Re: RH Fedora as my gateway

From: P Gentry (rdgentry1_at_cablelynx.com)
Date: 02/15/04 

Date: 15 Feb 2004 11:17:25 -0800

Steven Wall <stevenwall@bigfoot.com> wrote in message news:<pan.2004.02.15.05.29.20.1326@bigfoot.com>...
> Hi All
>
>
> I am (trying) to run RH Fedora as my gateway for my local network. I have
> a P III Compaq with one on board Intel NIC eth0 and a pci 3com NIC eth1.
> I have bigpond cable on eth0 with bpalogin dhcp setup etc. Local network
> consists of 192.168.0.0 /24 address range (all static ATM) with eth1 set

Not sure what you mean here by ATM -- not Asynchronous Transfer Mode,
surely, since this is an ethernet.

> at 192.168.0.1 I have replaced eth1 with known good NIC, replaced cat5
> cable to hub with known good cable so it must be the settings somewhere.

A hub or switch/router? What brand/model? How many boxes on LAN?
What OSs are they using? DHCP provided?

> I have turned on IP forwarding run iptables firewall script (included

Turn off the FW till you get LAN connected properly. At least flush
the tables when working on this issue.

> below) The problem is that I cannot ping from local network to my gateway

RH gw or the gw listed in route table? Both/either?

> machine or vice versa. No problems getting the net from the gateway machine.
> Any help appreciated
>
> TIA
>
> Steve Wall
>
> iptables -L
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere

Huh?

> ACCEPT all -- 192.168.0.0/24 anywhere
> DROP all -- anywhere 255.255.255.255
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> LOG all -- anywhere anywhere limit: avg 3/hour burst 5 LOG level warning prefix `RED INPUT DROPPED: '
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere 192.168.0.0/24
> ACCEPT all -- 192.168.0.0/24 anywhere
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere 192.168.0.0/24
> ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
>
> route
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
> 144.XXX.XXX.0 * 255.255.252.0 U 0 0 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default CPE-144-XXX-XXX 0.0.0.0 UG 0 0 0 eth0

Where did these FW rules came from? Please, don't put them on my box!
 Believe you need to re-think these -- I would not use them even
during testing/diagnosing a net problem. Better to just turn off the
FW till you get the LAN side working.

Commands used to set up the FW? You need the RH gw to MASQUERADE the
LAN boxes.

First thing is to verify connectivity between your LAN boxes and your
RH gw.

You have nets set up in routing table but what _interface_ is
associated with what net? What commands did you use to build the
table? The only gw listed is the one on your ISP's net.

The LAN boxes also must be set up correctly. What does route and
ifconfig show for them? The 169.254.0.0 on eth1 indicates a Win box
laying around taking advantage of Automatic Private IP Addressing.
I'm beginning to think that some (more than I realized?) Linux
distros/scripts are using this bane of mankind. For more info see
bottom of this thread:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=facb01db.0402121616.22c435b9%40posting.google.com&rnum=4

You have to 'man route' carefully to understand how to build the
routing tables properly. The Net-HOWTO.html has some examples:
http://www.tldp.org/HOWTO/Net-HOWTO/
The right commands in the right sequence. This is why the commands
you used are needed.

I'm assuming you're reasonably comfortable with the commands needed
for all this -- just need to work out the "correct" way to set things
up. Right?

Basically, you need the routing table set up so that any packet that
comes in can be examined for its dest addr and then forwarded to the
correct _interface_ (identified by both IP addr and /dev/eth_x). Thus
the kernel needs info about which nets are connected/associated with
which interfaces. Once its on the correct wire, the ethernet card
will grab it. Masqing is related to but does not replace the routing
table setup. (Now you know why there are Post and Pre routing rules
in NAT -- Post = after the kernel routing table processing; Pre =
before the kernel routing table processing.)

Run route and ifconfig on each box and post output if you need any
help or questions answered. Once the LAN side is set up you can
proceed to the FW.

hth,
prg
email above disabled

Relevant Pages

  • Routing problem
    ... I have a slightly unusual routing issue that I'd appreciate some help ... I have a machine with 2 interfaces, eth0 connected to the ... lan, and eth1 connected to an adsl router. ... via eth0 through its default route of eth1 -> adsl. ...
    (alt.os.linux)
  • Re: [SLE] setting up routes
    ... > Kernel IP routing table ... the commands above and add it in your boot sequence. ... > I did del the route before adding it, but it is always up with a default ...
    (SuSE)
  • Re: Routing Networks
    ... I need some help routing or making Nat on a LAN. ... > I think it is a route problem. ... > daemon running on the linux machine. ...
    (freebsd-hackers)
  • Re: Routing Networks
    ... I need some help routing or making Nat on a LAN. ... > I think it is a route problem. ... > daemon running on the linux machine. ...
    (freebsd-isp)
  • Re: Routing Networks
    ... Asunto: Re: Routing Networks ... on a LAN. ... >> I think it is a route problem. ... >> has a network device with an addr of LAN B. ...
    (freebsd-hackers)
Loading