LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-23-2005, 08:25 PM   #1
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Rep: Reputation: 15
eth1 not talking


I have 2 ethernet adapters in my Slackware 9.0 box.
both are configured with static IP's, eth0 10.0.0.1/255.255.255.0 and eth1 10.0.0.2/255.255.255.0
(before you mention class A IP's with class C subnet masks, thats the way my ADSL router is setup.)

I can access webmin on the machine if I go in via eth0 on 10.0.0.1 but not if I plug the ethernet cable into eth1 and try via 10.0.0.2
I can ping 10.0.0.1 from my home network but not 10.0.0.2 (yes I plugged the cable into eth1 before trying the ping)
I can ping both IP's from the linux command line and when plugged into eth0 can ping my router as well as www.addresses. when I plug into eth1 I can't ping anything external the the box.

In summary: eth1 can ping into and out from the box. eth1 no response pinging into or out from the box. can ping both addresses ok from in the box.

here is the results from ifconfig

> ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:E5:70:43
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:391 errors:0 dropped:0 overruns:0 frame:0
TX packets:542 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:89415 (87.3 Kb) TX bytes:328371 (320.6 Kb)
Interrupt:12 Base address:0x5000

eth1 Link encap:Ethernet HWaddr 00:E0:4C:E5:70:EF
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:120 (120.0 b) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0x7000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3080 (3.0 Kb) TX bytes:3080 (3.0 Kb)

here are the results of route

> route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
localnet * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 10.0.0.138 0.0.0.0 UG 1 0 0 eth0

I do not have a firewall running at the moment.

I am setting the box up as a firewall/wireless AP.
eth0 is going to be the external (internet) connection and eth1 is going to be the internal connection.
I have setup the firewall but if I start it I can't get into the box at all as I have set it up to drop packets incoming from eth0 (net).

any suggestions or help would be greatly appreciated.

thanks,
Don =)
 
Old 04-24-2005, 04:55 PM   #2
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
Hi,
it's generally a bad idea to assign two or more interfaces to the same subnet: your eth0 and eth1 are both on the same subnet (10.0.0.0/255.255.255.0). It's better to assign the "internal net" interface another subnet, which you can choose freely, e.g. 10.0.1.1/255.255.255.0. Your internal client machines will then also have to be on that subnet, and their "gateway" setting must be the eth1 address of the linux router.

As you can see from the output of "route", your default route goes out through eth0. That's why you can only ping www addresses through the eth0 interface, and not through the eth1 card.

To set it up with the addresses you have chosen is actually to create an "arp proxy"; this CAN be made to work but is *A LOT* more complicated, and really not needed when you can configure the client machines' addresses. So I'd suggest just taking something other than 10.0.0.1/255.255.255.0 for the internal net (eth1).

Let me know if there are other problems!
 
Old 04-25-2005, 06:53 AM   #3
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Original Poster
Rep: Reputation: 15
yep, that got it sorted.
I changed my internal subnet to 192.168.1.0/24 and its all good.

thanks heaps.

one step closer to getting it all working.

just have to get it to tell the DHCP clients on this subnet that 192.168.1.1 is the default gateway now, and work out how to get from that subnet to the external connection (eth0) and therefore the web.
 
Old 04-25-2005, 11:19 AM   #4
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
Glad to hear that!

To get the routing working basically you'll need to do so-called NAT (network address translation) so the linux router will pretend all client traffic comes from himself: try
Code:
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 10.0.0.1
Packets from the clients will then be rewritten so they appear to come from 10.0.0.1 and the modem will accept them.

Then turn on packet forwarding between interfaces with
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
To do this permanently this has to be done at boot time -- but the right place to put it is unfortunately highly distro specific

There's loads of info on iptables on the net -- it's the command to control the firewall as well.

cheers
 
Old 04-26-2005, 02:34 AM   #5
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Original Poster
Rep: Reputation: 15
thanks for the info...

I am using Slackware 9.0 and Shorewall firewall.

I have set up masquerading from eth1 and packet forwarding is enabled on startup.

I tried placing 10.0.0.1 in the appropriate box to use SNAT, but it made no difference.
(I mostly use webmin to configure the linux box.)

