configuring addresses

Hi people!
I habe in a linux machine 2 NIC .

NIC 1 -> 192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0"
attached to NIC1 is one DSL Modem.


Question 1:
How will I have to configure nic 2 that both networks don't bite each
other.

Question 2:
How will the clients behind NIC2 (connected to a switch) to be configured?



Tamer

On Thu, 08 Apr 2010 23:56:10 +0200, Tamer Higazi wrote:
> Hi people!
> I habe in a linux machine 2 NIC .
>
> NIC 1 -> 192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0"
> attached to NIC1 is one DSL Modem.
>
>
> Question 1:
> How will I have to configure nic 2 that both networks don't bite each
> other.

Put nic 2 in another network, example: 192.168.4.x and give nic 1 as
nic 2's gateway. Be sure to enable net ipv4 forwarding.

> Question 2:
> How will the clients behind NIC2 (connected to a switch) to be configured?

Give them 192.168.4.x ip addresses with nic 2 as their gateway.

My config:

# This network configuration was written by net-setup

config_eth0=("192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0")
config_eth3=("192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0")

dns_domain_lo="heimnetzwerk"

and if i configure a client behind eth3 let us say with:

192.168.2.2, gw: 192.168.2.1 and nameserver: 192.168.2.1

i stil even can't jump with the client in the internet. Ip forwarding is
activated and masquerading too


Here te firehol (firewall) script:
--

server_skypeserv_ports="tcp/9082 udp/9082 tcp/23399 udp/23399"
client_skypeserv_ports="default 23399"

masquerade ppp+

interface eth+ lan
policy accept

interface ppp+ world
protection strong 10/sec 10
server http accept
server https accept
server icmp accept
server skypeserv accept
client all accept

router world2lan inface ppp+ outface eth+
client all accept

router lan2lan inface eth+ outface eth+
route all accept
--

however, I can't jump with the client in the internet. I can ping to the
other machine, but not in the internet. The hell I know why

For any advises, I would thank you kindly.



Tamer


Am 09.04.2010 01:20, schrieb Bit Twister:
> On Thu, 08 Apr 2010 23:56:10 +0200, Tamer Higazi wrote:
>> Hi people!
>> I habe in a linux machine 2 NIC .
>>
>> NIC 1 -> 192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0"
>> attached to NIC1 is one DSL Modem.
>>
>>
>> Question 1:
>> How will I have to configure nic 2 that both networks don't bite each
>> other.
>
> Put nic 2 in another network, example: 192.168.4.x and give nic 1 as
> nic 2's gateway. Be sure to enable net ipv4 forwarding.
>
>> Question 2:
>> How will the clients behind NIC2 (connected to a switch) to be configured?
>
> Give them 192.168.4.x ip addresses with nic 2 as their gateway.

On Fri, 09 Apr 2010 12:20:36 +0200, Tamer Higazi wrote:
> My config:
>
> # This network configuration was written by net-setup

Sorry, I have not seen that kind of configuration file.
What Linux Distribution are you running?


> config_eth0=("192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0")
> config_eth3=("192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0")
>
> dns_domain_lo="heimnetzwerk"

I need to install your distribution. What is it?

> and if i configure a client behind eth3 let us say with:
>
> 192.168.2.2, gw: 192.168.2.1 and nameserver: 192.168.2.1

You might want to consider using a known working dns server while
testing. Do a
cat /etc/resolv.conf
on the 192.168.1.2 machine and use same dns values on 192.168.2.2 machine.

> i stil even can't jump with the client in the internet. Ip forwarding is
> activated and masquerading too

Double check that, on the 192.168.1.2 machine, do a
cat /proc/sys/net/ipv4/ip_forward
if 1, then you are correct.

We need to see routing from both machines. The command is
route -n


> Here te firehol (firewall) script:

snip

When working a network problem, I find it helpful to have a spare
terminal open, watching the log file. I run shorewall as my firewall
and it's output can be seen in /var/log/messages. So the command is

tail -f /var/log/messages

Then I run my tests in another terminal.

