Mandrake as gateway/firewall -Problem bringing up two NIC

zhex900 · 05-31-2005, 09:39 PM

I tried everything I can think of :help: . But I my Mandrake 10 box still cannot bring up eth0 and eth1.

Ultimately I want my Mandrake box to serve as a gateway/firewall/proxy/dhcp server.

Internet-----(Mandrake box)------ Router ------- Clients ( Star topology)

Please correct me if I am wrong, to get this working. I need to do the following steps.

1) Assign IP Address to both eth0 and eth1. (I could not get this part working)
2) Configure routing table. (Not sure how this works exactly)
3) Enable IP forwarding. (This is the easy part)
4) Configure Firewall (shorewall), to enable NAT. (Shorewall�s doc seems to be easy to understand, but since the above steps are not working probably. I don�t know whether my configure files for shorewall is correct or not)
5) Proxy (Squid). (This I�ll do later. Need to read some doc first)

Now, I want to resolve the first two setups. So my aim is to have one NIC as dhcp and one static. Also I don't know whether I should add any additional routes, using route.

First attempt. Eth0 static, eth1 dhcp.

*eth1 is connected to my own gateway. (This is for testing, when it works eth1 should be connected to my cable modem)

*eth0 is not connected

Code:

[root@TIGER sysconfig]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=TIGER
GATEWAY=192.168.0.1

Code:

[root@TIGER sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
DEVICE=eth0
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
IPADDR=192.168.0.24
NETWORK=192.168.0.0
ONBOOT=yes

Code:

[root@TIGER sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
GATEWAY=192.168.0.1
BOOTPROTO=dhcp
DEVICE=eth1
MII_NOT_SUPPORTED=yes
ONBOOT=yes
METRIC=12

Code:

[root@TIGER sysconfig]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:02:44:11:DD:24
          inet6 addr: fe80::202:44ff:fe11:dd24/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:2226 (2.1 Kb)
          Interrupt:9 Base address:0x2f00

eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:974 errors:0 dropped:0 overruns:0 frame:0
          TX packets:552 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:157364 (153.6 Kb)  TX bytes:75286 (73.5 Kb)
          Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

Code:

[root@TIGER sysconfig]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
127.0.0.0       *               255.0.0.0       U         0 0          0 lo
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth1

Code:

[root@TIGER sysconfig]# service network restart
Shutting down interface eth0:                                   [  OK  ]
Shutting down interface eth1:                                   [  OK  ]
Shutting down loopback interface:                               [  OK  ]
Disabling IPv4 packet forwarding:                               [  OK  ]
Setting network parameters:                                     [  OK  ]
Bringing up loopback interface:                                 [  OK  ]
Bringing up interface eth0:                                     [FAILED]
Bringing up interface eth1:                                     [  OK  ]
Operation failed.

Why do I have a "Operation failed"?
At this stage I everything seems to work ok. Since eth1 is allocated a IP, and can ping machines in and out side of the network.

Second attempt After eth0 cable is connected to my gateway router. So both eth0 and eth1 are connected to my gateway router.

Code:

[root@TIGER sysconfig]# service network restart
Shutting down interface eth0:                                   [  OK  ]
Shutting down interface eth1:                                   [  OK  ]
Shutting down loopback interface:                               [  OK  ]
Disabling IPv4 packet forwarding:                               [  OK  ]
Setting network parameters:                                     [  OK  ]
Bringing up loopback interface:                                 [  OK  ]
Bringing up interface eth0:                                     [  OK  ]
Bringing up interface eth1:                                     [  OK  ]
Operation failed.

Code:

[root@TIGER etc]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
127.0.0.0       *               255.0.0.0       U         0 0          0 lo

No gateway so cannot connect to outside.

Code:

[root@TIGER sysconfig]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:02:44:11:DD:24
          inet6 addr: fe80::202:44ff:fe11:dd24/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5002 (4.8 Kb)  TX bytes:4450 (4.3 Kb)
          Interrupt:9 Base address:0x2f00

eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:992 errors:0 dropped:0 overruns:0 frame:0
          TX packets:577 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:160938 (157.1 Kb)  TX bytes:79650 (77.7 Kb)
          Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

Eth0 still no IP Address. Why?

Attempt three.

After I swap the ifcfh-ethx files between eth0, eth1
So now eth0 is dhcp, and eth1 is static with ip address 192.168.0.24

Code:

[root@TIGER network-scripts]# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
          inet addr:192.168.0.24  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1079 errors:0 dropped:0 overruns:0 frame:0
          TX packets:633 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:171246 (167.2 Kb)  TX bytes:84854 (82.8 Kb)
          Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

macus · 05-31-2005, 09:43 PM

Please try to disable any "NetworkManager" Service .
RedHat also got this problem .This problem always happen on 2NICs computer

zhex900 · 05-31-2005, 10:20 PM

Thank you for the reply.

I know this is a dumb question, what is a "network manager"?
Do you mean I should disable webmin?

macus · 06-01-2005, 04:55 AM

"NetworkManager" is a network connection service . I don't know whether there is a service with the same name in Mandrake .
In Redhat , there is 2 service " Network Service " and "NetworkManager Service" . Both are handling the network connection .Thanks .

eantoranz · 06-01-2005, 12:26 PM

From experience: don't always trust initialization scripts. Sometimes it's good practice to try to configure stuff by hand.

If it works by hand, I would care about it, I would place the commands in /etc/rc.local and everybody would be happy.

Did you get it working?

zhex900 · 06-01-2005, 05:43 PM

Thank you for your help guys.

The problem with assigning static IP Address to eth0, is it because I am trying to connect both NICs to the same network?
When executing "service network restart", it first tries to bring eth0, which eth0 get successfully assigned an IP Address. However when it tries to bring up eth1, (after a long time) eth1 get allocated an IP address from my gateway, but eth0's IP Address is gone.

Now, if I manually assign an IP Address to eth0 by "ifconfig eth0 192.168.0.24. " it works fine. I can ping eth0 and but cannot ping anything outside of my gateway router.

Since eth1 is connected to the outside world (my own gateway), and eth0 should be connected to my private network. What should I change to get my eth0 on a different network? What value should I set the following ? network number, netmask, broadcast etc.

Clarify my current setup. This setup is only for testing.

Internet----Gateway Router (Netgear)-----other machines (one of the machines is my linux box)

so eth1 ---LINUX BOX ---eth0------other machines

eantoranz · 06-01-2005, 08:24 PM

It sounds like both network connections are using DHCP. Probably you need to use dhcp to get your isp's connection. But you probably need a static IP on the LAN side. What address? Well.... for a small lan, you would normally use the 192.168/16 segment. Even better 192.168.0/24 or 192.168.1/24.

That will do. Once you are able to ping to pothy networks, your got it right... at least, network configuration.

Routing packets from the lan to internet? that's another story. There are people who ask that everyday. Maybe you should take a look around. You'll probably find a straight forward guide to do it (not that it's difficult).