Networking problem (from yet another linux newbie)

mocuZ · 08-07-2009, 01:38 PM

Hello guys,
This is my first writing here and ... as I am a newbie to linux I am
asking for your help.

Problem conditions:
-some kind of Intel computer (I don't remember the exact parameters)
-two NICs (3Com and RealTek)
-Red Hat Linux
-pptpd installed, working and even getting connected

The goal: turn the computer into a router with pptp support

Parameters and configurations:

less /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.2.8 ppp.example.com ppp
172.16.1.1 client-lan.example.com client-lan

less /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

less /etc/sysconfig/network-scripts/ifcfg-eth1
# 3Com Corporation 3c905C-TX/TX-M [Tornado]
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.2.255
HWADDR=00:04:75:84

A:5E
IPADDR=192.168.2.8
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
GATEWAY=192.168.2.1
TYPE=Ethernet

less /etc/sysconfig/network-scripts/ifcfg-eth0
# Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
DEVICE=eth0
BOOTPROTO=none
BROADCAST=172.16.255.255
HWADDR=00:4F:4E:11:CD:1F
IPADDR=172.16.1.1
NETMASK=255.255.0.0
NETWORK=172.16.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1

iptables -nvL
Chain INPUT (policy ACCEPT 275 packets, 27911 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.2.8 tcp dpt:1723
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 172.16.1.1 tcp dpt:22 reject-with icmp-port-unreachable
0 0 REJECT tcp -- ppp0 * 0.0.0.0/0 172.16.1.1 tcp dpt:22 reject-with icmp-port-unreachable
0 0 REJECT tcp -- eth0 * 172.16.0.0/16 192.168.2.8 tcp dpt:22 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 7 packets, 432 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- ppp0 eth1 172.16.0.0/16 192.168.2.0/24 icmp type 255
0 0 ACCEPT icmp -- eth0 eth1 172.16.0.0/16 0.0.0.0/0 icmp type 255

Chain OUTPUT (policy ACCEPT 222 packets, 25434 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * eth0 172.16.1.1 0.0.0.0/0 tcp spt:22 reject-with icmp-port-unreachable
1 100 ACCEPT icmp -- * eth0 172.16.1.1 172.16.0.0/16 icmp type 255

Now my idea:

Internet------------->eth1<---------->eth0---->end users

At this stage and the configurations I've done I can do the following:
1. Get ping replys form eth0 and eth1 when I am on the 172.16.0.0/16.
2. Get ping replys from anywhere when I am on the router.
but I can't get nothing when I try this:
ping 192.168.2.1
(here I am doing this from 172.16.0.0/16)

Where I miss? Can you help me.

markush · 08-07-2009, 02:56 PM

Hi,

I do not see a gateway for your 172.16.0.0 network in the routing table. (edit: and as well in the configuration)

Markus

mocuZ · 08-07-2009, 11:58 PM

Well ... honestly I didn't know what gateway to put so I left it blank.
I think 192.168.2.8 should be the gateway for 172.16.0.0/16, right?
And about the routing table ... I have no idea.

markush · 08-08-2009, 12:40 AM

The gateway is the ip-adress of the router.
Since a router has at least two nics and therefore is member of two networks (subnets) the router functions as a gateway for both subnets.
The gateway has the ip-adress of the nic of the router seen from the subnet.
in your case:

Quote:

subnet: 192.168.2.0/24, gateway: 192.168.2.8
subnet: 172.16.0.0/16, gateway 172.16.0.1

Fact is that the gateway must be a member of the subnet and 192.168.2.8 cannot be gateway for the 172.16.0.0 network.

Markus

mocuZ · 08-09-2009, 03:38 AM

OK
So I added gateway address (172.16.1.1) to eth0, as you said, Markus. Also
added NOZEROCONF=yes, GATEWAYDEV=eth1 to /etc/sysconfig/network file.
I restarted the network and still nothing.
When I do ping (from 172.16.1.7) to 192.168.2.1 I get Request timed out.
When I do ping (from 172.16.1.1) to 172.16.1.7 I get nothing again.

markush · 08-09-2009, 04:24 AM

Hi again,

I think that I've missunderstood one thing. When 192.168.2.1 is the gateway to your ISP (the gateway which connects your network to the internet) then gateway 192.168.2.1 for eth1 was correct.
The gateway for your home network 172.16.0.0/16 is 172.16.1.1.
This should be right, but be aware, that not every host answers on icmp-requests (ping).
You should verify that the configuration for the other computers in your network is correct. Every computer in your 172.16.0.0 network must have gateway 172.16.1.1.

Markus

mocuZ · 08-09-2009, 05:34 AM

Yup. I verified it.
When I do the ping stuff my configuration is:
IP Address: 172.16.1.7
Subnet mask: 255.255.0.0
Gateway Address: 172.16.1.1
Primary DNS: 172.16.1.1

And when I do:
ping 172.16.1.1 (eth0)
ping 192.168.2.8 (eth1)
I get the replys.
But when I do:
ping 192.168.2.1 (Internet)
-> Request timed out. (going through eth0, forwarding to eth1 and going
out (to the outter space

)