Re: Fedora as Router - cannot get past gateway

From: John A. Crouse (john_at_jcrouse.com)
Date: 02/26/04

• Next message: Frank Sweetser: "Re: Duplex problems with NFS mounts"
• Previous message: Swordsman: "Duplex problems with NFS mounts"
• In reply to: P Gentry: "Re: Fedora as Router - cannot get past gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 25 Feb 2004 15:26:49 -0800

rdgentry1@cablelynx.com (P Gentry) wrote in message news:<facb01db.0402202256.2cea0bea@posting.google.com>...
> john@jcrouse.com (John A. Crouse) wrote in message news:<aea9b6ef.0402200807.72309cef@posting.google.com>...
> > I have a small block of public IP assigned me, and am connecting to
> > the uplink via ADSL.
> >
> > I have the DSL working, (I am using the linux box right now to write
> > this!), and my internal network can see the IP assigned to is for both
> > sides of the network (eth0 and ppp0). I can ping and traceroute to
> > each of these. They even do DNS resolution on the traceroute.
> >
> > I cannot get past that point. I have screwed with the "IP ROUTE"
> > command so much, I am suprised any routing works at all.
>
> You mean internal net cannot get out of the ppp0 interface and out to
> the internet? Double check that ip forwarding is on -- it should be,
> but always good to check. Are you using dhcp or is all config manual?
>
> > Here is my setup scenario - I've changed IP #'s to protect the
> > innocent!:
> >
> > ppp0 - 206.201.23.35 (static assigned IP via pppoe)
>
> This is your interface to ISP?

That is correct.

>
> > eth0 - 206.201.44.161 (beginning first usuable of 206.201.44.160/24)
>
> This interface to internal net?

Again, correct

>
> > On the network side, I have workstations configured w/ IP's of
> > 206.201.44.162-190, and a gateway of 206.201.44.161
> >
> > here is my current IP Route list
>
> Output of "route" is a bit easier to work with compared to "ip route"
>
> > 0.0.0.0 via 206.201.44.161 dev eth0
>
> This says that _any_ dst IP not listed below should travel out this
> interface.
> It is "hiding" the default gw. A similar looking form is used to set
> up multiple gws, but not quite like this.
>

I removed this.

> > 209.143.43.1 dev ppp0 proto kernel scope link src 206.201.23.35
>
> Where is this 209.143.43.1 coming from?
>

Not sure how it got added, but after the box connects via PPPoE, this
is my next hop on the `Net - i.e. my ppp0 gateway (for lack of a
better term)

I did not add this

> > 206.201.23.35 dev eth0 proto kernel scope link src 206.201.44.161
> > 206.201.44.161 dev eth0 scope link
> The ethernet IP
>
> > 206.201.44.0/24 dev eth0 proto static scope link
> The net associated with this interface
>
> > 169.254.0.0/16 dev eth0 scope link
>
> This used to be evidence of a Win or Mac box that couldn't find a dhcp
> server -- some Linux distros using it now. See:
> http://www.petri.co.il/what's_apipa.htm
>

Ok, removed it.

> > 127.0.0.0/8 dev lo scope link
> > default via 209.143.43.1 dev ppp0
>
> This says that for any dst not covered by an entry, use this
> interface. But your 0.0.0.0 in first line effectively covers _any_
> dst!
>
> > I am not even sure how the first line got there, probably some stupid
> > attack I had in a vain attempt at making this work.
> >
> > I obviously do not understand this as much as I had previously
> > thought.
>
> Believe me, we all have that feeling when we can't get routing set up.
> It's usually something that makes you feel really dumb when you get
> it fixed. Talk about salt in the wounds!
>
> > What gives? What IP routes do I need to add? ...
>
> Well it's not easy to say without some more info or good guessing.
> Routing through a gw and maintaining a subnet can depend on every
> host/interface being configured correctly.
>
> > ...Or did I not compile
> > the kernel correctly to do the advanced IP routing? (I understood it
> > to be native to Fedora, but I am probably wrong).
>
> You are correct that the ip commands of iprouteV2 are standard fare.
>
> > Thanks in advance for any help you could give!
> >
> > John
>
> See Ken's post and make sure you've got dhcp (if you're using it)
> configured correctly or confirm with you ISP re: your subnet mask.
> I'm assuming it's just a typo when you "hid" your IPs.
>
> BTW -- especially when sending output of commands (very nice of you,
> thanks) it also helps if you capture the actual command entered (eg.,
> copy the command line if your in an xterm).
>
> To really help if you still have problems, the output of:
> [user@pbrain]$ /sbin/ifconfig /dev/[interface]
> for each box/interface could be handy.
>
> Be especially careful using ip commands -- they can get subtle and are
> subject to "typo mystery effects". I stick with ifconfig and route as
> much as possible.
>
> hth,
> prg
> email above disabled

Ok - here is my modified routing table. I checked and had to run
echo 1 > /proc/sys/net/ipv4/ip_forward

and it now contains a 1

Is there another way to verify IP forwarding is enabled?

route:

----
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   
Use Iface
206.201.44.160  *               255.255.255.224 U     0      0       
0 eth0
127.0.0.0       *               255.0.0.0       U     0      0       
0 lo
default         bryn-veri-stati 0.0.0.0         UG    0      0       
0 ppp0
                 ^^^^^^^--- This is the .35 address
----
Thanks again!
-John

• Next message: Frank Sweetser: "Re: Duplex problems with NFS mounts"
• Previous message: Swordsman: "Duplex problems with NFS mounts"
• In reply to: P Gentry: "Re: Fedora as Router - cannot get past gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint