At 04:56 PM 11/23/01 +0000, you wrote:
>I still say this is wrong somehow; you can't have eth1 on the 216.9.0
>network (note the 216), and have your gateway be 206.9.0.1. HOW IS THAT
>POSSIBLE? (AFAIK, it isn't.) Are you using pump or dhcpcd to get your IP
>address for eth1? (Running "ps auxw | grep dhcpcd" should tell you whether
>dhcpcd is running; similar thing for pump.)
Both are running, but pump specifically references eth1.
>Given that your forwarding nameservers are both on 206, I'm going to
>assume that is the correct number. Please correct me.
Yes, that is correct.
>>> You note the gateway of your RH71 box as 192.168.1.1, which is not
>>> correct. The gateway for each interface is where it should send traffic
>>> directed to the rest of the world. So, for the Red Hat server to use
>>> one of its interfaces as a gateway is an impossible configuration.
>>
>>I was wondering about that...So it's actually 192.168.1.0, correct? That
>>should (obviously) be changed on the Doze box, but isn't it already
>>configured on the RH box? (BTW, I had already tested it with the correct
>>configurations on the Doze box.)
>
>You don't send traffic to a network (192.168.1.0 is the name of a network
>composed of 256 IP addresses in total); you send traffic to a single
>destination. Remember, IP addresses belong to interfaces not computers. So
>follow the chain here, thinking that for communication to exist one IP
>address must send and another receive:
>
> "Windows box (192.168.1.2) sends to its gateway (192.168.1.1) on
> the same network, which is a Linux box which internally moves that
> traffic to its other network interface. The Linux box sends out said
> traffic via its outside interface (206.9.0.x) to its gateway (206.9.0.1)
> which are also on the same network."
>
>Roughly speaking, this is how the entire Internet works.
>
>
>>>However, I assume that this is *not* your problem since your eth1 (to
>>>your ISP) is assigned through DHCP and it will have correctly configured
>>>its gateway.
>
>I'm now beginning to wonder about this. We need to fix that 206/216 thing.
>
>>>>vi /etc/sysconfig/network-scripts/ifcfg-eth0
>>>>
>>>>DEVICE=eth0
>>>>BOOTPROTO=static
>>>>BROADCAST=192.168.1.255
>>>>IPADDR=192.168.1.1
>>>>NETMASK=255.255.225.0
>>>>NETWORK=192.168.1.0
>>>>ONBOOT=yes
>
>Only needs to read:
>
>DEVICE=eth0
>BOOTPROTO=none
>BROADCAST=192.168.1.255
>IPADDR=192.168.1.1
>NETMASK=255.255.225.0
>NETWORK=192.168.1.0
>ONBOOT=yes
>
>>>>vi /etc/named.conf
>>>>
>>>>options {
>>>> forwarders {
>>>> 206.40.133.20
>>>> 206.129.112.21
>>>> };
>>>>};
>>>
>>>Check this carefully. named.conf is *not* happy using just a newline for
>>>separation. You are going to need either commas or semicolons in between
>>>those two IP addresses for your forwarders.
>
>I checked my own server; you need a semicolon after each one, I think. No
>commas.
>
>>Yeah, I need to pay better attention to logs. I get confused, though: is
>>/var/log/messages the one I should be following for most things such as this?
>
>Mostly, yes.
>
>>>/etc/sysconfig/network:
>>>
>>> NETWORKING=yes|no
>>> HOSTNAME=<fqdn by default, but whatever hostname you want>
>>> GATEWAY=<gateway IP>
>>
>>206.9.0.1 correct?
>
>Correct.
>
>>> GATEWAYDEV=<gateway device> (e.g. eth0)
>>
>>eth0? Put that in, but eth1 appears to be connected to DSL
>>Oops! Saw note below and changed it to eth1
>
>eth1 is correct. Since eth1 knows its gateway, you could conceivably use
>only "GATEWAYDEV=eth1" and remove the "GATEWAY=206.9.0.1" altogether. This
>might even be better, since your gateway could change (in theory) if your
>provider decides to move you to a different network.
>
>>> NISDOMAIN=<nis domain name>
>>
>>Is that my ISP? cnw.com?
>
>Leave it out; it's optional and not relevant to you at all.
>
>>>Both net.ipv4.ip_forward and net.ipv4.ip_always_defrag should be set to
>>>"1" in /etc/sysctl.conf.