> however, I can't jump with the client in the internet. I can ping to the
> other machine, but not in the internet. The hell I know why

To keep trouble shooting simple, I would ping the WAN/internet gateway
ip address from 192.168.1.2. If works, then ping the same ip address
from 192.168.2.2 (LAN machine).

It's working!


Am 09.04.2010 12:45, schrieb Bit Twister:
> On Fri, 09 Apr 2010 12:20:36 +0200, Tamer Higazi wrote:
>> My config:
>>
>> # This network configuration was written by net-setup
>
> Sorry, I have not seen that kind of configuration file.
> What Linux Distribution are you running?
>
>
>> config_eth0=("192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0")
>> config_eth3=("192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0")
>>
>> dns_domain_lo="heimnetzwerk"
>
> I need to install your distribution. What is it?
>
Gentoo Linux with Kernel: 2.6.30-r5

>> and if i configure a client behind eth3 let us say with:
>>
>> 192.168.2.2, gw: 192.168.2.1 and nameserver: 192.168.2.1
>
> You might want to consider using a known working dns server while
> testing.

I have set up on the x.1.2 machine the tool "dnsmasq":
http://www.thekelleys.org.uk/dnsmasq/doc.html

which should forward the DNS Servers listet in the /etc/resolv.conf.
But of course I will make a retry with fixed values.

Do a
> cat /etc/resolv.conf
> on the 192.168.1.2 machine and use same dns values on 192.168.2.2 machine.
>
>> i stil even can't jump with the client in the internet. Ip forwarding is
>> activated and masquerading too
>
> Double check that, on the 192.168.1.2 machine, do a
> cat /proc/sys/net/ipv4/ip_forward

I tripple checked now, it is, even now i looked if the value in:

/proc/sys/net/ipv4/ip_forward

was set to 1.

However, after setting the DNS Servers directly at the client, it was
working. Why dnsmasq didn't make it, is for me still a riddle.

> if 1, then you are correct.
>
> We need to see routing from both machines. The command is
> route -n



>
>
>> Here te firehol (firewall) script:
>
> snip
>
> When working a network problem, I find it helpful to have a spare
> terminal open, watching the log file. I run shorewall as my firewall
> and it's output can be seen in /var/log/messages. So the command is
>
> tail -f /var/log/messages
>
> Then I run my tests in another terminal.
>
>> however, I can't jump with the client in the internet. I can ping to the
>> other machine, but not in the internet. The hell I know why
>
> To keep trouble shooting simple, I would ping the WAN/internet gateway
> ip address from 192.168.1.2. If works, then ping the same ip address
> from 192.168.2.2 (LAN machine).

Thank you all for your kind support. However, if you still have the
sollution for the DNS problem, i kindly thank you.



Tamer

On Fri, 09 Apr 2010 14:07:30 +0200, Tamer Higazi wrote:

> I have set up on the x.1.2 machine the tool "dnsmasq":
> http://www.thekelleys.org.uk/dnsmasq/doc.html
>
> which should forward the DNS Servers listet in the /etc/resolv.conf.
> But of course I will make a retry with fixed values.

Hmmm, in my opinion, your dhcp client would have fetched your ISP's
dns server ip and some how dnsmasq learns about that.

Your /etc/resolv.conf on the 192.168.1.2 should be pointing to your
dns resolver/service on 192.168.1.2.

Here is mine:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.132
search home.test
#*********** end resolv.conf ***********************



$ hostname --ip-address
192.168.1.132



> However, after setting the DNS Servers directly at the client, it was
> working. Why dnsmasq didn't make it, is for me still a riddle.

Going to guess the client ip address is static. If so, client's dnsmasq
has to be told about an up line dns server for non-local requests.

Now, if you are not running a dns server on the client, you should have used
the client's gateway ip as the client's dns server ip.
That assumes 192.168.1.2 is running a dns service/daemon.