problem with llinux multi ethernet cards configuration

Hello all,

I'am trying to configure 2 LANS to access internet via a linux box.


-----------
| internet |
-----------
|eth2
-------------
| linuxBox |
-------------
|eth0 |eth1
---- ----
|LAN-0| |LAN-1|
---- ----


Linux box configuration:
-----------------
root@epicure 23:51:01$ uname -a
Linux 2.4.19 ... sparc64

root@epicure 23:51:47$ ifconfig -a
bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth0 Link encap:Ethernet HWaddr .....
inet addr:10.251.254.254 Bcast:10.255.255.255
Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:146 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8952 (8.7 KiB) TX bytes:196 (196.0 b)
Interrupt:160 Base address:0x7000

eth1 Link encap:Ethernet HWaddr .....
inet addr:10.251.254.253 Bcast:10.255.255.255
Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2780 errors:0 dropped:0 overruns:0 frame:0
TX packets:3563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:409402 (399.8 KiB) TX bytes:1176518 (1.1 MiB)
Interrupt:128 Base address:0x2000

eth2 Link encap:Ethernet HWaddr .....
inet addr:xx.xx.210.39 Bcast:xx.xx.10.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4247 errors:0 dropped:0 overruns:0 frame:0
TX packets:3167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1239608 (1.1 MiB) TX bytes:467967 (456.9 KiB)
Interrupt:128 Base address:0x4000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:213 errors:0 dropped:0 overruns:0 frame:0
TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21310 (20.8 KiB) TX bytes:21310 (20.8 KiB)


root@epicure 23:51:56$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
xx.xx.210.0 0.0.0.0 255.255.255.0 U 0 0
0 eth2
10.251.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0
0 eth0
0.0.0.0 xx.xx.210.254 0.0.0.0 UG 0 0
0 eth2




root@epicure 23:53:09$ ipmasq -v
#: Interfaces found:
#: eth2 xx.xx.210.39/255.255.255.0
#: eth0 10.251.254.254/255.0.0.0
#: eth1 10.251.254.253/255.255.0.0
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -F PREROUTING
/sbin/iptables -t mangle -F OUTPUT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT
/sbin/iptables -A FORWARD -j ACCEPT -s 10.251.254.253/255.255.0.0 -d
10.251.254.254/255.0.0.0
/sbin/iptables -A FORWARD -j ACCEPT -s 10.251.254.254/255.0.0.0 -d
10.251.254.253/255.255.0.0
/sbin/iptables -A INPUT -j ACCEPT -i lo
/sbin/iptables -A INPUT -j LOG -i ! lo -s 127.0.0.1/255.0.0.0
/sbin/iptables -A INPUT -j DROP -i ! lo -s 127.0.0.1/255.0.0.0
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i eth1 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -s 10.251.254.254/255.0.0.0
/sbin/iptables -A INPUT -j ACCEPT -i eth1 -s
10.251.254.253/255.255.0.0
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 224.0.0.0/4 -p ! tcp
/sbin/iptables -A INPUT -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/iptables -A INPUT -j LOG -i eth2 -s 10.251.254.254/255.0.0.0
/sbin/iptables -A INPUT -j DROP -i eth2 -s 10.251.254.254/255.0.0.0
/sbin/iptables -A INPUT -j LOG -i eth2 -s 10.251.254.253/255.255.0.0
/sbin/iptables -A INPUT -j DROP -i eth2 -s 10.251.254.253/255.255.0.0
/sbin/iptables -A INPUT -j ACCEPT -i eth2 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i eth2 -d xx.xx.210.39/32
/sbin/iptables -A INPUT -j ACCEPT -i eth2 -d xx.xx.10.255/32
/sbin/iptables -t nat -A POSTROUTING -s 10.251.254.254/255.0.0.0 -j
MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth2 -s 10.251.254.254/255.0.0.0
-j ACCEPT
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 10.251.254.253/255.255.0.0 -j
MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o eth2 -s
10.251.254.253/255.255.0.0 -j ACCEPT
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT -o lo
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 255.255.255.255/32
/sbin/iptables -A OUTPUT -j ACCEPT -o eth1 -d 255.255.255.255/32
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 10.251.254.254/255.0.0.0
/sbin/iptables -A OUTPUT -j ACCEPT -o eth1 -d
10.251.254.253/255.255.0.0
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 224.0.0.0/4 -p ! tcp
/sbin/iptables -A OUTPUT -j ACCEPT -o eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/iptables -A FORWARD -j LOG -o eth2 -d 10.251.254.254/255.0.0.0
/sbin/iptables -A FORWARD -j DROP -o eth2 -d 10.251.254.254/255.0.0.0
/sbin/iptables -A OUTPUT -j LOG -o eth2 -d 10.251.254.254/255.0.0.0
/sbin/iptables -A OUTPUT -j DROP -o eth2 -d 10.251.254.254/255.0.0.0
/sbin/iptables -A FORWARD -j LOG -o eth2 -d 10.251.254.253/255.255.0.0
/sbin/iptables -A FORWARD -j DROP -o eth2 -d
10.251.254.253/255.255.0.0
/sbin/iptables -A OUTPUT -j LOG -o eth2 -d 10.251.254.253/255.255.0.0
/sbin/iptables -A OUTPUT -j DROP -o eth2 -d 10.251.254.253/255.255.0.0
/sbin/iptables -A OUTPUT -j ACCEPT -o eth2 -d 255.255.255.255/32
/sbin/iptables -A OUTPUT -j ACCEPT -o eth2 -s xx.xx.210.39/32
/sbin/iptables -A OUTPUT -j ACCEPT -o eth2 -s xx.xx.10.255/32
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A INPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A OUTPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A FORWARD -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0