>>
>>They were set to 0; changed them to 1
>
>These do not take effect until you reboot. There is a command to make them
>take effect immediately, but I don't remember what it is. You might want
>to simply reboot for them to take effect.
>
>Let me try to work through Harry's stuff here too...
>
>> > Harry Putman writes:
>> > Your IP has given you nameservers so those should appear in
>> > resolv.conf of the linux box. You say you can surf the net from that
>> > box so that is apparently set up OK.
>> > In brief: If you restart eth0, with:
>> > ifconfig eth0 up
>> > You see normal connectivity to internet from the linux box.
>>
>>Nope. Not any more. Must be one of the changes I made up above because it
>>was working before.
>
>Harry has made the mistake of assuming eth0 is your outside network, and
>you have followed him into that mistake. It *should* work if you use eth1
>instead.
>
>> > Netstat -nr ouput shows 216.9.0.0 as eth1 IP address. Maybe a typo
>> > and is really 209.9.0.1 but either way that is wrong.
>
>Another typo here. It should be *206*, not 209, not 216. (We think... you
>need to confirm to us which network and IP is actually right here.
>
>By the way, either dhcpcd or pump (whichever of the two you're using)
>provide a way to see what config you've received from the DHCP server at
>your ISP; I just don't remember how to go look for it. The man pages for
>pump and dhcpcd will have the answer, and you can use the "ps auxw | grep
>dhcpcd" command I mentioned to find out which one you are running. Note:
>eth1 must be up or neither will be running.
>
>> > Eth1 IP should be set to an address you've choosen for your internal
>> > network. Something in the 192 range like 192.168.0.1. If I remember
>> > correctly, there will be no gateway for eth1.
>
>Again, in your config this was eth0
>
>> > Test it with:
>> > ifconfig eth1 up
>> > ping 192.168.0.1 (or what ever number you've chosen)
>>
>>Works.
>
>Huh? You bring up your outside link and you can talk to the Windows box? WTF?
if I bring down eth0 I can no longer ping the Doze box.
>OK, I'm confused now.
>
>I think this is a good time to stop and think. Kindly send a new message with:
>
>1. the *current* contents of:
>
>/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
>/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
FORWARD_IPV4=yes
GATEWAYDEV=eth1
>/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
>/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes
>2. the output of:
>
>route -n
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
216.9.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
0 lo
0.0.0.0 216.9.0.1 0.0.0.0 UG 0 0
0 eth1
Note: It *is* 216: not a typo
>lsmod
Module Size Used by
sr_mod 15520 0 (autoclean)
autofs 11136 1 (autoclean)
tulip 38096 1 (autoclean)
3c59x 25312 1 (autoclean)
ipchains 38944 0 (unused)
ide-scsi 8352 0
scsi_mod 94336 2 [sr_mod ide-scsi]
ide-cd 27104 0
cdrom 27392 0 [sr_mod ide-cd]
usb-uhci 20848 0 (unused)
usbcore 49632 1 [usb-uhci]
>3. your DHCP config information from your ISP (obtained from some file
> from pump or dhcpcd)
Will /etc/resolv.conf do?
search cnw.com
nameserver 206.40.133.20
nameserver 206.129.112.21
>4. Are you using ipchains or iptables? I forget.
ipchains
>5. The actual network config of the Winbox
IP Address 192.168.1.2
Subnet Mask: 255.255.255.0
DNS Configuration
Enable DNS is checked
DNS Server Search Order
206.40.133.20
206.129.112.21
192.168.1.1
Gateway 192.168.1.1
(Note: Just barely added the 192.168.1.1 to both entries above to test...)
>6. Harry told you to remove all firewall rules INCLUDING YOUR
> IP MASQUERADING as a test; have you reactivated it?
I've rebooted so I imagine they've been reactivated, yes.
>6. What currently works (after a reboot) out of this list:
> o Ping Win-Lin and Lin-Win by IP address
Works both ways.
> o Ping Win-Out by IP address
No.
> o Ping Win-Out by name
No.
> o Browse Win-Out by IP address
No.
> o Browse Win-Out by name
Oh, if it were only so :)
> o Ping Lin-Out by IP address
Yes.
> o Ping Lin-Out by name
Yes.
> o Browse Lin-Out by IP address
Yes.
> o Browse Lin-Out by name
Yes.
Thanks!
BenO
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
