LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-31-2005, 04:19 PM   #1
Y0jiMb0
Member
 
Registered: Jul 2003
Location: Valencia (Spain)
Distribution: slackware 11, FEDORA CORE 4, RHEL3, Gentoo...
Posts: 361

Rep: Reputation: 30
resolving names through a router


Hi people!

I have troubles configuring a router. I'm pretty newbie in networking and I would appreciate some help.

Below I describe the topology of the network:
  • Computer A is a slackware box; has two ethernet interfaces: eth0 connects through a cablemodem with interne
    t, it gets the IP with DHCP; eth1 connects to cisco linksys router; it is 192.168.0.1
  • The router connects Comp A thru 192.168.0.3; it's connected to Computer B thru 192.168.1.1
  • Computer B is a Gentoo box; connects directly to the router through its eth0, which is 192.168.1.100 (is gi
    ven by the DHCP server inside the router)
(in the future I expect to have 2 more computers and I'd like to use the router to give them internet access)

Computer A is forwarding capable (in fact, if I directly connect computers A and B, everything works like a
charm
, I just have to run a "route" command in computer B)

When I try to put the router in the middle I can reach the internet with computer B (the innermost), but I hav
e to write the IPs. Whenever I write a name I'm unable to go anywhere.

To add some more information, I've monitored the interface eth1 in Computer A. using iptraf. When I try
to reach some machine from computer B (a web page, ssh, ping or whatever) iptraf says:
Code:
UDP (61 bytes) from 192.168.0.3:1393 to 64.x.x.x:53 on eth1
ICMP dest unrch (port) (89 bytes) from 64.x.x.x to 192.168.0.3 on eth1
so 64.x.x.x (I hide the 3 last numbres), which is supposed to be a DNS (I put it in the router's configuration
) cannot reach Computer B to give it some information it asked. However, if I directly do "ssh my_work_mach
ine
", I can work without troubles (my machine at work can then see my Computer B).
In fact I have seen that I cannot ssh from Computer A to Computer B, although I CAN do the opposite (it is lik
e router allows packets going out but it doesn't allow packets coming in).

I'm sure it is something stupid, but I cannot see it.

Ok, now I've tested that there is nothing to do with cables: I checked with cross and with straight as well; it doesn't work either. Moreover, now I cannot connect from inside (computer B) to anywhere but the router; I rebooted and the same happens...
As I've tested so many things, I lost track.
I'm definitely lost.
Any helpp is going to be appreciated!

Regards
 
Old 10-31-2005, 06:11 PM   #2
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,
> UDP (61 bytes) from 192.168.0.3:1393 to 64.x.x.x:53 on eth1
> ICMP dest unrch (port) (89 bytes) from 64.x.x.x to 192.168.0.3 on eth1

as far as i understood, this capture has been taken on machine A?
and internet access is made through the modem connected to eth0?
If so, then dns query shouldn't go out through eth1 but through eth0.

I think that machine A receives a gateway both from your modem and your router, so that it dosn't know which one to use and tries to go to internet on eth1 instead of eth0.
In /etc/dhclient.conf, you should find the following:
Code:
request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name;
this can be specified on a per interface basis... so if you add to your dhclient.conf the following lines (I removed the router entry which is the gateway), it shouldn't ask for a gateway on eth1:
Code:
interface eth1 {
request subnet-mask, broadcast-address, time-offset, domain-name, domain-name-servers, host-name;
}
I'm not sure that it will work, as maybe the router will discard what is requested and send what it wants... you can always use static ip on eth1.

> In fact I have seen that I cannot ssh from Computer A to Computer B, although I CAN do the
> opposite (it is like router allows packets going out but it doesn't allow packets coming in).

most routers include default firewall rules allowing only outgoing traffic.
since you machine B is "inside" and machine A is "outside" from the router point of view, B has full access to A but not the opposite. You must have a web UI were you can change/disable the firewall on the router.

> Moreover, now I cannot connect from inside (computer B) to anywhere but the router
looks like either your router doesn't route anymore, or that you don't have a gateway configured on machine B...

Make sure machine A is connected to a regular interface and not to the WAN/uplink port... this should solve the firewall issue.
 
Old 10-31-2005, 06:12 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Normally, one would have the Linksys cable router connect to the cable modem, on the internet interface. This may be called the WAN interface on some models. Then the NAT function of the router would enable several hosts to share the same internet IP address from the cable modem.

You didn't mention whether you have the Linksys router configured to perform as a router rather than NAT. There is a web interface to the router at 192.168.1.1 by default. There is no user name by default and the password is "admin". If the netmask is 255.255.255.0, then 192.168.0.1 and 192.168.1.1 are on different subnets; then the 2nd interface on host A and the interface on host B need to be on the same subnet. Masquerading needs to be performed by the host that is connected to the modem, with the cisco router serving as a switch. You could have the two inside interfaces on different subnets if the router is in the route mode to allow you to connect the two hosts.
 
Old 11-01-2005, 08:33 AM   #4
Y0jiMb0
Member
 
Registered: Jul 2003
Location: Valencia (Spain)
Distribution: slackware 11, FEDORA CORE 4, RHEL3, Gentoo...
Posts: 361

Original Poster
Rep: Reputation: 30
HI! Thanks for the replies.

Quote:
as far as i understood, this capture has been taken on machine A?
and internet access is made through the modem connected to eth0?
This I don't understand. Machine A is the one acting as a bridge between the router (and the innermost part of the network) and the external world. Machine A is the one having the eth1 and through it goes every packet from computer B to the internet. Why shouldn't I sniff this card? (I could do it as well monitoring eth0, of course, but this includes the traffict from machine A)
Quote:
If so, then dns query shouldn't go out through eth1 but through eth0.
What does it mean? Shouldn't the DNS answers to anyone asking an IP corresponding to certain name? If not, I have to route "something" in machine A, haven't I?

Quote:
I'm not sure that it will work, as maybe the router will discard what is requested and send what it wants... you can always use static ip on eth1.
In fact I'm using static IP to asign an IP to the router.

Quote:
most routers include default firewall rules allowing only outgoing traffic.
since you machine B is "inside" and machine A is "outside" from the router point of view, B has full access to A but not the opposite. You must have a web UI were you can change/disable the firewall on the router.
Well, that is what I've tried; I browsed inside the router UI but I'm not able to alter this nasty behavior. Every restrictive option is disabled.

Quote:
Make sure machine A is connected to a regular interface and not to the WAN/uplink port... this should solve the firewall issue.
But the instructions doesn't seem to agree with this. The router has 5 ethernet interfaces: the internet one and 4 more. I connected Computer A to the internet interface, and I'd like to have Computer A acting as another router. The manufacturer suggests that I'm doing it right.
Anyway, maybe I try it...


Quote:
You didn't mention whether you have the Linksys router configured to perform as a router rather than NAT.
There are two options: as a Gateway and as a Router. I have it as a router (the documentation says that Gateway is intended to connect the router directly to the internet and Router mode is to do what I'm trying to)

Right now the configuration inside the router reads:
Code:
Internet connection type: Static IP
Internet IP address: 192.168.0.3
Subnet mask: 255.255.254.0
gateway: 192.168.0.1   (which is computer A)
static DNS 1: 64.x.x.x
static DNS 2: 64.x.x.x
static DNS 3: 0.0.0.0

Local IP address: 192.168.1.1
subnet mask 255.255.255.0
What am I doing wrong?
What else can I do?
What more information should I give you?

Thanks again,

Best regards
 
Old 11-15-2005, 05:05 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Could you double check which is the Computer A IP address for eth1 and what is the WAN/INTERNET port address on the router. Also, are you using the WAN/INTERNET port to connect to Computer A? Some Linksys models label the port that normally connects to the cable modem WAN, and other models are labeled INTERNET.

Does the router list the same DNS server IP numbers as the ifconfig listing for eth0 on computer A?

Since Computer A is your gateway, you might simply want to use the 4 normal switch ports. Then eth1 being on the same subnet as computer B and in the future computers C & D, and being on the inside lan, the firewalls on B,C & D can treat Computer A eth1 as a local IP address. Otherwise, I think that the filewalls on B,C & D will block traffic unless explicitly allowing 192.168.0.1.

Is computer A providing Masquerading? I don't think that in the router mode the Linksys router does NAT translation, although I've never used my Linksys cable router this way.

Re-reading your post, I see I've re-asked some questions you may have answered. Sorry. Particularly the INTERNET port was answered. My main question is masquerading however. Also, if computer A cannot ssh into computer B, that may not be a bad thing. Since Computer A is directly exposed to the Internet, it should only function as a firewall and provide masquerading. Note, that I am speaking of an ideal situation. If this is your main desktop then this may be unreasonable. However if this is ,for example, a computer you used to use before upgrading --- consider having the bare minimal software installed running only what is absolutely necessary.

Also, please post the output of the "route" command for computer A. I think that eth1 should have a route for 192.168.1.0 and 192.168.0.0.

Also, a standard rule for firewalls is to reject a private IP coming from an outside interface. This is usually a sign of IP spoofing. This could be what the router is doing.

Last edited by jschiwal; 11-19-2005 at 12:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ping not resolving names - iptables PlatinumRik Linux - Security 2 07-29-2004 12:32 AM
Web browser not resolving names Gavin Linux - Networking 7 04-16-2004 01:00 AM
NetBIOS names not resolving Xhalman Linux - Networking 0 02-16-2004 03:38 PM
Mandrake 9.1 not resolving domain names erikbennett Mandriva 2 10-06-2003 05:50 PM
Apache is resolving names to ip? danimaldaisy Linux - Networking 3 12-18-2002 01:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration