Sub: cannot ping internal network

Hello
I am a new user to Linux but in the last couple of months gained some Idea about it,

I am trying to set up a small network in my office having 3 windows xp PCs, two fedora10 PCs

I have an adsl router with 4-port hub connecting to the internet,


one switch (say sw1) and one linux PC (say linux1) is connected directly to the router, the three win xp PCs are connected to switch sw1.

all the above is working fine, I am able to get connected to Internet In all the systems, and able to network among all the above four.

Now I want to make the linux1 as a proxy server for, hence I added another network card into it connected it to another switch sw2, which is connected to another linux pc (say linux2).

I have tried a hundred things, and googled an equal no. and finally posting it here.

In order to reduce confusion I have disabled DHCP in all machines, and given static ips instead
NetworkManager was not happy about it, hence to fix my static IP i disabled NetworkManager ('chkconfig NetworkManager off')

____________________________________________________________________

|--winxp3
|---winxp2
|---winxp1
|
sw1
|
router--(eth0)linux1(eth1)--sw2--(eth0)linux2 <--problem here
|
internet
______________________________________________________________________

the above is a schematic of my network, sw1 and sw2 are 8 port-switches

all is well except there is no visibility between the two linux systems linux1 and linux2,


this is the /etc/sysconfig/network-scripts/ifcfg-eth0, of linux1

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:e0:27:21:01:17
IPADDR=192.168.1.3
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
GATEWAY=192.168.1.1
TYPE=Ethernet
NM_CONTROLLED=no
USERCTL=no
PEERDNS=yes
MII_NOT_SUPPORTED=yes
DNS1=192.168.1.1 # where i found in /etc/resolv.conf


this is the -------/etc/sysconfig/network-scripts/ifcfg-eth1, of linux1-------

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:1f:d0:32:29:a7
IPADDR=192.168.1.31
NETMASK=255.255.255.0
TYPE=Ethernet
USERCTL=no
PEERDNS=no
NETWORK=192.168.1.0
BROADCAST=192.168.1.255


------------this is the ifconfig of linux1--------------

eth0 Link encap:Ethernet HWaddr 00:E0:27:21:01:17
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:27ff:fe21:117/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8021 errors:0 dropped:0 overruns:0 frame:0
TX packets:9165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4855236 (4.6 MiB) TX bytes:1716932 (1.6 MiB)
Interrupt:16 Memory:fa000000-fa0000ff

eth1 Link encap:Ethernet HWaddr 00:1F0:32:29:A7
inet addr:192.168.1.31 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fe32:29a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3759 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:225540 (220.2 KiB) TX bytes:26787 (26.1 KiB)
Interrupt:20

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:95 errors:0 dropped:0 overruns:0 frame:0
TX packets:95 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18290 (17.8 KiB) TX bytes:18290 (17.8 KiB)




--------- this is interface from linux1 ---------

auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.255.255.0

auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.1.31
netmask 255.255.255.0
broadcast 192.168.1.255

----------this is iptables -L from linux1--------

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

----------this is the /etc/sysconfig/network-scripts/ifcfg-eth0, of linux2-------

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:IF0:42:0D:90
IPADDR=192.168.1.7
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
GATEWAY=192.168.1.31
TYPE=Ethernet
NM_CONTROLLED=no
USERCTL=no
PEERDNS=yes
MII_NOT_SUPPORTED=yes
DNS1=192.168.1.1

-------this is interface from linux2--------

auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.255.255.0

auto eth0
iface eth0 inet static
address 192.168.1.7
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.31

------this is the "nmap -sP 192.168.1.0-255" from linux1 I can see all the systems except linux2

