Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by thanhnx I have a similar problem.
With three computers, called [1],[2],[3], connected together by a hub. Each of them has only one network card.
Ip addrees in 192.168.0.x
I have set [2] comp to a router ( traffic from [1] to [3] must go through [2])
First, I set [2] to have 2 alias address by ifconfig eth0:1 and eth0:2.
Then, I set ifconfig netmask in order to have [1] and [2] in the same subnet, as well as [2] and [3].
I think it is ok. But it does't work. What happens?
Thanks.
PS: should I disable the use of ARP protocol.
Quote:
Originally posted by Darin rioguia I wasn't rippin ya for suggesting a bridge I just wanted to make sure he didn't try to set one up only to find out it didn't help
thanhnx you may want to start a new thread with your question since it appears to be different enough from this one. Also I think you overcomplicated the situation, why do you need two aliases for your network card? What is your internet connection (DSL/cable modem/dialup/ISDN?) and how does it plug into your router (USB/ethernet/internal card/external com port?) Don't disable ARP.
I need to aliases ip addess to set this computer ([2]) to be a router, (in general, it needs 2 interfaces? true).
My purpose is to set my ethernet that all traffic from [1] to [3] via [2], even though all of them share a common hub.
Yes your computer usually needs two interfaces to route, one goes to your internal network of computers and the other to the internet. These do not have to be ethernet and are preferrably not two IP addresses on one network card.
So, does [2] have the internet connection and you want [1] and [3] to share it? Do you want [1] and [3] to not connect to each other unless they use [2]? Where is the internet connection and what type is it and how does it connect to all this like with ethernet plug or USB to one of the computers?
Connecting to internet seems to not meet with my problems.
All of three computer are connected to internet. They have their network card themself. I want to mantain the lan architecture ( All computers connects to hub and therefore, from hub to internet).
Architecture:
internet
^
|
[1] ------ [hub]-----[3]
|
|
[2]
But my work is to set computer [2] in order to:
If [1] want to communicate with [3], it is forced to via [2].
so I set [1] and [2] to a subnet
[2] and [3] to a subnet
So you didn't mention it but I take it that your internet connection is something like DSL with an ethernet plug going into your hub. Also if all the computers work now then either the DSL is a NAT router (sometimes called a firewall) or your hub isn't a hub but a NAT router or your ISP lets you take 3 IPs off it's connection.
If you are sharing a common hub then it's a bad idea to route through two IP addresses on one network card, first due to redundant data (each piece of info goes through the hub twice, once coming into [2] and again going out of it) and second because it breaks ethernet and tcp/ip rules and is considered a hack.
So is your goal this:
internet
|
[2]
|
[hub]--[3]
|
[1]
or something different?
if you have all the computers on a hub and they can communicate then there is no need to set up a router and again it breaks ethernet rules which means it can be done but isn't suggested and causes more activity on the network without adding anything benificial. Even if you just want to set it up to learn how, here is the first lesson: don't route across multiple aliases on one interface, Only really weird networks like NASA's are set up that way ;-)
If you just want two IP addresses that isn't bad, it's used commercially for say a web server that is one machine that answers to different IP addresses. It just isn't used to route from one to the other, maybe one of us wasn't understanding the other correctly.
Say you want:
eth0:1 as 192.168.0.4 mask 255.255.255.0
eth0:2 as 192.168.0.5 mask 255.255.255.0
but what you don't do is:
eth0:1 as 192.168.0.1 mask 255.255.255.0
eth0:2 as 192.168.1.1 mask 255.255.255.0
Which puts one physical interface on two different subnets which is the "bad" idea, not that it doesn't work.
Quote:
Originally posted by thanhnx Thanks for your advice .
The "bad" idea of communicating with 2 alias address comes from one of my practice exercise. :-)
But , thanks, anyway.
Originally posted by Darin
[
if you have all the computers on a hub and they can communicate then there is no need to set up a router and again it breaks ethernet rules which means it can be done but isn't suggested and causes more activity on the network without adding anything benificial. Even if you just want to set it up to learn how, here is the first lesson: don't route across multiple aliases on one interface, Only really weird networks like NASA's are set up that way ;-) [/B]
But what should I do if I have only 3 computers, with 3 NIC and
I want to test the netfilter. Certainly, the work is to set iptables and tc in a computer that I call an imitative router . But the net architecture must suit to test.
