Help with simple routing

Hi, everyone!

I'm trying to set up a router for my small network that I want to look
like this -
ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
192.168.2.1 <--> My subnet 192.168.2.0

I've had the same machines working with only the ISDN-router set up as
the gateway, but I want to be a proper guy and have a DMZ and to use
iptables for firewalling. The first obstacle is obviously to get the
routing to work. Here I failed.
This is what I have done:
#route -n
dest gw genmask flags iface
192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 192.168.1.50 0.0.0.0 UG eth0

NICs are two Davicom DM9102, both on irq 11, addresses are 0x2400 and
0x2800 using the driver dmfe.

My problem is that no traffic, at all, seems to be hitting the network.
I can ping the two cards from the intended router but none of the other
machines and none of the other machines can ping the router!

I have enabled ip forwarding with:
# echo 1 > /proc/sys/net/ipv4/ip_formward

All the documentation on the routing subject seems to find this too
trivial to describe in any detail.

I really need some help!

cheers
/calle

On Thursday 04 September 2003 10:41, calle wrote:

> ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
> 192.168.2.1 <--> My subnet 192.168.2.0
>
> I've had the same machines working with only the ISDN-router set up as
> the gateway, but I want to be a proper guy and have a DMZ and to use
> iptables for firewalling. The first obstacle is obviously to get the
> routing to work. Here I failed.
> This is what I have done:

> #route -n
> dest gw genmask flags iface
> 192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
> 192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U lo
> 0.0.0.0 192.168.1.50 0.0.0.0 UG eth0

The first two routes for the Ethernet interfaces are wrong.
The network of these interfaces are directly attached and
therefore don't need a gateway.

Thus get rid of them, it is sufficient if you properly
configure the interfaces via ifconfig to get the proper
routes in the routing table. Eg. in your case:

ifconfig eth0 192.168.1.35 netmask 255.255.255.0
ifconfig eth1 192.168.2.1 netmask 255.255.255.0


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Horst Knobloch wrote:
> On Thursday 04 September 2003 10:41, calle wrote:
>
>
>>ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
>>192.168.2.1 <--> My subnet 192.168.2.0
>>
>>I've had the same machines working with only the ISDN-router set up as
>>the gateway, but I want to be a proper guy and have a DMZ and to use
>>iptables for firewalling. The first obstacle is obviously to get the
>>routing to work. Here I failed.
>>This is what I have done:
>
>
>>#route -n
>>dest gw genmask flags iface
>>192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
>>192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
>>127.0.0.0 0.0.0.0 255.0.0.0 U lo
>>0.0.0.0 192.168.1.50 0.0.0.0 UG eth0
>
>
> The first two routes for the Ethernet interfaces are wrong.
> The network of these interfaces are directly attached and
> therefore don't need a gateway.
>
> Thus get rid of them, it is sufficient if you properly
> configure the interfaces via ifconfig to get the proper
> routes in the routing table. Eg. in your case:
>
> ifconfig eth0 192.168.1.35 netmask 255.255.255.0
> ifconfig eth1 192.168.2.1 netmask 255.255.255.0
>
>
> Ciao, Horst


Thank you, but no luck. Don't I need a route between the cards? I can't
ping between them, not to any of the other machines on the network and I
can't ping to the machine, either card! Nothing seems to hit the cable!?

Any ideas?

/calle

In article <(E-Mail Removed)>, calle wrote:
> Any ideas?

Did you try what Horst suggested?

#v+
rob0@hal:~$ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
external.netwk * 255.255.255.128 U 0 0 0 eth1
local.lan * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default router.local.la 0.0.0.0 UG 0 0 0 eth1
#v-

No gateways except for default.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

On Thursday 04 September 2003 17:00, calle wrote:

> Horst Knobloch wrote:
>> On Thursday 04 September 2003 10:41, calle wrote:
>>
>>>ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
>>>192.168.2.1 <--> My subnet 192.168.2.0
>>>
[...]
>>>#route -n
>>>dest gw genmask flags iface
>>>192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
>>>192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
>>>127.0.0.0 0.0.0.0 255.0.0.0 U lo
>>>0.0.0.0 192.168.1.50 0.0.0.0 UG eth0
>>
>>
>> The first two routes for the Ethernet interfaces are wrong.
>> The network of these interfaces are directly attached and
>> therefore don't need a gateway.
>>
>> Thus get rid of them, it is sufficient if you properly
>> configure the interfaces via ifconfig to get the proper
>> routes in the routing table. Eg. in your case:
>>
>> ifconfig eth0 192.168.1.35 netmask 255.255.255.0
>> ifconfig eth1 192.168.2.1 netmask 255.255.255.0
>>

> Thank you, but no luck. Don't I need a route between the cards?

No. ifconfig enters autonomously the proper routing entries
for the interfaces. You don't need to enter one via the route
command yourself. You need to enter an explicit routing entry
only if you want to reach hosts which are not part of the
network directly attached.

If you have configured the interfaces correctly, you should
be able to ping your ISDN router and the hosts on
192.168.2.0/24 net from your Linux router. Of course the
ethernet interface on the hosts must also be configured
correctly.

If you have entered a default gateway on the hosts in the
192.168.2.0 net, you should even be able to ping 192.168.1.35
and 192.168.1.50 from the hosts.


> I can't
> ping between them, not to any of the other machines on the network and I
> can't ping to the machine, either card! Nothing seems to hit the cable!?

Please post the output of "route -n", "ifconfig" and the
exact (error) output of the ping command on the Linux
router and from a host which you can't ping.

Also check whether you use the correct cables. If you directly
connect two devices (without going over a switch or hub) you
need a cross-over cable, otherwise a straight-through cable.
Most NICs and Hubs/Switches have a green LED which indicates a
proper connection. Check this.


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Horst Knobloch wrote:
> On Thursday 04 September 2003 17:00, calle wrote:
>
>
>>Horst Knobloch wrote:
>>
>>>On Thursday 04 September 2003 10:41, calle wrote:
>>>
>>>
>>>>ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
>>>>192.168.2.1 <--> My subnet 192.168.2.0
>>>>
>>>
> [...]
>
>>>>#route -n
>>>>dest gw genmask flags iface
>>>>192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
>>>>192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
>>>>127.0.0.0 0.0.0.0 255.0.0.0 U lo
>>>>0.0.0.0 192.168.1.50 0.0.0.0 UG eth0
>>>
>>>
>>>The first two routes for the Ethernet interfaces are wrong.
>>>The network of these interfaces are directly attached and
>>>therefore don't need a gateway.
>>>
>>>Thus get rid of them, it is sufficient if you properly
>>>configure the interfaces via ifconfig to get the proper
>>>routes in the routing table. Eg. in your case:
>>>
>>>ifconfig eth0 192.168.1.35 netmask 255.255.255.0
>>>ifconfig eth1 192.168.2.1 netmask 255.255.255.0
>>>
>>
>
>>Thank you, but no luck. Don't I need a route between the cards?
>
>
> No. ifconfig enters autonomously the proper routing entries
> for the interfaces. You don't need to enter one via the route
> command yourself. You need to enter an explicit routing entry
> only if you want to reach hosts which are not part of the
> network directly attached.
>
> If you have configured the interfaces correctly, you should
> be able to ping your ISDN router and the hosts on
> 192.168.2.0/24 net from your Linux router. Of course the
> ethernet interface on the hosts must also be configured
> correctly.
>
> If you have entered a default gateway on the hosts in the
> 192.168.2.0 net, you should even be able to ping 192.168.1.35
> and 192.168.1.50 from the hosts.
>
>
>
>>I can't
>>ping between them, not to any of the other machines on the network and I
>>can't ping to the machine, either card! Nothing seems to hit the cable!?
>
>
> Please post the output of "route -n", "ifconfig" and the
> exact (error) output of the ping command on the Linux
> router and from a host which you can't ping.
>
> Also check whether you use the correct cables. If you directly
> connect two devices (without going over a switch or hub) you
> need a cross-over cable, otherwise a straight-through cable.
> Most NICs and Hubs/Switches have a green LED which indicates a
> proper connection. Check this.
>
>
> Ciao, Horst

Yes, leds are lit but not blinking during ping from my intended router.
Pingning from another machine the led is blinking, but not the ones for
the router.

#route -n
dest gw genmask flags iface
192.168.2.0 0.0.0.0 255.255.255.0 U eth1
192.168.1.0 0.0.0.0 255.255.255.0 U eth0
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 192.168.1.50 0.0.0.0 UG eth0

#ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:A1:18:46:0A
inet addr: 192.168.1.35 Bcast:192.168.1.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
TX packets: 691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:52496 (51.2 Kb) TX bytes:105832 (103.3 Kb)

eth1 Link encap:Ethernet HWaddr 00:08:A1:13:06:10
inet addr: 192.168.2.1 Bcast:192.168.2.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
TX packets: 126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:52496 (51.2 Kb) TX bytes:19598 (19.1 Kb)

lo Link encap:Local loopback
inet addr: 127.0.0.1 Mask: 255.0.0.0
UP LOOPBACK RUNNING MTU:1500 Metric:1
RX packets: 253 errors:0 dropped:0 overruns:0 frame:0
TX packets: 253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:23228 (22.6 Kb) TX bytes:23228 (22.6 Kb)

Cables are OK. I have used them with the router machine before, when I
had just the eth0 installed...and working fine!
I use RH 7.2, kernel 2.4.7-10. Is there any recompiling or new modules
required for the routing to work?