There is no hub beteen le linux box and the machines in the LAN-1 and
the LAN-2



The problem is that i can't ping the machine in the LAN-0 whereas i
can do it with the lLAN-1 :

output for LAN-1
-----------------
root@epicure 00:08:22$ ping 10.251.160.49
PING 10.251.160.49 (10.251.160.49): 56 data bytes
64 bytes from 10.251.160.49: icmp_seq=0 ttl=128 time=0.7 ms
64 bytes from 10.251.160.49: icmp_seq=1 ttl=128 time=0.3 ms
^C
--- 10.251.160.49 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.5/0.7 ms


output for LAN-0
-----------------
root@epicure 00:07:08$ ping 10.251.160.50
PING 10.251.160.50 (10.251.160.50): 56 data bytes
^C
--- 10.251.160.50 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss



Thank you for your time and trouble

--
(E-Mail Removed)

On 26 Dec 2003 15:14:38 -0800, lahous <(E-Mail Removed)> wrote:
> Hello all,
>
> I'am trying to configure 2 LANS to access internet via a linux box.
>
>
> -----------
> | internet |
> -----------
> |eth2
> -------------
> | linuxBox |
> -------------
> |eth0 |eth1
> ---- ----
> |LAN-0| |LAN-1|
> ---- ----
>
>
> Linux box configuration:
> -----------------
> root@epicure 23:51:01$ uname -a
> Linux 2.4.19 ... sparc64
>
> root@epicure 23:51:47$ ifconfig -a
> bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> BROADCAST MASTER MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> eth0 Link encap:Ethernet HWaddr .....
> inet addr:10.251.254.254 Bcast:10.255.255.255
> Mask:255.0.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:146 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:8952 (8.7 KiB) TX bytes:196 (196.0 b)
> Interrupt:160 Base address:0x7000
>
> eth1 Link encap:Ethernet HWaddr .....
> inet addr:10.251.254.253 Bcast:10.255.255.255
> Mask:255.255.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2780 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3563 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:409402 (399.8 KiB) TX bytes:1176518 (1.1 MiB)
> Interrupt:128 Base address:0x2000
>
> eth2 Link encap:Ethernet HWaddr .....
> inet addr:xx.xx.210.39 Bcast:xx.xx.10.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4247 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3167 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1239608 (1.1 MiB) TX bytes:467967 (456.9 KiB)
> Interrupt:128 Base address:0x4000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:213 errors:0 dropped:0 overruns:0 frame:0
> TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:21310 (20.8 KiB) TX bytes:21310 (20.8 KiB)
>
>
> root@epicure 23:51:56$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> xx.xx.210.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth2
> 10.251.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth1
> 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 eth0
> 0.0.0.0 xx.xx.210.254 0.0.0.0 UG 0 0
> 0 eth2
(snip)
> There is no hub beteen le linux box and the machines in the LAN-1 and
> the LAN-2
>
>
>
> The problem is that i can't ping the machine in the LAN-0 whereas i
> can do it with the lLAN-1 :
>
> output for LAN-1
> -----------------
> root@epicure 00:08:22$ ping 10.251.160.49
> PING 10.251.160.49 (10.251.160.49): 56 data bytes
> 64 bytes from 10.251.160.49: icmp_seq=0 ttl=128 time=0.7 ms
> 64 bytes from 10.251.160.49: icmp_seq=1 ttl=128 time=0.3 ms
> ^C
> --- 10.251.160.49 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max = 0.3/0.5/0.7 ms
>
>
> output for LAN-0
> -----------------
> root@epicure 00:07:08$ ping 10.251.160.50
> PING 10.251.160.50 (10.251.160.50): 56 data bytes
> ^C
> --- 10.251.160.50 ping statistics ---
> 4 packets transmitted, 0 packets received, 100% packet loss

Your networking is a bit confused (incorrect). 10.251.160.50 is NOT a
valid IP for LAN-0 which is 10.0.0.0/255.0.0.0 IPs EXCEPT
10.251.0.0/255.255.0.0. Actually your IP for eth0 is wrong (it is in eth1
network), and broadcast for eth1 is wrong (should be 10.251.255.255 based
on your netmask).

If your networking was corrected:
LAN-1 can be any IP between (not including) 10.251.0.0-10.251.255.255
LAN-0 can be any IP between 10.0.0.0-10.255.255.255 EXCEPT LAN-1 IP range

If you enable eth0 proxy_arp
(echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp) then your Linux router
would automatically answer arp requests for eth1 IPs without eth1 box(es)
needing a gateway for 10.251.0.0/255.255.0.0 network.

