Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-09-2005, 09:03 PM
|
#1
|
LQ Newbie
Registered: Mar 2004
Location: Canada
Distribution: SLACKWARE LINUX - Since 1993
Posts: 15
Rep:
|
Connecting One Linux Router to Another
THIS PROBLEM HAS BEEN SOLVED.
HERE IS THE QUICK ANSWER
THE SECOND LINUX ROUTER HAD TWO INTERFACES, BUT ONE INTERFACE (ETH1) WAS WRONG, SHOULD HAVE BEEN ANOTHER SEPERATE NETWORK SUCH AS 192.168.1.X INSTEAD OF 192.168.0.X
THEN ALL THAT WAS NEEDED AS THE USUAL IPTABLES NAT RULE TO ALLOW THE HOSTS ON THE LAN (ETH1) TO GET OUT ON TO THE INTERNET
/usr/sbin/iptables -t nat -o eth0 -A POSTROUTING -j SNAT --to-source 192.168.0.250
.250 sends all data to 192.168.0.1 (the first and original network) and out on to the internet. Problem solved.
Quick and simple question which is OS indepenent.
I run a Slackware Linux Server/Network at work, the usual setup, 2 nics, one internal IP (192.168.0.x) for the lan and one external IP connected to the internet throught an IP we get from our ISP.
eth0 - IP from ISP
eth1 - 192.168.0.1
We recently added a second computer lab to the network in a seperate office, and I setup the second box just like the first.
Im not quite sure what the approach is to get the new linux box forwarding the traffic on over to the gateway and out onto the internet.
The new box has two nics,
eth0 - 192.168.0.250 - from this interface i can ssh into 192.168.0.1 and also get online,
eth1 - has an ip of 192.168.0.251 and its this interface that cannot connect to any other host on the network, nor can it get online
so its obvious that i either need iptables rules to forward all traffic to 192.168.0.1
any ideas? do i need iptables postrouting ruiles or could SNAT do the tricK? ive tried and tried and still cannot get the hosts on the new network to talk to anyone else / get on the internet.
I wll keep trying, im pretty good with iptables but added a second linux box to our network and have it act as a router and send all its data to the first server is something i have not done before
FYI ip forwarding is ON on the second new server
any ideas?
Last edited by Mainframe; 11-10-2005 at 12:23 PM.
|
|
|
11-09-2005, 09:49 PM
|
#2
|
LQ Newbie
Registered: Aug 2005
Location: China
Distribution: Fedora Core, RHEL
Posts: 26
Rep:
|
I guess you should change your second box's eth1's ip to a subnet other than 192.168.0.0/24, because classically we will set netmask to 255.255.255.0, and this means that your two cards in the box will collide in ip subnet.
Let me put this for example: you change the ip of eth1 to 192.168.1.1, and there is a box with ip 192.168.1.2 connected to eth1. In my experience, you can ping 192.168.0.1 from 192.168.1.2. But you can't ping 192.168.0.2(if there exists) from 192.168.1.2, that is to say, you can't get two subnets connected through a Linux box by default. Someone told me that this problem can be solved with kernel parameters, but didn't show me how. If you can figure out this stuff, I think that iptables is not needed, it's just needed on the box with ISP connection for masquerading.
BTW, you must add a route to the box connected to ISP:
ip route add 192.168.1.0/24 via 192.168.0.250
without this, the first box can't reply 192.168.1.2 because there is no direct connection.
Last edited by kinzlaw; 11-09-2005 at 09:52 PM.
|
|
|
11-10-2005, 07:08 AM
|
#3
|
LQ Newbie
Registered: Mar 2004
Location: Canada
Distribution: SLACKWARE LINUX - Since 1993
Posts: 15
Original Poster
Rep:
|
Yes that makes perfect sence now that I think about it.
on the second linux box, im going to change the configuration as follows.
eth0 stays at 192.168.0.250
eth1 will now become 192.168.1.1
its the exact same setup as the first server I setup, and
as far as eth1 is concerned, eth0 is still the gateway to the internet.
thanks for clearing that up for me, I should have it fixed in a few hours when I get to the machine at work this afternoon.
Cant wait to try
thanks
|
|
|
11-10-2005, 07:32 AM
|
#4
|
LQ Newbie
Registered: Aug 2005
Location: China
Distribution: Fedora Core, RHEL
Posts: 26
Rep:
|
Just as I said before, you should change some kernel parameter to make 192.168.0.0/24 and 192.168.1.0/24 connected, I have googled for that stuff and got the result(in fact this has caused me some trouble before :-) , and it has been tested in my project -- something relating to a router(just like your case, but more complicated).
The exact command to do this is simple(on the second machine):
echo -n 1 > /proc/sys/net/ipv4/ip_forward
Maybe you have heard about this, but I can't help myself telling you, just because I have got around a problem which has cost a few hours of mine, hehe.
And finally, I assure you that iptables is not needed in our problems.
Best wishes!
Last edited by kinzlaw; 11-10-2005 at 07:37 AM.
|
|
|
11-10-2005, 09:02 AM
|
#5
|
LQ Newbie
Registered: Mar 2004
Location: Canada
Distribution: SLACKWARE LINUX - Since 1993
Posts: 15
Original Poster
Rep:
|
thanks for your advice and expertice.