/calle

On Thursday 04 September 2003 20:50, calle wrote:

> Horst Knobloch wrote:
>> On Thursday 04 September 2003 17:00, calle wrote:
>>
>>>Horst Knobloch wrote:
>>>
>>>>On Thursday 04 September 2003 10:41, calle wrote:
>>>>
>>>>
>>>>>ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
>>>>>192.168.2.1 <--> My subnet 192.168.2.0

[...]
> Yes, leds are lit but not blinking during ping from my intended router.
> Pingning from another machine the led is blinking, but not the ones for
> the router.
>
> #route -n
> dest gw genmask flags iface
> 192.168.2.0 0.0.0.0 255.255.255.0 U eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U lo
> 0.0.0.0 192.168.1.50 0.0.0.0 UG eth0
>
> #ifconfig
> eth0 Link encap:Ethernet HWaddr 00:08:A1:18:46:0A
> inet addr: 192.168.1.35 Bcast:192.168.1.255 Mask: 255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
> TX packets: 691 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
> RX bytes:52496 (51.2 Kb) TX bytes:105832 (103.3 Kb)
>
> eth1 Link encap:Ethernet HWaddr 00:08:A1:13:06:10
> inet addr: 192.168.2.1 Bcast:192.168.2.255 Mask: 255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
> TX packets: 126 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
> RX bytes:52496 (51.2 Kb) TX bytes:19598 (19.1 Kb)

This router configuration looks good. It also indicates
that packets are transmitted (TX) and received (RX).
Leave the router's IP configuration as it is.

Check whether you have a packet filter in place on the
Linux router which blocks the traffic. For this run
"iptables -nvL" or "iptables-save". If you get an error
check with "ipchains -nvL".


> Cables are OK. I have used them with the router machine before, when I
> had just the eth0 installed...and working fine!

Your ISDN router is directly (not via a switch/hub) connected
to the Linux router's eth0. Right? In this case you need a
cross-over cable.

If your hosts and eth1 of the Linux router are connected
via a hub or switch you need straight-through cables.

However it should be a good indication that you use the
right cables if on all eth. devices the green LEDs are lit.


> I use RH 7.2, kernel 2.4.7-10. Is there any recompiling or new modules
> required for the routing to work?

No. The RH-standard kernel has this capability already.


BTW: You forgot the exact output of the ping command and
the IP configuration of the hosts.


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Horst Knobloch wrote:
> On Thursday 04 September 2003 20:50, calle wrote:
>
>
>>Horst Knobloch wrote:
>>
>>>On Thursday 04 September 2003 17:00, calle wrote:
>>>
>>>
>>>>Horst Knobloch wrote:
>>>>
>>>>
>>>>>On Thursday 04 September 2003 10:41, calle wrote:
>>>>>
>>>>>
>>>>>
>>>>>>ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
>>>>>>192.168.2.1 <--> My subnet 192.168.2.0
>>>>>
>
> [...]
>
>>Yes, leds are lit but not blinking during ping from my intended router.
>>Pingning from another machine the led is blinking, but not the ones for
>>the router.
>>
>>#route -n
>>dest gw genmask flags iface
>>192.168.2.0 0.0.0.0 255.255.255.0 U eth1
>>192.168.1.0 0.0.0.0 255.255.255.0 U eth0
>>127.0.0.0 0.0.0.0 255.0.0.0 U lo
>>0.0.0.0 192.168.1.50 0.0.0.0 UG eth0
>>
>>#ifconfig
>>eth0 Link encap:Ethernet HWaddr 00:08:A1:18:46:0A
>>inet addr: 192.168.1.35 Bcast:192.168.1.255 Mask: 255.255.255.0
>>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
>>TX packets: 691 errors:0 dropped:0 overruns:0 carrier:0
>>collisions:0
>>RX bytes:52496 (51.2 Kb) TX bytes:105832 (103.3 Kb)
>>
>>eth1 Link encap:Ethernet HWaddr 00:08:A1:13:06:10
>>inet addr: 192.168.2.1 Bcast:192.168.2.255 Mask: 255.255.255.0
>>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
>>TX packets: 126 errors:0 dropped:0 overruns:0 carrier:0
>>collisions:0
>>RX bytes:52496 (51.2 Kb) TX bytes:19598 (19.1 Kb)
>
>
> This router configuration looks good. It also indicates
> that packets are transmitted (TX) and received (RX).
> Leave the router's IP configuration as it is.
>
> Check whether you have a packet filter in place on the
> Linux router which blocks the traffic. For this run
> "iptables -nvL" or "iptables-save". If you get an error
> check with "ipchains -nvL".
>
>
>
>>Cables are OK. I have used them with the router machine before, when I
>>had just the eth0 installed...and working fine!
>
>
> Your ISDN router is directly (not via a switch/hub) connected
> to the Linux router's eth0. Right? In this case you need a
> cross-over cable.
>
> If your hosts and eth1 of the Linux router are connected
> via a hub or switch you need straight-through cables.
>
> However it should be a good indication that you use the
> right cables if on all eth. devices the green LEDs are lit.
>
>
>
>>I use RH 7.2, kernel 2.4.7-10. Is there any recompiling or new modules
>>required for the routing to work?
>
>
> No. The RH-standard kernel has this capability already.
>
>
> BTW: You forgot the exact output of the ping command and
> the IP configuration of the hosts.
>
>
> Ciao, Horst

