routing question

Hi all,

i want to set up a little "infrastructure" at home:
- Workstation with 1 GBit and 100 MBit Card.
- File-Server with 1 GBit Card
- Firewall/Router with 100 MBit card

I want to connect the workstation with the file-server on eth0 (1 GBit)
and the firewall on eth1 (100 MBit).
The firewall also is connected to the Internet-Router on eth1.

I tried to set it up, but it didn't work. The workstation can't connect
to/ping the file-server and the firewall.
I did the following:

workstation (eth0: 192.168.2.10, eth1: 192.168.1.10):
Destination Gateway Genmask Flags Iface
192.168.2.0 * 255.255.255.0 U eth0
192.168.1.0 * 255.255.255.0 U eth1
loopback * 255.0.0.0 U lo
default <firewall> 0.0.0.0 UG eth1

file-server (eth0: 192.168.2.1):
Destination Gateway Genmask Flags Use Iface
192.168.2.0 * 255.255.255.0 U eth0
loopback * 255.0.0.0 U lo

firewall (eth0192.168.1.1, eth1: 192.168.100.75):
Destination Gateway Genmask Flags Iface
<provider> * 255.255.255.255 UH ppp0
192.168.100.0 * 255.255.255.0 U eth1
192.168.1.0 * 255.255.255.0 U eth0
loopback * 255.0.0.0 U lo
default <provider> 0.0.0.0 UG ppp0

What's wrong in this concept?

Thanks a lot in advance.

greetz,
gimickser


gimickser

gimickser wrote:
> Hi all,
>
> i want to set up a little "infrastructure" at home:
> - Workstation with 1 GBit and 100 MBit Card.
> - File-Server with 1 GBit Card
> - Firewall/Router with 100 MBit card
>
> I want to connect the workstation with the file-server on eth0 (1
GBit)
> and the firewall on eth1 (100 MBit).
> The firewall also is connected to the Internet-Router on eth1.
>
> I tried to set it up, but it didn't work. The workstation can't
connect
> to/ping the file-server and the firewall.

We are to presume:
-- fw/gw cannot ping ws or fs
-- fs cannot ping ws or fw

> I did the following:
>
> workstation (eth0: 192.168.2.10, eth1: 192.168.1.10):
> Destination Gateway Genmask Flags Iface
> 192.168.2.0 * 255.255.255.0 U eth0
> 192.168.1.0 * 255.255.255.0 U eth1
> loopback * 255.0.0.0 U lo
> default <firewall> 0.0.0.0 UG eth1
>
> file-server (eth0: 192.168.2.1):
> Destination Gateway Genmask Flags Use Iface
> 192.168.2.0 * 255.255.255.0 U eth0
> loopback * 255.0.0.0 U lo
>
> firewall (eth0192.168.1.1, eth1: 192.168.100.75):
> Destination Gateway Genmask Flags Iface
> <provider> * 255.255.255.255 UH ppp0
> 192.168.100.0 * 255.255.255.0 U eth1
> 192.168.1.0 * 255.255.255.0 U eth0
> loopback * 255.0.0.0 U lo
> default <provider> 0.0.0.0 UG ppp0
>
> What's wrong in this concept?

On the surface it looks OK, but ...

Where does 192.168.100.0 lead? DMZ?
Does the fw have provider (internet?) access?
What sort of fw are you running? Turn it off while testing. In fact,
double check and turn off fw at _each_ computer.
Do you want the file server isolated from the fw? There is no
192.168.2.0 entry at the fw. If so, make sure also that forwarding is
turned off at ws.
What distro(s) are running?

Post commandline and output of the tests you run -- even simple pings.
Eg., are you pinging IPs or using local hostnames?

F.D.'s suggestions to check cabling, etc. and using Rx and Tx counts in
ifconfig are the first things to check.

If that looks OK, save yourself trouble by working with only two boxes
(ie., a single network segment) at a time. Work from the fw to
workstation and get it working, _then_ hook up the file server and get
it working. Or work from the file server to workstation, _then_ hook
up the ws to the fw.

To have the "disconnected" interfaces come up, disconnect cable at far
end.

Ping only with IPs -- want to avoid name resolution problems for now
Check the arp cache before/after pinging -- do you even get an arp
entry installed?

Normally, for directly connected neighbors, simply setting up the
interfaces will enter the proper network entry into the routing table
and directly connected networks should work OK. And you don't have to
futz with the route table.