I do already have IPForwarding setup on the second server. I can do it one of two ways. The "echo " method or slackware has an /etc/rc.d/rc.ipforward that takes an argument of start,stop,or restart.
I personally have used the echo method for years.
So iptables is not needed eh, thats good to know.
I cant wait to get into work to setup server 2 to talk to server 1.
The whole reason i setup the second box was because we have this Cisco SuperStack II 3300 that i was trying to uplinkg to this crappy hub we have up in the cieling, but i could not get the devices to talk. The superstack did not have a tradicional "uplink" port nor was port 1 designated as the uplink port, but from reading the documentation the superstack's ports are already setup as MDI-X meaning they are all ready uplinkable.
chit..i got to go..
i'll keep you posted
cheers
|
|
|
11-10-2005, 09:50 AM
|
#6
|
LQ Newbie
Registered: Aug 2005
Location: China
Distribution: Fedora Core, RHEL
Posts: 26
Rep:
|
It's great pleasure talking in English(using poor words, hehe) with somebody on the other side of Earth.
It's so cool that you "have used the echo method for years", and you must have great knowledge of Linux system management! To tell the truth, I'm just a college student learning Computer Tech. & Science. I haven't touched Linux until last year, and my poor little experiences is limited on Fedora Core and even less on Debian. But after some "pressure" -- because my part-time job asks me to do things on it -- I feel that I almost have dropped Windows! Linux is so wonderful!!
But the big problem is that Linux has a great deal of things to do before we can use it "freely"(don't know how to describe in English :-) . It's very usual that a problem be solved half a month after descovering it, somewhat painful...
The project I'm working on is to put up a dhcp server (using dnsmasq) into working and then make a web administration interface for it, the router between the server and several ethernet subnets is just some add-on stuff. It's a pity that I cost more than two months to do this(I guess the main reason is that I'm so devoted to new things. I dislike doing the same things, in my mind new equals fun) and still unfinished. But I have to complete this work to keep my job. So I decide to burn midnight oil tonight, this must be the last time dealing with it, otherwise it will drive me mad!
.....Some thing harmful to keep untold, and you became the "rubbush can", hehe!
I guess you would like dhcp server running on your first box to dynamically configure your network. If you decide to do that, and run into trouble, maybe I can do some thing for you, hihi.
At last, I'd suggest you use VMware, it's a wonderful tool for network testing. It will keep things simple because you won't deal with a bunch of hubs and wires.
|
|
|
11-10-2005, 12:13 PM
|
#7
|
LQ Newbie
Registered: Mar 2004
Location: Canada
Distribution: SLACKWARE LINUX - Since 1993
Posts: 15
Original Poster
Rep:
|
PROBLEM SOLVED KINZLAW
Thank you so much for your advice. Here is what I did as soon as I got into the office.
1. logged into the new 'second' router as root and had a look at the interfaces:
root# /sbin/ifconfig -a
eth0 - 192.168.0.250
eth1 - 192.168.0.251 <---- thats where I went wrong in the whole setup
so i changed eth1 to the following as you suggested
root# /sbin/ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up
I then added the following iptables rule to setup Network Address Translation so the internal hosts on the lan (192.168.1.x) can get out onto the internet.
root# /usr/sbin/iptables -t nat -o eth0 -A POSTROUTING -J SNAT --to-source 192.168.0.250
then I went to my laptop, and as you suggested, i changed the ipaddress to 192.168.1.2 and all the other hosts to 192.168.1.3, 192.168.1.4 etc.
fired up lynx
slacktop@192.168.1.2$ lynx www.google.ca
and blamo, full internet for all my hosts on the LAN
AWSOME..thanks so much
its also a nice feeling to have the networks seperated, 192.168.0. and 192.168.1 so the networks wont get to congested.
p.s - about your DHCP server. I have heard about dhcpmasq but why not just use a regular DHCP server and write a php script that lets you edit the configuration file from a webbrowser. You could check out www.freshmeat.net and www.sourceforge.net for what your looking for. Youw would be suprised how many odds and ends linux users write to solve every day problems. Make sure the script has the appropriate permissons to allow someone whos making the changes via the webbrowser write access to the file. Another thing you may have to keep in mind is that you may have to restart the daemon (if there is one if your using dnsmasq) after you change your config file
root# killall -HUP daemon
ie
root# killall -HUP httpd or killall -HUP sshd after you make a config change so the service re-reads is new config file.
p.s.s - one more thing. I do not currently have a DHCP server setup on either network at the moment. I personally perfer to give the users who bring in computers to work their IP settings and have them come to me to get interent access rate then some joe schmo bringing in his infected Windows XP (home/pro/) and have his infected laptop scanning for infected hosts, taking up bandwith, infecting file shares etc...to me its just not worth it. I love the fact that if someone brings in a laptop from home they cant just plug it in and get online. Security comes at a price
anyway thanks for all your help
if you want to chat further about anything linux, you can email me, kpomeroy /at/ lakecrest dot ca
cheers bud
p.s.s.s - im a huge slackware and security freak, so i will be on those two boards, security and slackware mostly from now on
cheers
|
|
|
All times are GMT -5. The time now is 07:25 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|