redhat FC8 routing problem

Hi all,

I've been researching the group for an answer, but haven't found the
same problem replicated.

Here is what I want to accomplish

________________________
|Linksys WCG200 |
| modem/router |
| WAN:<private> |---------------|
| LAN: 192.168.1.1/24 | |
|_______________________| 192.168.1.0/24
| |
| |
| |
| ________|________________
| |WinXP |
| | desktop |
| | eth0:192.168.1.20/24 |
| | eth1:<disabled> |
| |_______________________|
|
|
|
|
192.168.1.0/24
|
|
|
________________________
|Redhat FC8 |
| router |
| eth0:192.168.1.2/24 |
| gw: 192.168.1.1/24 |
| eth1:192.168.2.1/24 |
|_______________________|
|
|
|
192.168.2.0/24
|
|
|
________________________
|win xp |
|laptop |
| eth0:192.168.2.20/24 |
| gw: 192.168.2.1/24 |
| eth1:<wireless> |
|_______disabled________|


so from the desktop (192.168.1.20), everything works. I can ping the
modem/router, both interfaces on the FC8 box, and the laptop, get to
internet, etc.

The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0,
and get to internet.

But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet,
(with plain ip address).

[root@linuxbox init.d]# cat /proc/sys/net/ipv4/ip_forward
1
[root@linuxbox init.d]# route -nv
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@linuxbox init.d]# iptables -L -v
Chain INPUT (policy ACCEPT 3836 packets, 559K bytes)
pkts bytes target prot opt in out source
destination

Chain FORWARD (policy ACCEPT 528 packets, 73808 bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 4494 packets, 552K bytes)
pkts bytes target prot opt in out source
destination

Chain RH-Firewall-1-INPUT (0 references)
pkts bytes target prot opt in out source
destination
[root@linuxbox init.d]#

/etc/resolv.conf
nameserver 68.87.75.194
naeserver 68.87.64.146

/etc/hosts
127.0.0.1 localhost.localdomain linuxbox localhost
::1 localhost6.localdomain localhost6

192.168.1.2 linuxbox.localdomain linuxbox linuxbox-eth0
192.168.2.1 linuxbox-eth1

/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linuxbox.localdomain

FORWARD_IPV4=YES

ifcfg-eth0
device=eth0
bootproto=none
hwaddr.....
onboot=yes
type=ethernet
nm_controlled=no
userctl=no
peerdns=yes
netmask= 255.255.255.0
ipaddr=192.168.1.2
gateway=192.168.1.1
gatewaydev=eth0

ifcfg-eth1
same as above...
hwaddr.......
device=eth1
ipaddr=192.168.2.1
gateway=192.168.1.1


the routing table for the laptop is

dest mask gw iface metric
0 0 192.168.2.1 192.168.2.20 30
127.0.0.0 /8 127.0.0.1 same 1
192.168.1.0 /24 192.168.2.1 192.168.2.20 30
192.168.2.0 /24 192.168.2.20 192.168.2.20 30
192.168.2.20 /32 127.0.0.1 127.0.0.1 30
192.168.2.255 /32 192.168.2.20 192.168.2.20 30
224.0.0.0 240.0.0.0 192.168.2.20 192.168.2.20 30
255.255.255.255 /32 192.168.2.20 192.168.2.20 1
default: 192.168.2.1

I thought about a caching dns/proxy, but there has to be an easier fix.

any help would be greatly appreciated. Again, the problem is a host on
192.168.2.0 cannot see internet.

Thanks again.

