WHAT I'M TRYING TO DO
---------------------
I'm trying to connect a network with public ip-addresses to the Internet
via a Linux (Red Hat 6.2) router.
THE PROBLEM
-----------
No routing is happening. I can ping from the router both the Internet and
my own net, but can not ping from my own net the Internet.
I've wrote a diary how I set up my network. Maybe someone could find the
part I'm doing wrong?
CALCULATED THE SUBNETS
----------------------
My ISP has given me the net xxx.xx.xxx.128. So, I have a half C class
network in my use (addresses 129-254).
I divided that net into three parts:
net name netmask ip
.128 dmz1 .192 .129 - .190
.192 dmz2 .224 .193 - .222
.224 router .224 .225 - .224
Dmz2 is for future use. I'm not planning to use it for now.
Have I calculated the subnets correctly?
My ISP doesn't know about the subnets I've created. Is that a problem? I
think that it isn't, as xxx.xx.xxx.128/255.255.255.0 is forwarded to my
router and my router then forwards the packets to right directions, right?
MY PLANNED NETWORK
------------------
HDSL .254
+
|
|
+
eth0 .253
Linux-router
eth1 .190
+
|
|
+
eth0 .129
Linux-client
ROUTER'S KERNEL (2.2.17) SETTINGS
---------------------------------
>From Networkin Options I chose:
* Packet socket
* Kernel/User netlink socket
* Routing messages
* Netlink device emulation
* Network firewalls
* Socket Filtering
* Unix domain sockets
* TCP/IP networking
* IP: multicasting
* IP: advanced router
* IP: policy routing
* IP: equal cost multipath
* IP: use TOS valuee as routing key
* IP: verbose route monitoring
* IP: large routing tables
* IP: fast network address translation
* IP: kernel level autoconficuration
* DHCP support
* IP: firewalling
* IP: firewall packet netling device
* IP: use FWMARK value as routing key
* IP: transparent proxy support
* IP: masquerading
* IP: ICMP masquerading
* IP: optimize as router not host
M IP: tunneling
M IP: GRE tunnels over IP
* IP: broadcast GRE over IP
* IP: aliasing support
* IP: Allow large windows
ROUTER'S NETWORK SETUP
----------------------
I've got RH 6.2 server installation running on my router. I've installed all
updates available.
I ran my network down:
root# /etc/rc.d/init.d/network stop
And then configured the /etc/sysconfig/network file:
--snip--
NETWORKING=yes
# in reality the next one is the real dns name
HOSTNAME=peking
--snip--
Edited the /etc/sysctl.conf file
--snip--
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Disables source route verification
net.ipv4.conf.all.rp_filter = 0
# Enables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
--snip--
I removed /etc/sysconfig/ifcfg-eth* files.
Started the network again:
root# /etc/rc.d/init.d/network start
Now my routing table is empty and ifconfig knows only about the lo
device.
I added my nameserver ip to the /etc/resolv.conf file.
Configured the network settings:
root# ifconfig eth0 xxx.xx.xxx.253 netmask 255.255.255.224 up
root# ifconfig eth1 xxx.xx.xxx.190 netmask 255.255.255.192 up
root# route add default gw xxx.xx.xxx.254
The settings look like this now:
root# ifconfig
eth0 Link encap:Ethernet HWaddr 00:80:5F:BC:FE:37
inet addr:xxx.xx.xxx.253 Bcast:xxx.xx.xxx..255
Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:223 errors:0 dropped:0 overruns:0 frame:0
TX packets:346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:3 Base address:0x7000
eth1 Link encap:Ethernet HWaddr 00:D0:B7:BD:9E:3C
inet addr:xxx.xx.xxx..190 Bcast:xxx.xx.xxx.255
Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3583 errors:0 dropped:0 overruns:0 frame:0
TX packets:625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xx.xxx.224 0.0.0.0 255.255.255.224 U 0 0 0 eth0
xxx.xx.xxx.128 0.0.0.0 255.255.255.192 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xx.xxx.254 0.0.0.0 UG 0 0 0 eth0
I checked that I sure was forwarding the packets:
root# cat /proc/sys/net/ipv4/ip_forward
1
And that I can ping everybody:
root# ping xxx.xx.xxx.253
PING xxx.xx.xxx.253 (xxx.xx.xxx.253) from xxx.xx.xxx.253 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.253: icmp_seq=0 ttl=255 time=338 usec
root# ping xxx.xx.xxx.190
PING xxx.xx.xxx.190 (xxx.xx.xxx.190) from xxx.xx.xxx.190 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.190: icmp_seq=0 ttl=255 time=374 usec
root# ping xxx.xx.xxx.254
PING xxx.xx.xxx.254 (xxx.xx.xxx.254) from xxx.xx.xxx.253 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.254: icmp_seq=0 ttl=255 time=1.646 msec
root# ping ftp.funet.fi
PING ftp.funet.fi (193.166.0.148) from xxx.xx.xxx.253 : 56(84) bytes of data.
64 bytes from ftp.funet.fi (193.166.0.148): icmp_seq=0 ttl=248 time=7.329 msec
THE CLIENT MACHINE'S SETTINGS
-----------------------------
I'm running RH 6.2 (full install) on the client machine too.
Ran the network down:
root# /etc/rc.d/init.d/network stop
And edited the /etc/sysconfig/network file:
--snip--
NETWORKING=yes
# in reality the next one is the real dns name
HOSTNAME=antarktis
--snip--
I removed /etc/sysconfig/ifcfg-eth* files.
Started the network again:
root# /etc/rc.d/init.d/network start
Now my routing table is empty and ifconfig knows only about the lo
device.
I added my nameserver ip to the /etc/resolv.conf file.
Configured the network settings:
root# ifconfig eth0 xxx.xx.xxx.129 netmask 255.255.255.192 up
root# route add default gw xxx.xx.xxx.190
And the settings look like this now:
root# ifconfig
eth0 Link encap:Ethernet HWaddr 00:10:5A:72:8D:AC
inet addr:xxx.xx.xxx.129 Bcast:xxx.xx.xxx.255 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1877078 errors:1 dropped:0 overruns:0 frame:1
TX packets:1341156 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:863692 errors:0 dropped:0 overruns:0 frame:0
TX packets:863692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
root# route -n
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xx.xxx.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xx.xxx.190 0.0.0.0 UG 0 0 0 eth0
Tried if I can find the default gateway:
root# ping xxx.xx.xxx.190
PING xxx.xx.xxx.190 (xxx.xx.xxx.190) from xxx.xx.xxx.129 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.190: icmp_seq=0 ttl=255 time=407 usec
Ok. How about the router's eth0:
[root@cayman network-scripts]# ping xxx.xx.xxx.253
PING xxx.xx.xxx.253 (xxx.xx.xxx.253) from xxx.xx.xxx.129 : 56(84) bytes of
data.
64 bytes from xxx.xx.xxx.253: icmp_seq=0 ttl=255 time=394 usec
Ok. And what might the HDSL-router say:
# ping xxx.xx.xxx.254
PING xxx.xx.xxx.254 (xxx.xx.xxx.254) from xxx.xx.xxx.129 : 56(84) bytes of
data.
No replies. Just silence.
What I'm doing wrong???
A bit hopeles,
Peter
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
