Can't ping internal IP

zinger299 · 06-27-2003, 05:29 PM

Hi,

I've been trying to set up my network here with a Linux 8.0 box as a gateway to the Internet through DHCP and a second internal NIC card to connect to the internal network. I am currently trying to set up IP masquerade (see the linux documentation project HOW-TO's). I have given my second Linux NIC the IP of 192.168.0.1. I then tried to put into my Windows XP computer the static IP of 192.168.0.2 with a gateway address of 192.168.0.1 and netmask 255.255.255.0. However, I can't seem to even ping 192.168.0.1 from my XP box. It just times out. I don't know what to put for the nameservers for the XP box... I have a feeling this is a really stupid problem, so maybe someone can give me a really simple answer? :-D I hope so...

Thanks!

cropcircle · 06-27-2003, 06:15 PM

On the Linux box :
- Can you ping itself - "192.168.0.1" ?
- How does the routing table look like on the Linux box?
(use "netstat -rn" on the Linux box).
- What does the command "/sbin/ifconfig -a" say?
- Is the subnet mask the same as on the Windows box?

On the Windows box :
- Can you ping itself - "192.168.0.2" ?
- How does the routing table look like ?

zinger299 · 06-27-2003, 08:17 PM

Hello,
ifconfig -a on the Linux box returns:

eth0 Link encap:Ethernet HWaddr 00:C0:F0:2A:EF:13
inet addr:24.51.146.109 Bcast:255.255.255.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10897 errors:0 dropped:0 overruns:0 frame:8
TX packets:1123 errors:0 dropped:0 overruns:0 carrier:0
collisions:8 txqueuelen:100
RX bytes:1583205 (1.5 Mb) TX bytes:181239 (176.9 Kb)
Interrupt:11 Base address:0x7000

eth1 Link encap:Ethernet HWaddr 00:80:AD:83:4B:5A
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:1719 dropped:0 overruns:0 frame:0
TX packets:0 errors:15 dropped:0 overruns:0 carrier:41
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0xb000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:202 errors:0 dropped:0 overruns:0 frame:0
TX packets:202 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14803 (14.4 Kb) TX bytes:14803 (14.4 Kb)

------------------------------------------------------------------------
netstat -m returns "invalid option --m" but netstat -M returns "no support for ip_masquerade on this system". That's funny because I thought that I had followed all directions for checking to see whether it was supported...

using netstat -r or route returns the routing table:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
24.51.146.0 * 255.255.254.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default va-harrisonburg 0.0.0.0 UG 0 0 0 eth0

I am able to ping 192.168.0.1 from the linux box.
I am able to ping 192.168.0.2 from the Windows box.
However I am not able to ping to or from the IP's from either machine.

I couldn't copy the contents of the Windows routing table, but the most relevant part was:
network desitination: 192.168.0.0; netmask: 255.255.255.0; gateway: 192.168.0.2
and then a default gateway of 192.168.0.1.

Thanks for your help!

cropcircle · 06-28-2003, 02:26 AM

/*
obligated off topic side note :
You misread "netstat -rn" for "netstat -m" in my post ... :-)
Oh well, a lessen for me, mention "netstat -r -n" instead of "netstat -rn".
*/

Can you do "netstat -r -n" on your Linux box?

(
If you do a "netstat -r", as you did, the operating system (tries to) resolve(s) hostnames. In the routing table you specified I see the hostname "va-harrisonburg", which does not ring a bell at the moment.

If you do a "netstat -r -n", the operating system does _not_ resolve hostnames, which makes routing tables with possible routing problems a lot more understandable.
)

ps... I've got on my systems at home a similar setup (A Red Hat Linux machine playing as a network masquerading host for my internal network) as yours.

This is my routing table on the Linux machine wich masquerades my network :

(xxx.xxx.xxx.xxx is my outside IP-adres)
(yyy.yyy.yyy.yyy is the IP-adres of my ISP's gateway)
(10.0.0.0 is the network adress of my internal LAN)
(eth0 is my outside network interface)
(eth1 is my inside network interface)

xxx.xxx.xxx.xxx 0.0.0.0 255.255.254.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 yyy.yyy.yyy.yyy 0.0.0.0 UG 0 0 0 eth1

And this is my routing table on my Red Hat Linux workstation, which uses the Linux masquerading host to get on the Internet :

10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0

Looking_Lost · 06-28-2003, 03:07 AM

Here's a straight from the book way:

/etc/sysctl.conf set net.ipv4.forward=1

/etc/sysconfig/nework add GATEWAYDEV=eth0

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -s ! 192.168.0.0/24 -j DROP

Don't know if that's what you already did done do.

You should be able to put in your normal dns servers once it's working.

zinger299 · 06-28-2003, 09:50 AM

Hi,

cropcircle:

Excuse me for misreading the -rn! Running netstat -rn (or -r -n) produces:

Destination Gateway Genmask Flags MSS Window irtt Iface
24.51.146.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 24.51.146.1 0.0.0.0 UG 0 0 0 eth0

It doesn't look yet like I have an entry with my IP address in it; only the network and the gateway (24.51.146.0 and 24.51.146.1, respectively).

When I type "route print" on my XP box, I get the following: (I have omitted the "Interface" column, which yielded identical values to the "Gateway" column):

Active Routes:
network destination netmask gateway metric
127.0.0.0 255.0.0.0 127.0.0.1 1
192.168.0.0 255.255.0.0 192.168.0.2 30
192.168.0.2 255.255.255.255 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.2 30
224.0.0.0 240.0.0.0 192.168.0.2 30
255.255.255.255 255.255.255.255 192.168.0.2 1
========================================================
Persistent routes:
None

Looking_Lost:

I tried the first command you wrote, but it said "permission denied" (even though I am logged in as root). Was that from the online masquerade how-to or another book?

