-   Linux - Newbie (
-   -   lan network can't ping each othet (

lumba 01-23-2005 05:59 AM

lan network can't ping each othet
I installed Fedora core 3 in two computers. I called one of them "jinan" which has two ethernet cards and the other called "zebra" has one ethernet card. Jinan ethernet cards ip addresses were etho and eth1 i created an xdsl connection to the internet on etho and it is working fine. I configured the ip address in Zebra to be I made a crossover cable connection between the two boxes and made a small lan.
I was able to ping from jinan. I was also able to ping from zebra, but I wasn't able to ping from neither Zebra nor from its host "Jinan". I changed etho address to and rebooted both systems. Now I can ping both of jinans' cards from jinan and I also could ping Zebra's card from Zebra. but I can't ping anything from zebra to jinan or vice versa. I don't know how changing the address of one cards in jinan made the lan completly unaccessible.
i was hoping at least the ping part should be striaght forward job .
Appreciate your help.

frob23 01-23-2005 06:29 AM

Do not set the ip address of eth0 to a local ip number if it is going to connect to the internet.

comprookie2000 01-23-2005 07:02 AM

zebra's default gateway needs to be jinan's address.
also you may need to set up NAT

lumba 01-23-2005 05:11 PM

thanks for the input.
i changed etho ip address to and the ping worked, but I couldn't ping neither machines using their host names only. Before I originally made any changes, i was able to ping both hosts using their names only. I thought configuring nfs or samba shared directories is not useful before figuring out the pre-requisite set-up, but i tried both of them anyway without being able to access the shared directories.
i would like to ask frob23 if assigning etho the new address would still make the internet service available to the other computer, Zebra.
i appreciate frob23 and comprookie's feedback and just to make sure, jinan's address is eth1, right?

comprookie2000 01-23-2005 06:31 PM

Here is how mine is set up with a crossover cable;

internet[]modem[]abbottdavid(eth0)[]&(eth1)[] comprookie[eth0]( default gateway is( default gateway is( tried to make a nice diagram but it was bad,real bad!

For abbottdavid you need to link the cards together
this is for gentoo
# ln -s net.eth0 /etc/init.d/net.eth1
and for iptables

First we flush our current rules
# iptables -F
# iptables -t nat -F

Then we lock our services so they only work from the LAN
# iptables -I INPUT 1 -i eth0 -j ACCEPT
# iptables -I INPUT 1 -i lo -j ACCEPT
# iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
# iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT

(Optional) Allow access to our ssh server from the WAN
# iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT

Drop TCP / UDP packets to privileged ports
# iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
# iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP

Finally we add the rules for NAT
# iptables -I FORWARD -i eth0 -d -j DROP
# iptables -A FORWARD -i eth0 -s -j ACCEPT
# iptables -A FORWARD -i eth1 -d -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

This is so when we boot we don't have to run the rules by hand
# /etc/init.d/iptables save
# rc-update add iptables default
# nano /etc/sysctl.conf
Add/Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1

You may not need it all but for sure ipforwarding,you can do it with firestarter or guarddog.
Again this is for gentoo but will give you an idea,good luck

lumba 01-28-2005 09:13 AM

thanks for the reference comprookie, it helped a lot.
onr of the things i did, i added the host names in /etc/hosts with the corresponding ethenet card ip address and i was able to ping both machines by names.

All times are GMT -5. The time now is 03:44 PM.