NICs are really cheap, if you are really strapped for cash look for a used one on eBay. If you are just seeing how it works then you can go ahead and break some rules, maybe just to see if you can get it set up. I'm sure the way you should set it up if you planned on keeping it that way is posted in this networking forum in many of the threads, it's usually done with 2 NICs, one connected to the internal hub and one going out to the internet. If you want to try it out and can't pop a second NIC in the router than try it with the aliases. You just have to be careful to note which machines are set up for which IP subnet since there is no physical seperation of the two you can have problems like DHCP giving a network card the wrong address or other protocols like IPX will simply ignore the two TCP/IP segments and connect the two computers together.
*WARNING: I highly recomend against a setup like this for a production network including permanantly setting up a home network like this; Besides the fact that it adds another level of complexity it could also add needless traffic to your hub and possibly even your internet pipe which would eat bandwidth. In essence your internal network would not be secure since the wire carries data from both sides of the firewall. Some public cable modem and DSL connections are also set up in a "bridge mode" which means any yahoo in your neighborhood with the same service and a packet sniffer can break into your home network by just ignoring your firewall (since they can "see" the inside network.) Even if your internet connection isn't set up in a bridge mode your internal LAN can still be easily compromised by anyone at your ISP.
Could I contact with you individualy.
I think that I will be not to post my several (stupid :-) ) questions about this problem in this forum.
On the other hand, I want to solve this problem.
Do you think about the idea to set [2] to [1] and [3] default gateway. But the sequence problem is that how to prevent the direct communicate between [1] and [3].
They put my lan(3 computer) in a room and have only one link to a firewall (not in my room). So I think that whatever I do in this forum does not effect to the security because my room is inside the firewall.
You're questions aren't "stupid", the TCP/IP and Ethernet protocols were set up by a bunch of really smart people with an assumption that the "average home user" would never have to know the gory details of how it all works and would never set up any esotric configurations at home. They also assumed we would never run out of IP addresses for The Internet...
If you want, you can get my email address off the info on this message board but the whole idea of the forum is that everyone can contribute to your solution and learn from it; I'm just the loudest voice at the moment which doesn't mean I'm the only one here who has an answer for you
Now I have a normal solution by borrowing an network card from my friend.
But we'd better turn back to solve this problem mentioned above.
Quote:
Originally posted by KevinJ Please post specifics about IP addresses and subnet masks that you are using. I think you are subnetting incorrectly.. maybe.
-KevinJ
Hi KenvinJ, I think my setting of address is ok
[1] 192.168.0.58 netmask 255.255.255.224/27 (subnet 2 of 8)
[2] has 2 alias addresses:
192.168.0.36 netmask 255.255.255.224/27 (subnet 2 )
192.168.0.70 netmask 255.255.255.224/27 (subnet 3 of 8)
[3] 192.168.0.91 netmask 255.255.255.224/27 (subnet 3 of 8)
Anyone reading this thread who doesn't know why the netmasks below end in 224 not 0 don't worry, it's more advanced TCP/IP "schtuff" and doesn't apply to 95% of the networks you will ever be exposed to unless you work for NASA*.
Quote:
Originally posted by thanhnx
[1] 192.168.0.58 netmask 255.255.255.224/27 (subnet 2 of 8)
[2] has 2 alias addresses:
192.168.0.36 netmask 255.255.255.224/27 (subnet 2 )
192.168.0.70 netmask 255.255.255.224/27 (subnet 3 of 8)
[3] 192.168.0.91 netmask 255.255.255.224/27 (subnet 3 of 8)
has it some thing wrong?
No, it's just confusing! I had to get out scratch paper to double check the subnets. That's why 24 bit subnets are popular, much simpler. (Don't worry, I did stuff like that when I was learning how TCP/IP worked.)
Anyhow, [2] has to have routing turned on and [1] and [3] have to have gateway point to the local address on [2] and then it should work.
See if [1] and [3] can ping their sides of [2]
have 192.168.0.91 ping 192.168.0.70 and
192.168.0.58 ping 192.168.0.36
Then see if they can ping the other side of [2]
have 192.168.0.91 ping 192.168.0.36 and
192.168.0.58 ping 192.168.0.70
Then see if [1] can ping [3], or post how far you get.
*this doesn't refer to anything about being a "rocket scientist" but rather to the pseudo-cryptic way the network admins at our beloved space agency, and the government in general, subnet their networks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.