Hi people!

I have troubles configuring a router. I'm pretty newbie in networking and I would appreciate some help.

Below I describe the topology of the network:

• Computer A is a slackware box; has two ethernet interfaces: eth0 connects through a cablemodem with interne
  t, it gets the IP with DHCP; eth1 connects to cisco linksys router; it is 192.168.0.1
• The router connects Comp A thru 192.168.0.3; it's connected to Computer B thru 192.168.1.1
• Computer B is a Gentoo box; connects directly to the router through its eth0, which is 192.168.1.100 (is gi
  ven by the DHCP server inside the router)

(in the future I expect to have 2 more computers and I'd like to use the router to give them internet access)

Computer A is forwarding capable (in fact, if I directly connect computers A and B, everything works like a
charm, I just have to run a "route" command in computer B)

When I try to put the router in the middle I can reach the internet with computer B (the innermost), but I hav
e to write the IPs. Whenever I write a name I'm unable to go anywhere.

To add some more information, I've monitored the interface eth1 in Computer A. using iptraf. When I try
to reach some machine from computer B (a web page, ssh, ping or whatever) iptraf says:
so 64.x.x.x (I hide the 3 last numbres), which is supposed to be a DNS (I put it in the router's configuration
) cannot reach Computer B to give it some information it asked. However, if I directly do "ssh my_work_mach
ine", I can work without troubles (my machine at work can then see my Computer B).
In fact I have seen that I cannot ssh from Computer A to Computer B, although I CAN do the opposite (it is lik
e router allows packets going out but it doesn't allow packets coming in).

I'm sure it is something stupid, but I cannot see it.

Ok, now I've tested that there is nothing to do with cables: I checked with cross and with straight as well; it doesn't work either. Moreover, now I cannot connect from inside (computer B) to anywhere but the router; I rebooted and the same happens...
As I've tested so many things, I lost track.
I'm definitely lost.
Any helpp is going to be appreciated!

Regards

Hi,
> UDP (61 bytes) from 192.168.0.3:1393 to 64.x.x.x:53 on eth1
> ICMP dest unrch (port) (89 bytes) from 64.x.x.x to 192.168.0.3 on eth1

as far as i understood, this capture has been taken on machine A?
and internet access is made through the modem connected to eth0?
If so, then dns query shouldn't go out through eth1 but through eth0.

I think that machine A receives a gateway both from your modem and your router, so that it dosn't know which one to use and tries to go to internet on eth1 instead of eth0.
In /etc/dhclient.conf, you should find the following:
this can be specified on a per interface basis... so if you add to your dhclient.conf the following lines (I removed the router entry which is the gateway), it shouldn't ask for a gateway on eth1:
I'm not sure that it will work, as maybe the router will discard what is requested and send what it wants... you can always use static ip on eth1.

> In fact I have seen that I cannot ssh from Computer A to Computer B, although I CAN do the
> opposite (it is like router allows packets going out but it doesn't allow packets coming in).

most routers include default firewall rules allowing only outgoing traffic.
since you machine B is "inside" and machine A is "outside" from the router point of view, B has full access to A but not the opposite. You must have a web UI were you can change/disable the firewall on the router.

> Moreover, now I cannot connect from inside (computer B) to anywhere but the router
looks like either your router doesn't route anymore, or that you don't have a gateway configured on machine B...

Make sure machine A is connected to a regular interface and not to the WAN/uplink port... this should solve the firewall issue.

Normally, one would have the Linksys cable router connect to the cable modem, on the internet interface. This may be called the WAN interface on some models. Then the NAT function of the router would enable several hosts to share the same internet IP address from the cable modem.

You didn't mention whether you have the Linksys router configured to perform as a router rather than NAT. There is a web interface to the router at 192.168.1.1 by default. There is no user name by default and the password is "admin". If the netmask is 255.255.255.0, then 192.168.0.1 and 192.168.1.1 are on different subnets; then the 2nd interface on host A and the interface on host B need to be on the same subnet. Masquerading needs to be performed by the host that is connected to the modem, with the cisco router serving as a switch. You could have the two inside interfaces on different subnets if the router is in the route mode to allow you to connect the two hosts.

HI! Thanks for the replies.

This I don't understand. Machine A is the one acting as a bridge between the router (and the innermost part of the network) and the external world. Machine A is the one having the eth1 and through it goes every packet from computer B to the internet. Why shouldn't I sniff this card? (I could do it as well monitoring eth0, of course, but this includes the traffict from machine A)
What does it mean? Shouldn't the DNS answers to anyone asking an IP corresponding to certain name? If not, I have to route "something" in machine A, haven't I?

In fact I'm using static IP to asign an IP to the router.

Well, that is what I've tried; I browsed inside the router UI but I'm not able to alter this nasty behavior. Every restrictive option is disabled.

But the instructions doesn't seem to agree with this. The router has 5 ethernet interfaces: the internet one and 4 more. I connected Computer A to the internet interface, and I'd like to have Computer A acting as another router. The manufacturer suggests that I'm doing it right.
Anyway, maybe I try it...


There are two options: as a Gateway and as a Router. I have it as a router (the documentation says that Gateway is intended to connect the router directly to the internet and Router mode is to do what I'm trying to)

Right now the configuration inside the router reads:
What am I doing wrong?
What else can I do?
What more information should I give you?

Thanks again,

Best regards

Could you double check which is the Computer A IP address for eth1 and what is the WAN/INTERNET port address on the router. Also, are you using the WAN/INTERNET port to connect to Computer A? Some Linksys models label the port that normally connects to the cable modem WAN, and other models are labeled INTERNET.

Does the router list the same DNS server IP numbers as the ifconfig listing for eth0 on computer A?

Since Computer A is your gateway, you might simply want to use the 4 normal switch ports. Then eth1 being on the same subnet as computer B and in the future computers C & D, and being on the inside lan, the firewalls on B,C & D can treat Computer A eth1 as a local IP address. Otherwise, I think that the filewalls on B,C & D will block traffic unless explicitly allowing 192.168.0.1.

Is computer A providing Masquerading? I don't think that in the router mode the Linksys router does NAT translation, although I've never used my Linksys cable router this way.

Re-reading your post, I see I've re-asked some questions you may have answered. Sorry. Particularly the INTERNET port was answered. My main question is masquerading however. Also, if computer A cannot ssh into computer B, that may not be a bad thing. Since Computer A is directly exposed to the Internet, it should only function as a firewall and provide masquerading. Note, that I am speaking of an ideal situation. If this is your main desktop then this may be unreasonable. However if this is ,for example, a computer you used to use before upgrading --- consider having the bare minimal software installed running only what is absolutely necessary.

Also, please post the output of the "route" command for computer A. I think that eth1 should have a route for 192.168.1.0 and 192.168.0.0.

Also, a standard rule for firewalls is to reject a private IP coming from an outside interface. This is usually a sign of IP spoofing. This could be what the router is doing.