Matthew Shelton wrote:
> Hi all,
>
> I've been researching the group for an answer, but haven't found the
> same problem replicated.
>
> Here is what I want to accomplish
>
> ________________________
> |Linksys WCG200 |
> | modem/router |
> | WAN:<private> |---------------|
> | LAN: 192.168.1.1/24 | |
> |_______________________| 192.168.1.0/24
> | |
> | |
> | |
> | ________|________________
> | |WinXP |
> | | desktop |
> | | eth0:192.168.1.20/24 |
> | | eth1:<disabled> |
> | |_______________________|
> |
> |
> |
> |
> 192.168.1.0/24
> |
> |
> |
> ________________________
> |Redhat FC8 |
> | router |
> | eth0:192.168.1.2/24 |
> | gw: 192.168.1.1/24 |
> | eth1:192.168.2.1/24 |
> |_______________________|
> |
> |
> |
> 192.168.2.0/24
> |
> |
> |
> ________________________
> |win xp |
> |laptop |
> | eth0:192.168.2.20/24 |
> | gw: 192.168.2.1/24 |
> | eth1:<wireless> |
> |_______disabled________|
>
>
> so from the desktop (192.168.1.20), everything works. I can ping the
> modem/router, both interfaces on the FC8 box, and the laptop, get to
> internet, etc.
>
> The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0,
> and get to internet.
>
> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet,
> (with plain ip address).


In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet
if the linksys can't it's must be do by the FC8

Hello,

(E-Mail Removed) a écrit :
> Matthew Shelton wrote:
>
>> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to
>> internet, (with plain ip address).
>
> In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet

And have a proper route to this subnet, via gateway 192.168.1.2.

> if the linksys can't it's must be do by the FC8

Right.

(E-Mail Removed) wrote:
> Matthew Shelton wrote:
>> Hi all,
>>
>> I've been researching the group for an answer, but haven't found the
>> same problem replicated.
>>
>> Here is what I want to accomplish
>>
>> ________________________
>> |Linksys WCG200 |
>> | modem/router |
>> | WAN:<private> |---------------|
>> | LAN: 192.168.1.1/24 | |
>> |_______________________| 192.168.1.0/24
>> | |
>> | |
>> | |
>> | ________|________________
>> | |WinXP |
>> | | desktop |
>> | | eth0:192.168.1.20/24 |
>> | | eth1:<disabled> |
>> | |_______________________|
>> |
>> |
>> |
>> |
>> 192.168.1.0/24
>> |
>> |
>> |
>> ________________________
>> |Redhat FC8 |
>> | router |
>> | eth0:192.168.1.2/24 |
>> | gw: 192.168.1.1/24 |
>> | eth1:192.168.2.1/24 |
>> |_______________________|
>> |
>> |
>> |
>> 192.168.2.0/24
>> |
>> |
>> |
>> ________________________
>> |win xp |
>> |laptop |
>> | eth0:192.168.2.20/24 |
>> | gw: 192.168.2.1/24 |
>> | eth1:<wireless> |
>> |_______disabled________|
>>
>>
>> so from the desktop (192.168.1.20), everything works. I can ping the
>> modem/router, both interfaces on the FC8 box, and the laptop, get to
>> internet, etc.
>>
>> The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0,
>> and get to internet.
>>
>> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to
>> internet, (with plain ip address).
>
>
> In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet
> if the linksys can't it's must be do by the FC8
>
>
Thanks for the reply...

Can you be a little more specific on how to NAT the addresses? Are you
suggesting that I map the 192.168.2.0 addresses to 192.168.1.0...and
then the linksys router would NAT again, as if they were on the same subnet?

Or something different?

I suppose I could install a proxy on the FC8 box, and squid would take
care organizing the connections, they would be coming out of the
192.168.1.0 network (which has never had any issues). And the linksys
router would NAT them accordingly.

And I'd still be able to keep separate subnets, without NATing.

Anybody see any problem with that?

Thanks again for the insight.

As a quick aside, my real job starts on monday, and today and tomorrow
are probably the last times I'll ever have to retro-fit a home
networking product. Very much looking forward to getting back into the
Cisco IOS.