I proxy_arp a partial (but much smaller) subnet of my main LAN like that
for my wireless.

--
David Efflandt - All spam ignored http://www.de-srv.com/

(E-Mail Removed) (David Efflandt) wrote in message news:<(E-Mail Removed)>...
> On 26 Dec 2003 15:14:38 -0800, lahous <(E-Mail Removed)> wrote:
> > Hello all,
> >
> > I'am trying to configure 2 LANS to access internet via a linux box.
> >
> >
> > -----------
> > | internet |
> > -----------
> > |eth2
> > -------------
> > | linuxBox |
> > -------------
> > |eth0 |eth1
> > ---- ----
> > |LAN-0| |LAN-1|
> > ---- ----
> >
> >
> > Linux box configuration:
> > -----------------
> > root@epicure 23:51:01$ uname -a
> > Linux 2.4.19 ... sparc64
> >
> > root@epicure 23:51:47$ ifconfig -a
> > bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> > BROADCAST MASTER MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> >
> > eth0 Link encap:Ethernet HWaddr .....
> > inet addr:10.251.254.254 Bcast:10.255.255.255
> > Mask:255.0.0.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:146 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:8952 (8.7 KiB) TX bytes:196 (196.0 b)
> > Interrupt:160 Base address:0x7000
> >
> > eth1 Link encap:Ethernet HWaddr .....
> > inet addr:10.251.254.253 Bcast:10.255.255.255
> > Mask:255.255.0.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:2780 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:3563 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:409402 (399.8 KiB) TX bytes:1176518 (1.1 MiB)
> > Interrupt:128 Base address:0x2000
> >
> > eth2 Link encap:Ethernet HWaddr .....
> > inet addr:xx.xx.210.39 Bcast:xx.xx.10.255
> > Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:4247 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:3167 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:1239608 (1.1 MiB) TX bytes:467967 (456.9 KiB)
> > Interrupt:128 Base address:0x4000
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:213 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:21310 (20.8 KiB) TX bytes:21310 (20.8 KiB)
> >
> >
> > root@epicure 23:51:56$ route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref
> > Use Iface
> > xx.xx.210.0 0.0.0.0 255.255.255.0 U 0 0
> > 0 eth2
> > 10.251.0.0 0.0.0.0 255.255.0.0 U 0 0
> > 0 eth1
> > 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> > 0 eth0
> > 0.0.0.0 xx.xx.210.254 0.0.0.0 UG 0 0
> > 0 eth2
> (snip)
> > There is no hub beteen le linux box and the machines in the LAN-1 and
> > the LAN-2
> >
> >
> >
> > The problem is that i can't ping the machine in the LAN-0 whereas i
> > can do it with the lLAN-1 :
> >
> > output for LAN-1
> > -----------------
> > root@epicure 00:08:22$ ping 10.251.160.49
> > PING 10.251.160.49 (10.251.160.49): 56 data bytes
> > 64 bytes from 10.251.160.49: icmp_seq=0 ttl=128 time=0.7 ms
> > 64 bytes from 10.251.160.49: icmp_seq=1 ttl=128 time=0.3 ms
> > ^C
> > --- 10.251.160.49 ping statistics ---
> > 2 packets transmitted, 2 packets received, 0% packet loss
> > round-trip min/avg/max = 0.3/0.5/0.7 ms
> >
> >
> > output for LAN-0
> > -----------------
> > root@epicure 00:07:08$ ping 10.251.160.50
> > PING 10.251.160.50 (10.251.160.50): 56 data bytes
> > ^C
> > --- 10.251.160.50 ping statistics ---
> > 4 packets transmitted, 0 packets received, 100% packet loss
>
> Your networking is a bit confused (incorrect). 10.251.160.50 is NOT a
> valid IP for LAN-0 which is 10.0.0.0/255.0.0.0 IPs EXCEPT
> 10.251.0.0/255.255.0.0. Actually your IP for eth0 is wrong (it is in eth1
> network), and broadcast for eth1 is wrong (should be 10.251.255.255 based
> on your netmask).
>
> If your networking was corrected:
> LAN-1 can be any IP between (not including) 10.251.0.0-10.251.255.255
> LAN-0 can be any IP between 10.0.0.0-10.255.255.255 EXCEPT LAN-1 IP range
>
> If you enable eth0 proxy_arp
> (echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp) then your Linux router
> would automatically answer arp requests for eth1 IPs without eth1 box(es)
> needing a gateway for 10.251.0.0/255.255.0.0 network.
>
> I proxy_arp a partial (but much smaller) subnet of my main LAN like that
> for my wireless.



Thanks a lot ,

I solved the problem finaly.

The problem was due to interface misconfiguration (ip adresses) and
network kernel configuration (
/proc/sys/net/ipv4/conf/[eth1|eth2]/proxy_arp )



Thank you for your help again.


--
(E-Mail Removed)