Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-18-2003, 04:46 PM
|
#1
|
LQ Newbie
Registered: May 2003
Location: Colorado
Posts: 24
Rep:
|
NAT'd subnet routing question
I've got a host who which has a static IP but it's really on a NAT'd subnet. It just gets the same IP through MAC based auth (read I must use DHCP). It has an internal network. Essentially it's your standard DSL type set up. Problem is the ISP doesn't have an internal route for getting to my static IP from the internal LAN. This is breaking some apps I have no control over.
EXAMPLE
Static IP for the whole internet:
X.X.X.X
My internal IP:
Y.Y.Y.Y
Problem occurs when Y.Y.Y.Y tries to connect to X.X.X.X
I think the ISP didn't set a route for this. I have other hosts on DSL with different ISP that work fine in the exact same config.
Normally I'd play around with routing/iptables till I got something to work. Problem is this particular machine is 30 miles away and I'd have to drive to get to the console in case I screw up.
That said. anyone have any recommendations? Seems simple just don't want to screw up.
Thanks,
-ethan
|
|
|
05-18-2003, 06:57 PM
|
#2
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
im having problems understanding the setup here:
you have a computer on the net with static ip X.X.X.X
when u say that Y.Y.Y.Y is internal, what is its gateway??? the X.X.X.X machine? What is the physical setup.
|
|
|
05-18-2003, 07:25 PM
|
#3
|
LQ Newbie
Registered: May 2003
Location: Colorado
Posts: 24
Original Poster
Rep:
|
X.X.X.X is the static IP which my ISP NAT's outbound traffic from Y.Y.Y.Y whose gateway is Y.Y.0.1. Incoming to X.X.X.X are portforwarded to Y.Y.Y.Y through Y.Y.0.1.
If Y.Y.Y.Y tries to connect to X.X.X.X it is not properly routed. Some beta version file sharing software I'm using needs all peers to connect through a static IP, X.X.X.X. Peers external to my LAN have no problems but peers internal can not reach the X.X.X.X address.
On my home machine (different host) this routing is set up find. I use a DSL modem that does the same NATing/forwarding with the one difference that my connections from my internal lan to my external IP are routed properly.
-ethan
|
|
|
05-18-2003, 07:43 PM
|
#4
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
do you own or have root privilidges on all these machines (the X's and Y's). and which ones are Linux machines? Is Y.Y.0.1 a router? or a PC acting as a router?
So you have a computer with IP X.X.X.X and a LAN behind this computer with IPs Y.Y.Y.Y. with gateway Y.Y.0.1. In order for traffic to correctly go from Y.Y.Y.Y to X.X.X.X then Y.Y.0.1 has to have its routing table configured correctly to forward the packets accordingly. If Y.Y.0.1 is a Linux box, you have to turn on forwarding:
# echo 1 > /proc/sys/net/ipv4/ip_foward
and also setup some iptables stuff:
if you trust all the traffic:
iptables -P FORWARD ACCEPT - this says forward anything that needs to be forwarded.
if the Y.Y.0.1 is a dsl/cable router, you might be able to add static routes (i had to do this with my Linksys router)
in my case i have a 10.0.1.1/24 comming off my linux both that is connected to the Linksys as 192.168.1.101, so in my linksys router i added this:
10.0.0.0 as the ip
255.0.0.0 as the mask (this means anything that begins with 10. will be sent out)
and the default gateway is 192.168.1.101
together all this says , if a packet comes into my linksys router, bound for an ip that begins with 10. , send it to the computer with ip 192.168.1.101.
Next, I had to make sure that all packets that come in my Linux box on 192.168.1.101 that are bound for ip's with 10.0.1.1/24 get forwarded to eth1, and as soon as i get another network card, anything bound for 10.0.2.1/24 will be sent out through eth2.
Bascially, you have to make sure each gateway(router) has its routing tables configured correctly and are setup to forward packets.
A little more info on your network setup is still needed for me to help you further, but im getting sort of a mental picture of what is going on.
|
|
|
05-18-2003, 07:57 PM
|
#5
|
LQ Newbie
Registered: May 2003
Location: Colorado
Posts: 24
Original Poster
Rep:
|
Damn. That's what I thought but I was hoping I could do something. Y.Y.0.1 is the ISP's machine I have no control over it.
I don't know how much more explaining I can do. I tried twice.
I ordered a static IP from my ISP. Rather than give it to my host they ISP give me an internal IP and forward/ NAT traffic from to/from my host.
INTERNET <------> X.X.X.X <----> Y.Y.0.1 <----->Y.Y.Y.Y
I have zero control over Y.Y.01 or X.X.X.X for that matter. My machine is Y.Y.Y.Y.
I don't know how else to explain it. This is NOT DSL. I have no DSL modem for this host.
-e
Thanks
|
|
|
05-18-2003, 08:12 PM
|
#6
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
if X.X.X.X can send requests to Y.Y.0.1, Y.Y.0.1 should know about Y.Y.Y.Y......unless its setup to block stuff at that gateway purposely.
|
|
|
05-18-2003, 08:20 PM
|
#7
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
oh, another question, can you even ping YYYY from XXXX and visa versa? if so then all the routing stuff is setup correctly and there is another problem like firewalling.
|
|
|
05-18-2003, 09:30 PM
|
#8
|
LQ Newbie
Registered: May 2003
Location: Colorado
Posts: 24
Original Poster
Rep:
|
In my previous posts I said I don't have any control over X.X.X.X and Y.Y.0.1. They are ON THE ISP SIDE.
|
|
|
05-18-2003, 09:49 PM
|
#9
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
yea i know, i saw that. i was just wondering if ping worked.
|
|
|
05-19-2003, 07:51 AM
|
#10
|
LQ Newbie
Registered: May 2003
Location: Colorado
Posts: 24
Original Poster
Rep:
|
ping X.X.X.X from Y.Y.Y.Y does not work that's why I posted.
THat's the only ping I can try.
|
|
|
05-19-2003, 02:07 PM
|
#11
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
this is kind of frustrating to me because if an ISP owns a router, they dont normally do static routes (not that i know of) but instead use routing protocols (RIP, OSPF, BGP) to update the routing tables automatically. It's all part of how the net works. So, for you not to be able to ping SHOULDN't be a problem with routing. I think the Y.Y.0.1 ISP has some kind of firewall setup. Now, if everything behind Y.Y.0.1 is private (192.168.x.x or 10.x.x.x) then you wont be able to ping those obviously, and you say you have a private address also (im guessing its 192.168. or 10.x.x.x as those are the only private address ranges in know about) so sure, if they try to connect to you, it wont work that way either unless your gateway to the internet forwards the requests to you internal IP (DNATing).
To sum it up i'll make some assumptions:
x.x.x.x is private and not seen on the internet
y.y.y.y is public and is seen on the internet (not a 192.168 or a 10.x.x.x)
if you ping y.y.y.y from x.x.x.x, it will work unless you have the following conditions.
1. y.y.0.1 is dropping ping request to prevent DoS attacks (aol does this)
2. y.y.y.y is dropping ping requests for some reason (like reason 1)
3. y.y.0.1 has no route to host y.y.y.y (i.e. y.y.y.y doesnt exsist)
4. X.X.0.1 (your gateway) doesnt forward ping request (highly unlikely and im sure this isnt the case as im sure you can ping say...yahoo.com)
5. Some other reason i'll think of later.
if you ping y.y.y.y, the reply message usually contains the reason it couldnt be pinged:
echo
dest_unreachable
quench
redirect
time_exceeded
param_prob
timestamp
info
address_mask
im probably beating a dead horse, but i hope i help shed some light or extra understanding.
Last edited by Robert0380; 05-19-2003 at 02:08 PM.
|
|
|
All times are GMT -5. The time now is 01:06 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|