To check my system for MASQ functionality, I followed the instructions at http://www.tldp.org/HOWTO/IP-Masquer...piling3.1.html under 2.4.x kernels. It said that if I could run the command "ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/" and see a list of modules such as: ip_conntrack.o, ip_conntrack_ftp.o, ip_conntrack_irc.o, ip_nat_ftp.o, ip_nat_irc.o, etc., then "IPTABLES was compiled using modules and things look ready to go to use IPMASQ on this system."

I tried the part in the IP masq how-to at http://www.tldp.org/HOWTO/IP-Masquer...-examples.html in step 3.4.1 that suggested making a file, /etc/rc.d/rc.firewall-2.4 with simple rulesets.

I'm not sure...this is all very confusing to me at the moment....

-------------------------------------------------------------------

Thanks for all your help!

Looking_Lost · 06-28-2003, 10:10 AM

Easy mistake to make but the first two lines meant

in the file /etc/sysctl.conf change the value of net.ipv4.forward to 1
same for the second one, edit the file. Wasn't an actual command.

Copied word for word from Red Hat 8 Bible.

Looking_Lost · 06-28-2003, 01:37 PM

And just incase to state the obvious turn IP tables on with /etc/init.d/iptables start

cropcircle · 06-29-2003, 08:32 AM

zinger299, a couple of things :

Does name resolving work on the Linux box (e.g. "nslookup www.linuxquestions.org")?

Can you ping the outside world ("ping www.linux.org") on the Linux box?

Are you sure you aren't running a firewall on the Linux machine? Use the following (as root) command to stop any running firewall : "service iptables stop"

(we'll focus first on the trivial ping problem and we'll focus on the network masquerading part later when the ping problem is fixed).

Are you sure you aren't running a firewall on the Window machine? I've had issues myself with a running ZoneAlarm which I forgot while troubleshooting routing problems on my network.

By the way, your routing table on Windows does look odd :

- I can't see a default gateway (a 0.0.0.0 entry)
- For the network adress 192.168.0.0 you have created a 'loop to itself' ( X -> Y)

<snip>
127.0.0.0 255.0.0.0 127.0.0.1 1
192.168.0.0 255.255.0.0 192.168.0.2 30 <----------------- X
192.168.0.2 255.255.255.255 127.0.0.1 30 <-----------------Y
192.168.0.255 255.255.255.255 192.168.0.2 30
224.0.0.0 240.0.0.0 192.168.0.2 30
255.255.255.255 255.255.255.255 192.168.0.2 1
<snip>

I'm pretty sure your problem lies in the routing table of your Windows XP machine. Focus on that for a while.

I'm also pretty sure you're very close to a working solution, if you manage to do on your Linux box :

"nslookup www.linuxquestions.org"
"ping www.linux.org"

ps. Can you do on your Linux box : "traceroute 192.168.0.2"

ps. Can you do on your XP machine : "tracert 192.168.0.1"

I'm curious what this will give.

Good luck!

zinger299 · 06-29-2003, 03:56 PM

Hello,

I can ping and do nslookup just fine on the Linux box; I just set eth0 to use DHCP and that works fine. You mentioned that there was no entry for 0.0.0.0 in my Windows routing table; this must have been my mistake in typing our the routing table (Windows didn't seem to want to let me just cut and paste it). The entry is:

Network dest. Netmask Gateway Interface
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2

which seems right to me. I do see your point about the loop in the routing table for 192.168.0.0, however. Windows just made all of the entries automatically; all I put in was the static IP and the gateway. I tried commands to change the gateway for 192.168.0.0 to 192.168.0.1, but Windows said, "route: bad gateway address gateway".

I cannot do traceroutes either to or from the LInux or Windows boxes. From Windows tracert or ping to 192.168.0.1 just hangs. From Linux traceroute to 192.168.0.2 yields:

traceroute to 192.168.0.2 (192.168.0.2), 30 hops max, 38 byte packets
1 192.168.0.1 (192.168.0.1) 2994.049 ms !H 2993.050 ms !H 2999.927 ms !H

A ping yields:

PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
From 192.168.0.1 icmp_seq=1 Destination Host Unreachable

I did make sure that all firewalls were stopped (iptables on Linux; Zonealarm and XP's built-in firewall on Windows).

Thanks you for your help!
p.s.-- in case it would help you to know, I am connected via a hub. eth0 and eth1 each have a connection to the hub, as does the windows NIC. The cable modem/router is then connected to the hub.

cropcircle · 07-04-2003, 01:44 PM

Zinger299, I'm pretty sure the problem is in your Windows XP routing table, because you can do a traceroute from Linux to Windows, but not a ping from Windows XP to Linux or from Linux to Windows XP.

If you want to go with modifying your route on the Windows XP machine, visit :

http://www.microsoft.com/technet/tre...docs/route.asp

Okay, try to delete these routes :

On the Windows XP machine, use these commands :
"route delete 192.168.0.0 mask 255.255.0.0"
"route delete 192.168.0.2 mask 255.255.255.255"

On the Windows XP machine, now add the new default route :
"route add 0.0.0.0 mask 0.0.0.0 192.168.0.1"

I hope this will work for you!