Can't ping or get some sites

From what it looks like I can't seem to resolve IP addresses from
domain names when I am running my NAT script. The eth1 startup script
is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
server. Is this how I am supposed to set eth1 to resolve IPs? If not
how do I do that?

/etc/sysconfig/network-script/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp

/etc/sysconfig/network-script/ifcfg-eth1

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
GATEWAY=eth0

For eth1 should I set gateway to something else? If so what?

DNS is configured from /etc/resolv.conf, where you define your
nameservers. It is server specific, not interface specific.

I'm not sure how your system is set up, and what eth0 and 1 connect
to, but...

1. does your nat startup script modify /etc/resolv.conf?
2. is the nameserver defined in resolv.conf contactable when either
interface is up?

Just to keep myself current, I built my own local dns server which
resolves all the devices on my local network, and connects to those
provided by my ISP when necessary.

Is this any help??

Steve

On 2 Sep 2003 21:43:35 -0700, (E-Mail Removed) (Chris) wrote:

>From what it looks like I can't seem to resolve IP addresses from
>domain names when I am running my NAT script. The eth1 startup script
>is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
>server. Is this how I am supposed to set eth1 to resolve IPs? If not
>how do I do that?
>
>/etc/sysconfig/network-script/ifcfg-eth0
>
>DEVICE=eth0
>ONBOOT=yes
>BOOTPROTO=dhcp
>
>/etc/sysconfig/network-script/ifcfg-eth1
>
>DEVICE=eth1
>ONBOOT=yes
>BOOTPROTO=static
>IPADDR=192.168.1.1
>NETMASK=255.255.255.0
>GATEWAY=eth0
>
>For eth1 should I set gateway to something else? If so what?

On 2 Sep 2003 21:43:35 -0700, Chris wrote:
> From what it looks like I can't seem to resolve IP addresses from
> domain names when I am running my NAT script. The eth1 startup script
> is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
> server. Is this how I am supposed to set eth1 to resolve IPs? If not
> how do I do that?

Please read http://www.catb.org/~esr/faqs/smart-questions.html
Guessing Redhat or Mandrake

Please read the last 4 lines of this reply, I'll wait . . . . . . . . . .

Let's assume manzy-mo-1-16 is your node name from your isp.

fw is the firewall box with two nics and wb is the web browsing
box on eth1 and your domain is home and you're connected to a cable modem.

Have to guess you have a cross-over cable to hook nic to nic
or a regular cable from nic to cable modem and nic to a switch/hub.

All names and numbers are examples only, any similarity to real life
is an accident.

Example: layout
192.168.1.1 pc1 node's gateway
192.168.1.10 pc1 node's ip
|
v
x pc1 printer 150.135.180.16
x \ / |
x \ / v
x Switch/hub-----eth1_fw_eth0---cablemodem-----ISPgateway---Internet
x / ^ ^
x / | |
x pc2 192.168.1.1 150.135.180.1
^ lan gateway
|
192.168.1.12 pc2 node's ip
192.168.1.1 pc2 node's gateway



There are just a very few ISPs which still require the DHCP_HOSTNAME
value. It will not hurt to set it here.

/etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=yes
DHCP_HOSTNAME="manzy-mo-1-16"
HOSTNAME=fw.home
DOMAINNAME=home
GATEWAY=150.135.180.1 <=========== change
GATEWAYDEV=eth0

modify /etc/resolv.conf Here is an example:
search localdomain Arizona.EDU <==== change
nameserver 128.196.128.233 <==== change
nameserver 128.196.128.234 <==== change
nameserver 128.196.188.95 <==== change

put your hostname.domain name in /etc/hosts
127.0.0.1 localhost.localdomain localhost
150.135.180.16 manzy-mo-1-16.rescomp.Arizona.EDU isp_name
192.168.1.1 fw.home fw
192.168.1.10 wb.home wb <==== add other box

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes


cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes

In /etc/sysctl.conf set
# Controls IP packet forwarding/masquerade
net.ipv4.ip_forward = 0 <======== change to 1


You may have to add a maswquade run to firewall
iptables -A POSTROUTING -t nat -s 192.168.1.0/255.255.255.0 -o eth+ -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


service network restart
and see what errors you have in /var/log/messages

Execpt for ip numbers, your fw.home route should look kinda like

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
81.103.155.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 150.135.180.1 0.0.0.0 UG 0 0 0 eth0



Test network with
ping -c 1 150.135.180.1 to test route to isp gateway.
ping -c 1 66.218.71.198 to test isp routing
ping -c 1 yahoo.com to test DNS


