lan network can't ping each othet

lumba · 01-23-2005, 05:59 AM

I installed Fedora core 3 in two computers. I called one of them "jinan" which has two ethernet cards and the other called "zebra" has one ethernet card. Jinan ethernet cards ip addresses were etho 192.168.5.1 and eth1 192.168.5.2. i created an xdsl connection to the internet on etho and it is working fine. I configured the ip address in Zebra to be 192.168.5.4. I made a crossover cable connection between the two boxes and made a small lan.
I was able to ping 192.168.5.4 from jinan. I was also able to ping 192.168.5.2 from zebra, but I wasn't able to ping 192.168.5.1 from neither Zebra nor from its host "Jinan". I changed etho address to 192.168.5.5. and rebooted both systems. Now I can ping both of jinans' cards from jinan and I also could ping Zebra's card from Zebra. but I can't ping anything from zebra to jinan or vice versa. I don't know how changing the address of one cards in jinan made the lan completly unaccessible.
i was hoping at least the ping part should be striaght forward job .
Appreciate your help.

frob23 · 01-23-2005, 06:29 AM

Do not set the ip address of eth0 to a local ip number if it is going to connect to the internet.

comprookie2000 · 01-23-2005, 07:02 AM

zebra's default gateway needs to be jinan's address.
also you may need to set up NAT

lumba · 01-23-2005, 05:11 PM

thanks for the input.
i changed etho ip address to 192.168.4.4 and the ping worked, but I couldn't ping neither machines using their host names only. Before I originally made any changes, i was able to ping both hosts using their names only. I thought configuring nfs or samba shared directories is not useful before figuring out the pre-requisite set-up, but i tried both of them anyway without being able to access the shared directories.
i would like to ask frob23 if assigning etho the new address would still make the internet service available to the other computer, Zebra.
i appreciate frob23 and comprookie's feedback and just to make sure, jinan's address is eth1, right?

comprookie2000 · 01-23-2005, 06:31 PM

Here is how mine is set up with a crossover cable;

internet[192.168.1.254]modem[192.168.1.97]abbottdavid(eth0)[192.168.0.1]&(eth1)[192.168.0.2] comprookie[eth0](192.168.0.2)comprookie default gateway is(192.168.0.1)abbottdavid default gateway is(192.168.1.254)I tried to make a nice diagram but it was bad,real bad!

For abbottdavid you need to link the cards together
this is for gentoo
# ln -s net.eth0 /etc/init.d/net.eth1
and for iptables

Code:

First we flush our current rules
# iptables -F
# iptables -t nat -F

Then we lock our services so they only work from the LAN
# iptables -I INPUT 1 -i eth0 -j ACCEPT
# iptables -I INPUT 1 -i lo -j ACCEPT
# iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
# iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT

(Optional) Allow access to our ssh server from the WAN
# iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT

Drop TCP / UDP packets to privileged ports
# iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
# iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP

Finally we add the rules for NAT
# iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP
# iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

This is so when we boot we don't have to run the rules by hand
# /etc/init.d/iptables save
# rc-update add iptables default
# nano /etc/sysctl.conf
Add/Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1

You may not need it all but for sure ipforwarding,you can do it with firestarter or guarddog.
Again this is for gentoo but will give you an idea,good luck

lumba · 01-28-2005, 09:13 AM

thanks for the reference comprookie, it helped a lot.
onr of the things i did, i added the host names in /etc/hosts with the corresponding ethenet card ip address and i was able to ping both machines by names.