Host 192.168.1.1 appears to be up.------------ [router]
MAC Address: 00:1B:57:FC:90:C7 (Semindia Systems Private Limited)
Host localhost.server1 (192.168.1.3) appears to be up.--------------- [linux1 eth0]
Host 192.168.1.9 appears to be up. -----------[winxp1]
MAC Address: 00:1F0:32:29:07 (Giga-byte Technology Co.)
Host 192.168.1.12 appears to be up. -----------[winxp2]
MAC Address: 00:1F0:32:61:E3 (Giga-byte Technology Co.)
Host 192.168.1.55 appears to be up. ----------[winxp3]
MAC Address: 00:1F0:32:29:63 (Giga-byte Technology Co.)
Nmap done: 256 IP addresses (5 hosts up) scanned in 1.920 seconds

[for the sake of clarity i added the machine ref. in square brackets]


This is to inform you i have disabled Firewall through GUI "Administration--> Firewall--> disabled"



i tried ping from linux1 to linux2 and vice versa with no success


setting up of this proxy server is key to me, once this works I want to setup a firewall in linux1 and transfer all winxp systems from sw1 to sw2.


I WOULD BE VERY GLAD IF SOMEONE CAN GUIDE ME WITH THIS.

Best Regards

G S Reddy

Did you enable forwarding? What's the result of ?

in terminal i had this fallowing command

"cat /proc/sys/net/ipv4/ip_forward" the output is "0"

That's the problem. Your Linux Router isn't configured to work as a router.

Hey framp Good day to you...

Now what would be solution for my case, i tried with some help to configure my Linux router, but i dont know, whether I succeeded or not???

in "vi /etc/sysctl.conf" -----

net.ipv4.ip_forward = 1 -----------" i edited "0" to "1"

--------for "route -nv" in Linux 1

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

--------for "route -nv" in Linux 2

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.31 0.0.0.0 UG 0 0 0 eth0

----------for "iptables -L" Linux 1

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


----------for "iptables -L" Linux 2

chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED, ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

chain OUTPUT (policy ACCEPT)
target prot opt source destination

hope you got some clues to find my solution.

waiting for your rely

You also have to masquerade all IPs from your internal network on the router and should have something like

Hi guys,
I've found the following reply:
The question is:
If the problem is visibility between linux1 and linux2 which are connected to the same switch, could you explain why you are discussing about forwarding?

The second matter is that both of the linux1' eths have same class IPs. (i.e. 192.168.1.3 & 192.168.1.31 and the same mask 255.255.255.0).
As a result the routing table is following:
The question is: are you sure that sending a packet from the linux1 host to host with IP 192.168.1.7 it is sent both via eth0 & eth1 ?

In my opinion such packet will be sent via eth0 only since first "matching" routing rule is 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
AFAIK after first match the rest of the routing table is not checked and the packet is sent according to the found rule.
But maybe I am wrong... (?)

Good catch. I thought Linux1 is the router to the Internet. So there is indeed no masquerading needed.

I suggest to use network 192.168.2.x for Linux1 eth1 and Linux2 eth0 and add a route to 192.168.2.x net via eth1 to Linux1. Then it should work.

EDIT: Corrected fact that masquerading is not needed

i was just about to mention the fact that you have the same subnet on both sides of linux1. it is most likely confused about what you want to do with the packets linux2 is giving it. i agree with the previous post about changing the subnet over to 192.168.2.0 255.255.255.0 for linux1 eth1 and linux2 eth0 then following the forwarding instructions and routing instructions above.

Hey Framp,

fine, i am already changed the network for linux1 of eth0 and eth1, Now, I am using linux1 eth0 network is 192.168.1.x and linux1 eth1 and linux2 eth0 i am using 192.168.2.x like this.....

even i edited as it was earlier, in "/etc/sysctl.conf" from '1' to '0' .

Now please but still no success yet, trying very hard to get connected to linux2 and trying ping linux2 to our linux1.

Could you please post the result of following pings (OK, failure)

1) Ping from XP to linux1
2) Ping from XP to linux2
3) Ping from linux1 to linux2

And display the routes (route -n) from

1) linux1
2) linux2

and please enable forwarding on linux1. I meant masquerading in my previous post when I wrote forwarding (Edited the posting right now). Sorry.