Now on the browser box (wb.home)

cat /etc/sysconfig/network
HOSTNAME=wb.home
NETWORKING=yes
GATEWAY="192.168.1.1"
GATEWAYDEV="eth0"
FORWARD_IPV4="yes"

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes

cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
150.135.180.16 manzy-mo-1-16.rescomp.Arizona.EDU isp_name
192.168.1.1 fw.home fw
192.168.1.10 wb.home wb

modify /etc/resolv.conf Here is an example:
search localdomain Arizona.EDU <==== change
nameserver 128.196.128.233 <==== change
nameserver 128.196.128.234 <==== change
nameserver 128.196.188.95 <==== change

Now, set your changes with the command
service network restart
and check the routing

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

Test network with
ping -c 1 fw to check routing and cable to fw box.
ping -c 1 81.103.155.1 to test to isp gateway.
ping -c 1 66.218.71.198 to test ip forward and masquerade
ping -c 1 yahoo.com to test DNS

--
The warranty and liability expired as you read this message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.
Do a, man command_here or cat command_here, before using it.

Steve Holdoway <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> DNS is configured from /etc/resolv.conf, where you define your
> nameservers. It is server specific, not interface specific.
>
> I'm not sure how your system is set up, and what eth0 and 1 connect
> to, but...
>
> 1. does your nat startup script modify /etc/resolv.conf?
> 2. is the nameserver defined in resolv.conf contactable when either
> interface is up?
>
> Just to keep myself current, I built my own local dns server which
> resolves all the devices on my local network, and connects to those
> provided by my ISP when necessary.
>
> Is this any help??
>
> Steve
>
> On 2 Sep 2003 21:43:35 -0700, (E-Mail Removed) (Chris) wrote:
>
> >From what it looks like I can't seem to resolve IP addresses from
> >domain names when I am running my NAT script. The eth1 startup script
> >is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
> >server. Is this how I am supposed to set eth1 to resolve IPs? If not
> >how do I do that?
> >
> >/etc/sysconfig/network-script/ifcfg-eth0
> >
> >DEVICE=eth0
> >ONBOOT=yes
> >BOOTPROTO=dhcp
> >
> >/etc/sysconfig/network-script/ifcfg-eth1
> >
> >DEVICE=eth1
> >ONBOOT=yes
> >BOOTPROTO=static
> >IPADDR=192.168.1.1
> >NETMASK=255.255.255.0
> >GATEWAY=eth0
> >
> >For eth1 should I set gateway to something else? If so what?

Sorry I should have clarified that. Eth0 goes to the university
network, eth1 goes to my small network. No my script does not modify
/etc/resolve.conf. What should I put in place of GATEWAY=eth0 in the
eth1 config script? And what should I put in my NAT script to modify
/etc/resolve.conf, I haven't gotten to the point of being able to
script that yet. Thank you for your time.

On 2 Sep 2003 21:43:35 -0700, Chris <(E-Mail Removed)> wrote:
> From what it looks like I can't seem to resolve IP addresses from
> domain names when I am running my NAT script. The eth1 startup script
> is set for eth0 as the gateway, and eth1 gets its IP from a DHCP
> server. Is this how I am supposed to set eth1 to resolve IPs? If not
> how do I do that?

You made a slight typo. It appears that your eth0 (not eth1) gets its IP
from DHCP. The only reason a gateway would cause DNS failure, is if the
gateway is incorrect, which makes the nameserver(s) unreachable.

> /etc/sysconfig/network-script/ifcfg-eth0
>
> DEVICE=eth0
> ONBOOT=yes
> BOOTPROTO=dhcp
>
> /etc/sysconfig/network-script/ifcfg-eth1
>
> DEVICE=eth1
> ONBOOT=yes
> BOOTPROTO=static
> IPADDR=192.168.1.1
> NETMASK=255.255.255.0
> GATEWAY=eth0
>
> For eth1 should I set gateway to something else? If so what?

You should NOT set any gateway for eth1. It sounds like you are looping a
gateway back to yourself, which may be your problem. eth1 should just
have a net route for 192.168.1.0/255.255.255.0, which network scripts
should do automatically based on your IPADDR and NETMASK.

However, any other boxes on your eth1 network would need a default gw to
your eth1 IP and you would need to have ip_forward enabled. You would
also likely need to masquerade anything going out eth0 as your eth0 IP,
since your university probably knows nothing about your private network or
how to route to it.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/