Matthew Shelton wrote:
> Hi all,
>
> I've been researching the group for an answer, but haven't found the
> same problem replicated.
>
> Here is what I want to accomplish
>
> ________________________
> |Linksys WCG200 |
> | modem/router |
> | WAN:<private> |---------------|
> | LAN: 192.168.1.1/24 | |
> |_______________________| 192.168.1.0/24
> | |
> | |
> | |
> | ________|________________
> | |WinXP |
> | | desktop |
> | | eth0:192.168.1.20/24 |
> | | eth1:<disabled> |
> | |_______________________|
> |
> |
> |
> |
> 192.168.1.0/24
> |
> |
> |
> ________________________
> |Redhat FC8 |
> | router |
> | eth0:192.168.1.2/24 |
> | gw: 192.168.1.1/24 |
> | eth1:192.168.2.1/24 |
> |_______________________|
> |
> |
> |
> 192.168.2.0/24
> |
> |
> |
> ________________________
> |win xp |
> |laptop |
> | eth0:192.168.2.20/24 |
> | gw: 192.168.2.1/24 |
> | eth1:<wireless> |
> |_______disabled________|
>
>
> so from the desktop (192.168.1.20), everything works. I can ping the
> modem/router, both interfaces on the FC8 box, and the laptop, get to
> internet, etc.
>
> The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0,
> and get to internet.
>
> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet,
> (with plain ip address).
>
> [root@linuxbox init.d]# cat /proc/sys/net/ipv4/ip_forward
> 1
> [root@linuxbox init.d]# route -nv
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth1
> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0
> eth0
> [root@linuxbox init.d]# iptables -L -v
> Chain INPUT (policy ACCEPT 3836 packets, 559K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 528 packets, 73808 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 4494 packets, 552K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain RH-Firewall-1-INPUT (0 references)
> pkts bytes target prot opt in out source destination
> [root@linuxbox init.d]#
>
> /etc/resolv.conf
> nameserver 68.87.75.194
> naeserver 68.87.64.146
>
> /etc/hosts
> 127.0.0.1 localhost.localdomain linuxbox localhost
> ::1 localhost6.localdomain localhost6
>
> 192.168.1.2 linuxbox.localdomain linuxbox linuxbox-eth0
> 192.168.2.1 linuxbox-eth1
>
> /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=linuxbox.localdomain
>
> FORWARD_IPV4=YES
>
> ifcfg-eth0
> device=eth0
> bootproto=none
> hwaddr.....
> onboot=yes
> type=ethernet
> nm_controlled=no
> userctl=no
> peerdns=yes
> netmask= 255.255.255.0
> ipaddr=192.168.1.2
> gateway=192.168.1.1
> gatewaydev=eth0
>
> ifcfg-eth1
> same as above...
> hwaddr.......
> device=eth1
> ipaddr=192.168.2.1
> gateway=192.168.1.1
>
>
> the routing table for the laptop is
>
> dest mask gw iface metric
> 0 0 192.168.2.1 192.168.2.20 30
> 127.0.0.0 /8 127.0.0.1 same 1
> 192.168.1.0 /24 192.168.2.1 192.168.2.20 30
> 192.168.2.0 /24 192.168.2.20 192.168.2.20 30
> 192.168.2.20 /32 127.0.0.1 127.0.0.1 30
> 192.168.2.255 /32 192.168.2.20 192.168.2.20 30
> 224.0.0.0 240.0.0.0 192.168.2.20 192.168.2.20 30
> 255.255.255.255 /32 192.168.2.20 192.168.2.20 1
> default: 192.168.2.1
>
> I thought about a caching dns/proxy, but there has to be an easier fix.
>
> any help would be greatly appreciated. Again, the problem is a host on
> 192.168.2.0 cannot see internet.
>
> Thanks again.
>
I found from a linksys forum that this model home router will not NAT
any addresses outside of the subnet directly connected to the router. So
my problem is solved. Many thanks to those who replied.

I suppose another solution would be to put the linux router in the DMZ
port. But the ideal setup in that situation would be to have a
standalone cable modem plugged into the router, and a switch (or more
NICs) plugged into the inside interface.

And then you could have as many subnets as you want.