to address your issue, It appears that your router at 192.168.0.1 doesn't know how to talk to the 192.168.1.0 and 192.168.2.0 networks. There are two ways I can think of to fix this, I've done both.

One is to manually set up routes on the [D-link?] router to the two networks:
route add net 192.168.1.0 gw 192.168.0.102
route add net 192.168.2.0 gw 192.168.0.102
I may have the syntax wrong, but the comparable Linux commands are something like that, unfortunatly your D-Link probably uses a different syntax and may have a way to add routes buried in the web GUI somewhere.

The other option is to turn on NAT on the Linux box, so that everything coming out the 192.168.0.x interface looks like it's coming from that network. the raw IPTABLES commands look something like:
Code:
  iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
  iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
  iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
  iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
## SNAT (MASQUERADE) functionality on external int
  iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
## Enables packet forwarding by kernel
  echo 1 > /proc/sys/net/ipv4/ip_forward
the above code may need to be tweaked for your setup, or there may be an option in whatever interface you use to configure your firewall to add this in.
 
Old 11-21-2005, 07:04 PM   #10
nonzero
Member
 
Registered: Feb 2005
Distribution: Debian FC4 LFS Slackware
Posts: 174

Rep: Reputation: 31
Quote:
option broadcast-address 192.168.1.255;
oops, missed that!

Quote:
unfortunately your D-Link probably uses a different syntax and may have a way to add routes buried in the web GUI somewhere.
My ISP sent me a Westell modem for my home DSL connection and at first I thought it was a piece of junk until I started configuring it. It does static routing setup easily through it's web interface and DHCP configuration and firewalling are even easier. I agree with Darin that the IPTables/NAT method would be your ticket if you can get the right configuration. Do you happen to have Webmin installed on the Linux router? IMHO - a lot of good tools in one package.

Don't rule out problems with WINXP's firewall configuration.

nz
 
Old 11-21-2005, 08:33 PM   #11
THE RADICAL
LQ Newbie
 
Registered: Sep 2003
Location: NY
Distribution: Ubuntu
Posts: 14

Original Poster
Rep: Reputation: 0
Thanks for the help everyone.

I was able to use an IP Tables script and tweak it a bit to get this to work. This site offered some great reading.

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Building a Debian router silver05 Linux - Networking 7 12-22-2005 01:56 AM
Advice on Router-Building JamesGolick Linux - Wireless Networking 1 05-17-2005 09:22 PM
Building a router, need to buy a little router case. gian2oo1 Linux - Hardware 4 04-22-2005 03:18 PM
Building up a router-firewall on Slackware 9.1 ZeiP Linux - Networking 1 02-11-2004 07:09 PM
Building a linux router ra5467 Linux - Networking 1 09-17-2003 06:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration