Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem with routing, I think. Let me tell you about my setup first:
I have a Netgear WGR614v6 wired/wireless router between all my computers and the internet. This router (192.168.1.1) serves as a router, firewall and DHCP server for my first network (192.168.1.0/8). On IP address 192.168.1.5 I have a second router (Debian 3.1 Sarge) behind which is my second network, 192.168.2.0/8. 192.168.1.1 has a static route to 192.168.1.5 for all traffic to the 192.168.2.0/8 network. The Netgear router forwards port 80 to 192.168.1.5.
The clients (including the debian-router) on the 192.168.1.0/8 connects fine to the Internet. The clients on the 192.168.2.0/8 network can connect all the computers on the network.
Clients on the 192.168.1.0/8 network look similar to the one on the 192.168.2.0/8 network except the IPs and broadcast address is changed to the proper values.
Finaly, the problems. The clients on the 192.168.1.0/8 network cannot connect to the 192.168.2.0/8 network and the clients on the 192.168.2.0/8 network cannot connect to computers outside the entire network (that would be the internet). As I mentioned previously, I have forwarded port 80 on the netgear-router to the 192.168.1.5 IP, but I cannot connect to this port from the internet.
As far as I can see, the setup on the debian-router looks okay. Doesn't it? I think the netgear router is set up as it should be (btw, that interface royally sucks) but I am not completely sure. Anyone have some input as to what could be the solution?
first of all 192.168.1.0/8 and 192.168.2.0/8 are the same network. You mean 192.168.1.0/24 and 192.168.2.0/24.
can you ping from your client to the first router? "ping 192.168.1.1" from the client in the 2.0 network? during the ping can you try a packet capture with tcpdump?
also what do you see pinging the internet from the debian router sourced from the 2.1 interface?
"ping -I 192.168.2.1 www.yahoo.com"
Whoops, sorry. The netmask of the two subnets is 255.255.255.0 which i though translated to /8. I'm so sorry!
I have a lot of servers on the debian-router (.1.5): Squid, DHCP for the .2.0 network and Apache2. I forward port 80 to .1.5 to server web pages to the internet.
I can ping the first router (both internal and external interfaces) from both networks. Also, I can ping computers on the .2.0 network from the .1.0 network. "ping -I 192.168.2.1 www.yahoo.com" gives a timeout, but isn't that expected as I tell 'ping' to use the .2.1 interface?
I will create a tcpdump later (it is too late now, must sleep). How verbose would you like it?
well by pinging from the 2.1 interface its like telling it that you are coming from the 2.0 network.
so you can ping the first router (1.1) from the 2.0 computers? your routing seems fine if this is the case. Maybe it just doesn't nat for addresses not on the 1.0 network.
Yes a tcpdump will help as long as we see the src and dst packets.
Could you check if you have the "ip_conntrack" module loaded on the debian-router?
I had once used my laptop to route desktop traffic to my wireless router. Even though the routes were correct and ip_forward was set, the traffic wasn't getting through until I loaded the ip_conntrack module, even though the laptop wasn't being used to NAT addresses.
The 83.XX.XXX.XXX IP is my internet IP, the address of the external interface on the first router. That doesn't look right!
When I do "telnet 83.XX.XXX.XXX 80" from a client on the .2.0 network I get the following output from tcpdump (still on the same interface):
Code:
15:20:13.541009 IP 192.168.2.100.56285 > 83.XX.XXX.XXX.XX: S 3050318295:3050318295(0) win 5840 <mss 1460,sackOK,timestamp 62411280 0,nop,wscale 2>
15:20:13.541802 IP truncated-ip - 15300 bytes missing! 83.XX.XXX.XXX > 192.168.1.5: tcp
15:20:19.540041 IP 192.168.2.100.56285 > 83.XX.XXX.XXX.XX: S 3050318295:3050318295(0) win 5840 <mss 1460,sackOK,timestamp 62412780 0,nop,wscale 2>
15:20:19.540819 IP truncated-ip - 15300 bytes missing! 83.XX.XXX.XXX > 192.168.1.5: tcp
"truncated-ip", "15300 bytes missing!" that doesn't look good. What do they mean?
EDIT: After messing around with the W3 online HTML validator I noticed I was able to make connections from outside (the internet) the network, to the forwarded port 80. Alas, I still cannot get a connection through from inside the networks to the forwarded port.
Did YOU load the module "ip_conntrack" yet? Did YOU enable "IP forwarding"? Have YOU setup a Firewall? Have YOU checked the Firewall rules, are they correct for YOUR needs? If YOU disable Port 80, can YOU still ping the same directions as before, or in only one direction? Hope this helps. Also, some great reading...http://tldp.org/HOWTO/HOWTO-INDEX/howtos.html
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.