If that don't work, suspect hardware or a firewall. Double check that
the interfaces are, in fact, coming up properly.
hth,
prg
email above disabled

Thanks prg,

Actually the network and the setup was fine until i rebooted the
workstation. After rebooting the ws i could not get any connect to the
fs and the fw.

Now i repeated the setup step by step you described and finally it is
working.
First i setup the first segment (ws - fs), rebooted both systems. Then i
setup the second segment (ws - fw), rebooted ws. Finally i added the
default gateway route, rebooted ws. And everything works fine.

The first times (tries), i did all these steps and did not reboot after
each single step (which i assumed wouldn't be necessary). I cannot say,
why it was not working, since the routing tables and the network
configuration of all systems aren't different now.

greetz and Thanks a lot again for your help.
gimickser

prg wrote:
> gimickser wrote:
>
>>Hi all,
>>
>>i want to set up a little "infrastructure" at home:
>>- Workstation with 1 GBit and 100 MBit Card.
>>- File-Server with 1 GBit Card
>>- Firewall/Router with 100 MBit card
>>
>>I want to connect the workstation with the file-server on eth0 (1
>
> GBit)
>
>>and the firewall on eth1 (100 MBit).
>>The firewall also is connected to the Internet-Router on eth1.
>>
>>I tried to set it up, but it didn't work. The workstation can't
>
> connect
>
>>to/ping the file-server and the firewall.
>
>
> We are to presume:
> -- fw/gw cannot ping ws or fs
> -- fs cannot ping ws or fw
>
>
>>I did the following:
>>
>>workstation (eth0: 192.168.2.10, eth1: 192.168.1.10):
>>Destination Gateway Genmask Flags Iface
>>192.168.2.0 * 255.255.255.0 U eth0
>>192.168.1.0 * 255.255.255.0 U eth1
>>loopback * 255.0.0.0 U lo
>>default <firewall> 0.0.0.0 UG eth1
>>
>>file-server (eth0: 192.168.2.1):
>>Destination Gateway Genmask Flags Use Iface
>>192.168.2.0 * 255.255.255.0 U eth0
>>loopback * 255.0.0.0 U lo
>>
>>firewall (eth0192.168.1.1, eth1: 192.168.100.75):
>>Destination Gateway Genmask Flags Iface
>><provider> * 255.255.255.255 UH ppp0
>>192.168.100.0 * 255.255.255.0 U eth1
>>192.168.1.0 * 255.255.255.0 U eth0
>>loopback * 255.0.0.0 U lo
>>default <provider> 0.0.0.0 UG ppp0
>>
>>What's wrong in this concept?
>
>
> On the surface it looks OK, but ...
>
> Where does 192.168.100.0 lead? DMZ?
> Does the fw have provider (internet?) access?
> What sort of fw are you running?
> Turn it off while testing. In fact,
> double check and turn off fw at _each_ computer.
> Do you want the file server isolated from the fw? There is no
> 192.168.2.0 entry at the fw. If so, make sure also that forwarding is
> turned off at ws.
> What distro(s) are running?
>
> Post commandline and output of the tests you run -- even simple pings.
> Eg., are you pinging IPs or using local hostnames?
>
> F.D.'s suggestions to check cabling, etc. and using Rx and Tx counts in
> ifconfig are the first things to check.
>
> If that looks OK, save yourself trouble by working with only two boxes
> (ie., a single network segment) at a time. Work from the fw to
> workstation and get it working, _then_ hook up the file server and get
> it working. Or work from the file server to workstation, _then_ hook
> up the ws to the fw.
>
> To have the "disconnected" interfaces come up, disconnect cable at far
> end.
>
> Ping only with IPs -- want to avoid name resolution problems for now
> Check the arp cache before/after pinging -- do you even get an arp
> entry installed?
>
> Normally, for directly connected neighbors, simply setting up the
> interfaces will enter the proper network entry into the routing table
> and directly connected networks should work OK. And you don't have to
> futz with the route table.
>
> If that don't work, suspect hardware or a firewall. Double check that
> the interfaces are, in fact, coming up properly.
> hth,
> prg
> email above disabled
>

>
> The first times (tries), i did all these steps and did not reboot after
> each single step (which i assumed wouldn't be necessary). I cannot say,

Yes, you didn't not need to reboot. Linux is not Windows. Even Windows
allows you to change IP addresses/gateway on the fly without a reboot.
On Linux, all you need to do is change the network settings, and restart
the network services. If you are doing them manually (i.e. with an
editor), just do "/etc/init.d/networking reload" as root or something
similar.