Re: Should route, but doesn't
From: Dale Pontius (dale_at_edgehp.invalid)
Date: 01/06/04
- Next message: Dale Pontius: "Re: Should route, but doesn't"
- Previous message: Dale Pontius: "Re: Should route, but doesn't"
- In reply to: David Efflandt: "Re: Should route, but doesn't"
- Next in thread: Dale Pontius: "Re: Should route, but doesn't"
- Reply: Dale Pontius: "Re: Should route, but doesn't"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 06 Jan 2004 05:21:32 GMT
In article <slrnbvia9r.3na.efflandt@typhoon.xnet.com>,
efflandt@xnet.com (David Efflandt) writes:
> On Mon, 05 Jan 2004 04:42:55 GMT, Dale Pontius <dale@edgehp.invalid> wrote:
>> Desired Topology:
>>
>> Internet---Cable Modem---Netgear FR114P 192.168.2.1
>> |
>> 192.168.2.0/255.255.255.0 |
>> |
>> eth1 - dhcp (192.168.2.33-63)
>> RedHat 7.2
>> eth0 192.168.1.254
>> |
>> 192.168.1.0/255.255.255.0 Hub
>> |
>> |--RedHat 8.0 192.168.1.1
>> |--etc
>>
>> The Netgear box acts as DHCP server for 192.168.2.0
>> The RedHat 7.2 box acts as DHCP server for 192.168.1.0
>>
>> I bought the Netgear box last June. Before that the RedHat 7.2 box was
>> connected directly to the cable modem, with IP Masq. When I bought the
>> Netgear box, I quit allowing any incoming connections. Now I'd like to
>> make some select openings, but first want the RedHat 7.2 box between any
>> open ports an my LAN. At the moment, there is no firewalling in the
>> RH7.2 box. (That will change in the future, before I open any ports.)
>>
>> I've set /proc/sys/net/ipv4/ip_forward to "1"
>> The ip tables are all set to default policy ACCEPT.
>>
>> It doesn't route.
>> Packets get from the RedHat 7.2 box to my LAN or to the Internet.
>> Packets from the RedHat 8.0 box get to the RedHat 7.2 box.
>> Packets from the RedHat 8.0 box do not get to the Internet.
>>
>> Here's the answer to your next question:
>>
>> [root@tomcat log]# netstat -Nr
>> Kernel IP routing table
>> Destination Gateway Genmask Flags MSS Window irtt Iface
>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>> 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
>>
>> I tried a traceroute from the RH8.0 box while watching the adapters on
>> the RH7.2 box with ifconfig. Packets were coming in on eth0, but
>> nothing was leaving on eth1.
>
> tcpdump on the 7.2 interfaces may reveal more than traceroute, like that
> the Netgear is ignoring any LAN IPs not on its 192.168.2.0/24 LAN, hence
> no 192.168.1.0/24 packets being passed towards it.
>
By watching ifconfig, I saw packets coming in on eth0, and not going out
on eth1. When I get a chance, I'll try tcpdump, also.
>> I added a -j LOG rule to the FORWARD chain, and was able to see packets
>> coming in from the correct IP on eth0, and getting sent to eth1.
>>
>> But no forwarded packets come out of eth1.
>>
>> Any suggestions as to what I try next?
>
> Does the Netgear FR114P have configurable LAN routing (gateway for
> 192.168.1.0/24 network)? If not then the RH 7.2 box has to masquerade its
> eth0 network as its eth1 IP.
>
You may have hit a real snag, even after I get my RH72 box routing. I'll
cross that bridge when I come to it. I see two ways out, one quick and
dirty, the other clean, but more complex.
quick&dirty: router: 192.168.1.0/24
subnet1: 192.168.1.128/25
subnet2: 192.168.1.0/25
The linux boxen think they're on adjacent /25 subnets, the router on the
encompassing /24 subnet. I *think* this would work, though the subnet
adjacent to the router would have to not be DHCP from the router, else
it would hand out the /24 subnet mask instead of /25.
clean&complex: Set up the above, only use bridging.
Doing these experiments takes down the whole LAN for the family, so it
may be a day or two before I can experiment further. School homework,
and all that.
Dale Pontius
- Next message: Dale Pontius: "Re: Should route, but doesn't"
- Previous message: Dale Pontius: "Re: Should route, but doesn't"
- In reply to: David Efflandt: "Re: Should route, but doesn't"
- Next in thread: Dale Pontius: "Re: Should route, but doesn't"
- Reply: Dale Pontius: "Re: Should route, but doesn't"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
