Re: Can't ping or get some sites
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 09/03/03
- Next message: Floyd Davidson: "Re: ping replacment?"
- Previous message: Xyerp: "Re: Connecting to Linux machine remotely"
- In reply to: Chris: "Can't ping or get some sites"
- Next in thread: David Efflandt: "Re: Can't ping or get some sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 03 Sep 2003 11:40:12 GMT
On 2 Sep 2003 21:43:35 -0700, Chris wrote:
> From what it looks like I can't seem to resolve IP addresses from
> domain names when I am running my NAT script. The eth1 startup script
> is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
> server. Is this how I am supposed to set eth1 to resolve IPs? If not
> how do I do that?
Please read http://www.catb.org/~esr/faqs/smart-questions.html
Guessing Redhat or Mandrake
Please read the last 4 lines of this reply, I'll wait . . . . . . . . . .
Let's assume manzy-mo-1-16 is your node name from your isp.
fw is the firewall box with two nics and wb is the web browsing
box on eth1 and your domain is home and you're connected to a cable modem.
Have to guess you have a cross-over cable to hook nic to nic
or a regular cable from nic to cable modem and nic to a switch/hub.
All names and numbers are examples only, any similarity to real life
is an accident.
Example: layout
192.168.1.1 pc1 node's gateway
192.168.1.10 pc1 node's ip
|
v
x pc1 printer 150.135.180.16
x \ / |
x \ / v
x Switch/hub-----eth1_fw_eth0---cablemodem-----ISPgateway---Internet
x / ^ ^
x / | |
x pc2 192.168.1.1 150.135.180.1
^ lan gateway
|
192.168.1.12 pc2 node's ip
192.168.1.1 pc2 node's gateway
There are just a very few ISPs which still require the DHCP_HOSTNAME
value. It will not hurt to set it here.
/etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=yes
DHCP_HOSTNAME="manzy-mo-1-16"
HOSTNAME=fw.home
DOMAINNAME=home
GATEWAY=150.135.180.1 <=========== change
GATEWAYDEV=eth0
modify /etc/resolv.conf Here is an example:
search localdomain Arizona.EDU <==== change
nameserver 128.196.128.233 <==== change
nameserver 128.196.128.234 <==== change
nameserver 128.196.188.95 <==== change
put your hostname.domain name in /etc/hosts
127.0.0.1 localhost.localdomain localhost
150.135.180.16 manzy-mo-1-16.rescomp.Arizona.EDU isp_name
192.168.1.1 fw.home fw
192.168.1.10 wb.home wb <==== add other box
cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
In /etc/sysctl.conf set
# Controls IP packet forwarding/masquerade
net.ipv4.ip_forward = 0 <======== change to 1
You may have to add a maswquade run to firewall
iptables -A POSTROUTING -t nat -s 192.168.1.0/255.255.255.0 -o eth+ -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
service network restart
and see what errors you have in /var/log/messages
Execpt for ip numbers, your fw.home route should look kinda like
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
81.103.155.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 150.135.180.1 0.0.0.0 UG 0 0 0 eth0
Test network with
ping -c 1 150.135.180.1 to test route to isp gateway.
ping -c 1 66.218.71.198 to test isp routing
ping -c 1 yahoo.com to test DNS
Now on the browser box (wb.home)
cat /etc/sysconfig/network
HOSTNAME=wb.home
NETWORKING=yes
GATEWAY="192.168.1.1"
GATEWAYDEV="eth0"
FORWARD_IPV4="yes"
cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
150.135.180.16 manzy-mo-1-16.rescomp.Arizona.EDU isp_name
192.168.1.1 fw.home fw
192.168.1.10 wb.home wb
modify /etc/resolv.conf Here is an example:
search localdomain Arizona.EDU <==== change
nameserver 128.196.128.233 <==== change
nameserver 128.196.128.234 <==== change
nameserver 128.196.188.95 <==== change
Now, set your changes with the command
service network restart
and check the routing
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Test network with
ping -c 1 fw to check routing and cable to fw box.
ping -c 1 81.103.155.1 to test to isp gateway.
ping -c 1 66.218.71.198 to test ip forward and masquerade
ping -c 1 yahoo.com to test DNS
-- The warranty and liability expired as you read this message. If the above breaks your system, it's yours and you keep both pieces. Practice safe computing. Backup the file before you change it. Do a, man command_here or cat command_here, before using it.
- Next message: Floyd Davidson: "Re: ping replacment?"
- Previous message: Xyerp: "Re: Connecting to Linux machine remotely"
- In reply to: Chris: "Can't ping or get some sites"
- Next in thread: David Efflandt: "Re: Can't ping or get some sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