From WinXP client machines on eth1 (192.168.1.0/24 subnet) I can ping all local addresses...
eg 192.168.1.1 (eth1), 10.0.0.1 (eth0), 10.0.0.138 (ADSL Router).
I can also ping the outside world. eg www.google.com
To me, this means packets are getting out from my client machine to the www,
and back in again. It also tells me that DNS is working OK.

What I can't do is surf the net from my client machine.
When I request a page, the address is resolved but thats about it, Firefox just says 'connecting to -website-...'

I am at the point where I am ready to put the router into bridging mode and use it as a standard modem,
and use ADSL Setup to get that side going.
 
Old 04-26-2005, 02:48 AM   #6
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
It looks like you're very close to the solution, since ping works all the way from the client to the web...

My guess it it's now something to do with the client's settings...
Maybe the client browser's proxy settings are not set? Some internet providers enforce the use of their proxy servers...
Other internet apps work (chat, mail, ssh)?
 
Old 04-26-2005, 04:30 AM   #7
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Original Poster
Rep: Reputation: 15
like you said, getting close.

I am of the opinion that the problem is in the linux box.
the client machines access the web/mail etc with no problems when running through a switch into the ADSL router.

when I plug the linux box in between the router and the switch is when it goes pear shaped.

my isp has no proxy servers.

still plugging away...
 
Old 04-26-2005, 04:35 AM   #8
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Original Poster
Rep: Reputation: 15
just read the last part of your reply.

haven't tried chat or ssh. mail works a little bit.
I can use mailwasher to check for messages on the server (slower than normal) and thunderbird checked mail and downloaded most messages successfully.
It was pretty slow and didn't progress in downloading a message with a 1.6 mb attachment.

???
 
Old 04-26-2005, 08:24 AM   #9
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
strange...
I'm out of ideas... except, I once had intermittent faulty behaviour in my network and in the end it turned out to be a damaged ethernet cable!!
Just to say, it could be a lot of (non-obvious) things that cause weird errors...

I think it's best to start a new thread for this -- more people will then see it.
best of luck!
 
Old 04-26-2005, 08:40 AM   #10
the_cranky_don
LQ Newbie
 
Registered: Sep 2004
Location: Australia
Posts: 22

Original Poster
Rep: Reputation: 15
no worries, thanks a lot for all your help

 
Old 04-26-2005, 08:49 AM   #11
Tenox
LQ Newbie
 
Registered: Apr 2005
Location: Atlanta
Distribution: RH9
Posts: 9

Rep: Reputation: 0
Quote:
Originally posted by the_cranky_don
just read the last part of your reply.

haven't tried chat or ssh. mail works a little bit.
I can use mailwasher to check for messages on the server (slower than normal) and thunderbird checked mail and downloaded most messages successfully.
It was pretty slow and didn't progress in downloading a message with a 1.6 mb attachment.

???
I'd look at the hardware as well as each piece of software in the chain.

Standard debugging -- reduce your setup to the least possible pieces,
then check each of them in whatever way possible, till a problem is found.

Try interfaces in a "known good" box. Run torture tests on them -- flood ping, for instance.
Remove all clients from network but 1; try tests on it, then hook it directly to your local gateway,
run same tests. Do a little packet sniffing, esp. where you have partial connections: this could be
excess fragments? Bad fragment handling?

On your linux - router box, try using a CD distro, such as LRP; run tests.

Find that weak link: hardware, software, configuration.

(May it be rwin, packet size, etc configs? on the lan, wlan, gate?)


HTH < /..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot activate eth1 using ifup or using ifcfg-eth1 akay Linux - Hardware 10 12-16-2010 06:10 AM
Setting up PC as router, eth1 problem talking to modem NeXuS_2006 Linux - Networking 6 01-17-2005 02:23 PM
eth1 added, mysql connections FROM this machine are from eth1. Need bound to eth0??? kreese Linux - Networking 9 03-31-2004 01:12 PM
we are talking NewBe here OK? spookn Linux - Newbie 7 03-28-2004 07:08 PM
Kernel 2.4.22 finds eth0 and eth1 but 2.6.0 does not find eth1 coollink Linux - Networking 3 01-13-2004 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration