Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My setup: PC running FC5 connected to LAN via router. PDA running Linux connected to this PC through usb network connection. IP addresses are as follows:
PC:
eth0: 192.168.2.1
usb0: 192.168.129.1
PDA:
usbd0: 192.168.129.201
I want to be able to have PC forward packets from usb0 (from PDA) to LAN (to default gateway). I have ip_forwarding enabled on PC and firewall is disabled. From PC I can ping PDA and router; from PDA I can ping PC. But I can't ping router from PDA. Seems packets are not being forwarded. PC routing table:
Code:
> /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.129.0 * 255.255.255.0 U 0 0 0 usb0
default router 0.0.0.0 UG 0 0 0 eth0
PDA routing table:
Code:
> /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.129.0 * 255.255.255.0 U 0 0 0 usbd0
default 192.168.129.1 0.0.0.0 UG 0 0 0 usbd0
I thought packets coming to the PC from the PDA would be forwarded to the default gateway (router) and packets going to the PDA from the PC should use the route listed first.
Check if you have the ip_conntrack module loaded on your desktop. At one time I used my laptop to route the traffic from my desktop to my wireless router. I needed to modprobe ip_conntrack before ip forwarding would work.
I thought packets coming to the PC from the PDA would be forwarded to the default gateway (router) and packets going to the PDA from the PC should use the route listed first.
Tim,
Your adsl router would'nt be returning back packets with source of 192.168.129.* becuase of unavailability of route at its own end. Definately your linux box is forwarding them to your adsl router but router is not returning them back.
All you need in this scenario is to enable firewall & do SNATing all the packets recieved from PDA to router with Source ip of 192.168.2.1
amitsharma_26, why wouldn't the router return the packets from 192.168.129.*? Don't routers use ARP to build internal routing tables?
In any case, I tried changing the subnet of the PDA to that of the rest of the network to circumvent the router problem.
Configuration is now like this:
PC:
eth0: 192.168.2.1
usb0: 192.168.2.2
PDA:
usbd0: 192.168.2.3
And the routing tables of each:
PC:
Code:
>/sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.3 * 255.255.255.255 UH 0 0 0 usb0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
PDA:
Code:
>/sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 usbd0
default 192.168.2.2 0.0.0.0 UG 0 0 0 usbd0
I used tcpdump to monitor the traffic on eth0 while pinging router (192.168.2.1) from PDA, but there was nothing. Seems like packets are not being forwarded. I am able to ping the PC from the PDA.
Also, if I monitor the PC's network adapter usb0 while pinging router from PDA, I see an arp request from the PDA for the router's hardware address (but still nothing on eth0).
amitsharma_26, why wouldn't the router return the packets from 192.168.129.*? Don't routers use ARP to build internal routing tables?
Which router are we talking in here ? ADSL modem or a Linux router or any other specific make ROUTER ??
Quote:
Originally Posted by Mechanic
Configuration is now like this:
PC:
eth0: 192.168.2.1
usb0: 192.168.2.2
PDA:
usbd0: 192.168.2.3
I used tcpdump to monitor the traffic on eth0 while pinging router (192.168.2.1) from PDA, but there was nothing. Seems like packets are not being forwarded. I am able to ping the PC from the PDA.
This above quote is a bit ambiguous, You said you are able to ping PC but not ROUTER though router as you specified is eth0 at your PC.
Now I stand confused as well. Can you kindly correct the statement or justify it a bit more in detail ?
Sorry, there was a mistake in my second to last post. The IP of the router was correct: 192.168.2.1. The ip of eth0 on the PC is 192.168.2.95. The rest should be correct.
I still have not solved this one. Can anyone help me with this?
I've used tcpdump to verify that I'm getting packets to the PC from the PDA to usb0, but if I monitor eth0, I do not see the packets that I expect to be forwarded.
I'm running FC5, kernel 2.6.18-1.2239.fc5. Is it possible that the Fedora kernels do not have forwarding capability by default? I'm getting to my wits end with this one.
At you PDA,
you got to specify static route to your ADSL router
e.g. ip rou to adsl-router-ip via pc1-ip
On PC,
You got to specify static routes to & from your PDA.
e.g. ip rou to pda-ip via usb0-ip
& With this your packets(generated by pda) will reach your adsl router(half work done), but the problem comes for these packets to return & i am not sure but i heard that if you can manage your arp requests with ebtables(or any other method) to redirect these arp queries to your USB box, this scenario can work.
Now you go & surf google on these inputs & give it a try. Repost.. i'll try to look into the same tommorow.
It's fixed! amitsharma_26, your first comment to me was correct. The router was making arp requests to find out the ethernet address of the PDA, but, as it turns out, arp requests are broadcast and the PC does not forward broadcasts - the PDA never got the arp request. Once I got the routes set up properly and entered the proper NAT line, it worked.
amitsharma_26, thank you very much for your help and patience. I learned a great deal in fixing this problem.
There is one last problem though. I can ping the router from the PDA, but if I try to ping www.google.com, I get the following error: 'Host name lookup failure'. Running tcpdump on eth0 of PC I get the following (paraphrased) error:
I have the router (IP 192.168.2.1) set as the DNS on the PDA. Although I can ping the router from the PDA, it appears that it's not working properly as the DNS. Any thoughts on this one?
There is one last problem though. I can ping the router from the PDA, but if I try to ping www.google.com, I get the following error: 'Host name lookup failure'. Running tcpdump on eth0 of PC I get the following (paraphrased) error:
I have the router (IP 192.168.2.1) set as the DNS on the PDA. Although I can ping the router from the PDA, it appears that it's not working properly as the DNS. Any thoughts on this one?
As you can see the message of "Communication with Destination Host is Administratively Prohibited" in your logs, it really meant what it has written. You are blocking these packets on the way back to PDA; you got to allow these packets at your PC1. Checkout all your iptables rules or post them here.
Why am I able to ping the router but I cannot contact it when using it as a nameserver? The PC is not even forwarding these packets. Anyway, here is my setup as it is now:
PC:
eth0 IP: 192.168.2.95
usb0 IP: 192.168.129.1
routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.129.0 0.0.0.0 255.255.255.0 U 0 0 0 usb0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
PDA:
usbd0 IP: 192.168.129.3
routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.129.0 0.0.0.0 255.255.255.0 U 0 0 0 usbd0
0.0.0.0 192.168.129.1 0.0.0.0 UG 0 0 0 usbd0
Here are the iptables rules (I have not changed these; they are Fedora Core 5 default):
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Why am I able to ping the router but I cannot contact it when using it as a nameserver? The PC is not even forwarding these packets.
You got to allow your DNS packets & then the NATed packets to pass from the default firewall you have. At present you can see that under Chain RH-Firewall-1-INPUT at second nos; you have icmp packets allow from anywhere to anywhere & thats why you can ping the router.
For Nated packets & name resolutions to work;
open /etc/sysconfig/iptables
& copy paste
It's fixed! I had to make a slight change to the lines you gave me to enter into /etc/sysconfig/iptables: I had to use the IP of the PDA: 192.168.129.3 instead of 192.168.129.1. But it works. Thanks again for all of your help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.