router not routing?

This is a bit of an educational exercise for me. What I’m trying to do
is see if I can use a linux box as a router. From what I’ve read I
should be able to do that but I have run into a bit of a problem.

This is what I’ve got:

A desk top PC running Fedora core 5 with three NICs (eth0, eth1 and
eth2). Eth0 doesn’t work so I have eth1 connected to the internet via a
modem. It uses DHCP to get its IP address (192.168.0.2) and that appears
to work OK and I have web access etc to the Internet.

Eth2 has a fixed IP address and I connect a laptop to this NIC. The desk
top PC runs dhcpd and the laptop gets its IP address (192.168.1.245)
from the server.

I can ping the desk top eth2 address from the laptop so that connection
looks OK. However, I can’t ping the desk top eth1 address (I get network
unreachable) and I get no connection to the Internet.

I have altered the following files:

Sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 1


and dhcpd.conf

option ip-forwarding on;

I also did:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
service iptables save

and

route add default gw 192.168.0.2

on the desk top PC.

So, any ideas on what I missed or why my router does not appear to route?

Thanks.


Below are my files in full:

#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#

ddns-update-style interim;
ignore client-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {

option domain-name-servers 80.240.65.130;
option ip-forwarding on;
default-lease-time 86400;
max-lease-time 86400;
range 192.168.1.128 192.168.1.254;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
option routers 192.168.0.2;


# --- default gateway
# option routers 80.244.71.246;
# option subnet-mask 255.255.255.0;

# option nis-domain "domain.org";
# option domain-name "domain.org";
# option domain-name-servers 192.168.1.1;

option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this
unless
# -- you understand Netbios very well
# option netbios-node-type 2;

# range dynamic-bootp 192.168.1.128 192.168.1.254;
# range 192.168.1.128 192.168.1.254;
# default-lease-time 21600;
# max-lease-time 43200;

# we want the nameserver to appear at a fixed address
# host ns {
# next-server marvin.redhat.com;
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address 207.175.42.254;
# }
}




# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

net/ipv4/conf/eth1/proxy_arp = 1
net/ipv4/conf/eth0/proxy_arp = 1

[Followup: set]

On Wed, 29 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <ekjno0$kjt$(E-Mail Removed)>, AAW wrote:

>A desk top PC running Fedora core 5 with three NICs (eth0, eth1 and
>eth2). Eth0 doesn?t work so I have eth1 connected to the internet via a
>modem. It uses DHCP to get its IP address (192.168.0.2) and that appears
>to work OK and I have web access etc to the Internet.

What does '/sbin/ifconfig -a' and '/sbin/route -n' show?

>Eth2 has a fixed IP address and I connect a laptop to this NIC. The desk
>top PC runs dhcpd and the laptop gets its IP address (192.168.1.245)
>from the server.

Assumption: eth2 has a 192.168.1.x address

>I can ping the desk top eth2 address from the laptop so that connection
>looks OK. However, I can?t ping the desk top eth1 address (I get network
>unreachable) and I get no connection to the Internet.

On the lap-doggie - what does '/sbin/route -n' show? Does it have a
default route using the desk top eth2 address as a gateway? I suspect
not.

>Sysctl.conf

wouldn't stop pinging the eth1 address, though it would prevent routing.

>and dhcpd.conf

Is that for the DHCP server that is serving the laptop? If so, forwarding
doesn't need to be there, but a default gateway does. I don't bother
with DHCP, because my systems aren't going walkies all the time. YMMV.

>So, any ideas on what I missed or why my router does not appear to route?

Your lap top doesn't have the right routing table. Probably an error in
the setup of your DHCP server.

Old guy

> route add default gw 192.168.0.2
>
> option routers 192.168.0.2;
>
your default gateway on pc should be an ip address of internal router
interface (eth2) . I guess eth1 - 192.168.0.2 is connected to isp (external
interface).

> your default gateway on pc should be an ip address of internal router
> interface (eth2) . I guess eth1 - 192.168.0.2 is connected to isp
> (external interface).

Can't be, private IP address's don't route across the internet.

Dave

>> your default gateway on pc should be an ip address of internal router
>> interface (eth2) . I guess eth1 - 192.168.0.2 is connected to isp
>> (external interface).
>
> Can't be, private IP address's don't route across the internet.

correct! but...
I have seen many isp's assigning private ip addresses and NATed them at
their router

gort wrote:
>> your default gateway on pc should be an ip address of internal router
>> interface (eth2) . I guess eth1 - 192.168.0.2 is connected to isp
>> (external interface).
>
> Can't be, private IP address's don't route across the internet.

and btw this is what op said in first post:

desk top PC running Fedora core 5 with three NICs (eth0, eth1 and eth2).
Eth0 doesn’t work so I have eth1 connected to the internet via a modem.
It uses DHCP to get its IP address (192.168.0.2) and that appears to
work OK and I have web access etc to the Internet.

On Thu, 30 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <ekmr4q$q0h$(E-Mail Removed)>, freightcar wrote:
>
>>> your default gateway on pc should be an ip address of internal router
>>> interface (eth2) . I guess eth1 - 192.168.0.2 is connected to isp
>>> (external interface).
>>
>> Can't be, private IP address's don't route across the internet.
>
>correct! but...
>I have seen many isp's assigning private ip addresses and NATed them at
>their router

Yes, and in general those systems are not meant to be accessible from the
world. One example - two of my ISPs use RFC1918 addresses for the internal
servers meant to be accessed by customers, and NOT be the world at large.
This sometimes shows up when doing a traceroute, where such an address is
assigned to intermediate routers. This usage is to save "real" IP
addresses for globally accessible systems. It may come as a shock to some,
but those routers don't offer services (other than routing packets), and
the provider really doesn't want you to be able to connect to them.

The other reason for handing out RFC1918 addresses and NATing them is for
situations where the ISP is allowing customers to be clients ONLY and
not allowing them to run servers. If the customer wants to run a server,
they can buy the more expensive 'business' service (though the official
reason for using RFC1918 addresses may be "to protect you" from being
turned into zombie servers).

Old guy

Thanks all for the replies.

<<What does '/sbin/ifconfig -a' and '/sbin/route -n' show?
>>

On the server it says:

eth0 Link encap:Ethernet HWaddr 00:E0:18:40:A98
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth1 Link encap:Ethernet HWaddr 00:02:E3:18:3D:37
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::202:e3ff:fe18:3d37/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:274 errors:0 dropped:0 overruns:0 frame:0
TX packets:443 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:142716 (139.3 KiB) TX bytes:49004 (47.8 KiB)
Interrupt:18 Base address:0xa000

eth2 Link encap:Ethernet HWaddr 00:50:FC:08:BC:49
inet addr:192.168.1.0 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:fcff:fe08:bc49/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:97 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2808 (2.7 KiB) TX bytes:13034 (12.7 KiB)
Interrupt:17 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2625 errors:0 dropped:0 overruns:0 frame:0
TX packets:2625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3096099 (2.9 MiB) TX bytes:3096099 (2.9 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


<<and '/sbin/route -n' show?>>

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1


<<On the lap-doggie - what does '/sbin/route -n' show? >>

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

Hope that was correct. I guess that shows the laptop does not have a
gate way set up? I tried route add default gw 192.168.1.0 eth0 on the
laptop but it said ”network unreachable”


<<Can't be, private IP address's don't route across the internet.>>

It’s connected to a modem and the modem to the ISP so the private
address it gets is from the modem.

So, what to do next?

Thanks again for your help.

> eth2 Link encap:Ethernet HWaddr 00:50:FC:08:BC:49
> inet addr:192.168.1.0 Bcast:192.168.1.255 Mask:255.255.255.0

eth2 's ip address is invalid please change it to 192.168.1.1 (if not used)


> <<On the lap-doggie - what does '/sbin/route -n' show? >>
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0


> gate way set up? I tried route add default gw 192.168.1.0 eth0 on the
> laptop but it said ”network unreachable”

now try with the new one 192.168.1.1

> It’s connected to a modem and the modem to the ISP so the private address
> it gets is from the modem.

since the involved range is really small I guess your modem has public ip
address, and it is actually some kind of router and has private addresses on
internal interface, running dhcp server. in that case you dont need the
linux box to be a router. you can just connect the second pc to the modem
(router) via network switch.

if it s not a router just use the linux box.

On Tue, 05 Dec 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <el3i6e$4m7$(E-Mail Removed)>, AAW wrote:

><<What does '/sbin/ifconfig -a' and '/sbin/route -n' show? >>

>On the server it says:
>
>eth0 Link encap:Ethernet HWaddr 00:E0:18:40:A98

Well, you can talk to the hardware - that's an Intel 82558-based Integrated
Fast Ethernet on an Asustek motherboard. The Ethernet-HOWTO says that wants
the e100, or eepro100 (preferred) driver.

>eth1 Link encap:Ethernet HWaddr 00:02:E3:18:3D:37

OK - LITE-ON card

>eth2 Link encap:Ethernet HWaddr 00:50:FC:08:BC:49

EDIMAX card

> inet addr:192.168.1.0 Bcast:192.168.1.255 Mask:255.255.255

That's going to be a problem. _SOME_ operating systems will accept the idea
of the "network" address being a working IP address, but a LOT do not. I'd
suggest using a different IP address.

>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
>0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1

OK. The "169.254.0.0" isn't required - it's there in case someone screws
up the configuration of the DHCP server, and a windoze box decides to grab
some random address in that range..

><<On the lap-doggie - what does '/sbin/route -n' show? >>
>
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

Well, that's why you can't talk to anyone other than 192.168.1.0 (and
169.254.0.0 if it appears). No route to the other net.

>Hope that was correct. I guess that shows the laptop does not have a
>gate way set up?

Correct. So it doesn't know how to talk to any one else.

>I tried route add default gw 192.168.1.0 eth0 on the laptop but it said
> ?network unreachable?

That's probably a result of using the network address as a working IP.
Try changing things so that 'eth2' is on an unused address in the 192.168.1.x
range (where x is 1 to 254).

Old guy