Hello, again.

The ISDN router is working with the machines on the 192.168.1.0 network,
so thats not the problem. iptables-save reports
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Sep 5 08:37:30 2003

Ping output says "Destination Host Unreachable" both from the router and
from a Linux machine. From an NT server on the other side of my WLAN,
same subnet though, it says "request timed out".

I read somewhere that some drivers need to have an alias(or something)
to be able to be loaded more than once, but lsmod reports the dmfe
module is used twice.

Short description of the network I have:

Subnet 192.168.1.0 works fine and is using th ISDN router as its gateway
and DNS. It is physically separate by a workgroup WLAN bridge. On one
side there is the ISDN router and the Windows domain server. On the
other side there is one Win2k/RH 8 dual boot machine one Win2k machine
and the intended linux(RH 7.2) router. The communication over WLAN works
fine. All machines reach each other, except for the RH 7.2 router.

My plan is to have the RH 7.2 machine as the router/firewall/DNS for my
192.168.2.0 network and for it to be a DMZ between the ISDN router and
the 192.168.1.0 subnet.

/calle

On Friday 05 September 2003 09:11, calle wrote:

[big snip]

> Short description of the network I have:
>
> Subnet 192.168.1.0 works fine and is using th ISDN router as its gateway
> and DNS. It is physically separate by a workgroup WLAN bridge. On one
> side there is the ISDN router and the Windows domain server. On the
> other side there is one Win2k/RH 8 dual boot machine one Win2k machine
> and the intended linux(RH 7.2) router. The communication over WLAN works
> fine. All machines reach each other, except for the RH 7.2 router.

Do I understand correctly? You have the following setup



10/100Base-T interfaces WLAN interfaces

Internet .----------.
--------ISDN Router-----------| |-------Win2k/RH8
192.168.1.35/24 | | 192.168.2.a/24
| | def gw 192.168.2.1
| |
| |-------Win2k
| WLAN | 192.168.2.b/24
| Bridge | def gw 192.168.2.1
| |
| |------192.168.2.1/24
| | Linux Router
| |------192.168.1.50/24
WINS------------| | def. gw 192.168.1.35
192.168.1.z/24 '----------'
def. gw 192.168.1.35

So, you have two WLAN interfaces from the Linux Router into the
same physical net, and you have two IP works (192.168.2.0/24
and 192.168.1.0/24) overlaid over the same physical net?


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

I saw in another thread, in this newsgroup, a note about a utility
called "mii-tool". I ran it on the router and got the following output:
eth0: 10 mbit, half duplex, no link
eth1: 10 mbit, half duplex, no link

Which is not very nice since the card type is 100 mbit full duplex.

I stopped the network removed the driver and reloaded the driver trying
to force 100 mbit full duplex...need I say; No luck!

I also looked at the module configuration for eth0 and eth1. his told
m3e that there's one "alias eth0 dmfe" and one "alias eth1 tulip". Still
there's no tulip driver loaded but two counts for dmfe?!?!?!

Does this make sense?

/calle