Help with simple routing

Discussion in 'Linux Networking' started by calle, Sep 4, 2003.

  1. calle

    calle Guest

    Hi, everyone!

    I'm trying to set up a router for my small network that I want to look
    like this -
    ISDN-router 192.168.1.50 <--> Linux router, eth0 192.168.1.35, eth1
    192.168.2.1 <--> My subnet 192.168.2.0

    I've had the same machines working with only the ISDN-router set up as
    the gateway, but I want to be a proper guy and have a DMZ and to use
    iptables for firewalling. The first obstacle is obviously to get the
    routing to work. Here I failed.
    This is what I have done:
    #route -n
    dest gw genmask flags iface
    192.168.2.0 192.168.2.1 255.255.255.0 UG eth1
    192.168.1.0 192.168.1.35 255.255.255.0 UG eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U lo
    0.0.0.0 192.168.1.50 0.0.0.0 UG eth0

    NICs are two Davicom DM9102, both on irq 11, addresses are 0x2400 and
    0x2800 using the driver dmfe.

    My problem is that no traffic, at all, seems to be hitting the network.
    I can ping the two cards from the intended router but none of the other
    machines and none of the other machines can ping the router!

    I have enabled ip forwarding with:
    # echo 1 > /proc/sys/net/ipv4/ip_formward

    All the documentation on the routing subject seems to find this too
    trivial to describe in any detail.

    I really need some help!

    cheers
    /calle
     
    calle, Sep 4, 2003
    #1
    1. Advertisements

  2. The first two routes for the Ethernet interfaces are wrong.
    The network of these interfaces are directly attached and
    therefore don't need a gateway.

    Thus get rid of them, it is sufficient if you properly
    configure the interfaces via ifconfig to get the proper
    routes in the routing table. Eg. in your case:

    ifconfig eth0 192.168.1.35 netmask 255.255.255.0
    ifconfig eth1 192.168.2.1 netmask 255.255.255.0


    Ciao, Horst
     
    Horst Knobloch, Sep 4, 2003
    #2
    1. Advertisements

  3. calle

    calle Guest


    Thank you, but no luck. Don't I need a route between the cards? I can't
    ping between them, not to any of the other machines on the network and I
    can't ping to the machine, either card! Nothing seems to hit the cable!?

    Any ideas?

    /calle
     
    calle, Sep 4, 2003
    #3
  4. calle

    /dev/rob0 Guest

    Did you try what Horst suggested?

    #v+
    [email protected]:~$ /sbin/route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    external.netwk * 255.255.255.128 U 0 0 0 eth1
    local.lan * 255.255.255.0 U 0 0 0 eth0
    loopback * 255.0.0.0 U 0 0 0 lo
    default router.local.la 0.0.0.0 UG 0 0 0 eth1
    #v-

    No gateways except for default.
     
    /dev/rob0, Sep 4, 2003
    #4
  5. No. ifconfig enters autonomously the proper routing entries
    for the interfaces. You don't need to enter one via the route
    command yourself. You need to enter an explicit routing entry
    only if you want to reach hosts which are not part of the
    network directly attached.

    If you have configured the interfaces correctly, you should
    be able to ping your ISDN router and the hosts on
    192.168.2.0/24 net from your Linux router. Of course the
    ethernet interface on the hosts must also be configured
    correctly.

    If you have entered a default gateway on the hosts in the
    192.168.2.0 net, you should even be able to ping 192.168.1.35
    and 192.168.1.50 from the hosts.

    Please post the output of "route -n", "ifconfig" and the
    exact (error) output of the ping command on the Linux
    router and from a host which you can't ping.

    Also check whether you use the correct cables. If you directly
    connect two devices (without going over a switch or hub) you
    need a cross-over cable, otherwise a straight-through cable.
    Most NICs and Hubs/Switches have a green LED which indicates a
    proper connection. Check this.


    Ciao, Horst
     
    Horst Knobloch, Sep 4, 2003
    #5
  6. calle

    calle Guest

    Yes, leds are lit but not blinking during ping from my intended router.
    Pingning from another machine the led is blinking, but not the ones for
    the router.

    #route -n
    dest gw genmask flags iface
    192.168.2.0 0.0.0.0 255.255.255.0 U eth1
    192.168.1.0 0.0.0.0 255.255.255.0 U eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U lo
    0.0.0.0 192.168.1.50 0.0.0.0 UG eth0

    #ifconfig
    eth0 Link encap:Ethernet HWaddr 00:08:A1:18:46:0A
    inet addr: 192.168.1.35 Bcast:192.168.1.255 Mask: 255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
    TX packets: 691 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0
    RX bytes:52496 (51.2 Kb) TX bytes:105832 (103.3 Kb)

    eth1 Link encap:Ethernet HWaddr 00:08:A1:13:06:10
    inet addr: 192.168.2.1 Bcast:192.168.2.255 Mask: 255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets: 376 errors:0 dropped:0 overruns:0 frame:0
    TX packets: 126 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0
    RX bytes:52496 (51.2 Kb) TX bytes:19598 (19.1 Kb)

    lo Link encap:Local loopback
    inet addr: 127.0.0.1 Mask: 255.0.0.0
    UP LOOPBACK RUNNING MTU:1500 Metric:1
    RX packets: 253 errors:0 dropped:0 overruns:0 frame:0
    TX packets: 253 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0
    RX bytes:23228 (22.6 Kb) TX bytes:23228 (22.6 Kb)

    Cables are OK. I have used them with the router machine before, when I
    had just the eth0 installed...and working fine!
    I use RH 7.2, kernel 2.4.7-10. Is there any recompiling or new modules
    required for the routing to work?

    /calle
     
    calle, Sep 4, 2003
    #6
  7. This router configuration looks good. It also indicates
    that packets are transmitted (TX) and received (RX).
    Leave the router's IP configuration as it is.

    Check whether you have a packet filter in place on the
    Linux router which blocks the traffic. For this run
    "iptables -nvL" or "iptables-save". If you get an error
    check with "ipchains -nvL".

    Your ISDN router is directly (not via a switch/hub) connected
    to the Linux router's eth0. Right? In this case you need a
    cross-over cable.

    If your hosts and eth1 of the Linux router are connected
    via a hub or switch you need straight-through cables.

    However it should be a good indication that you use the
    right cables if on all eth. devices the green LEDs are lit.

    No. The RH-standard kernel has this capability already.


    BTW: You forgot the exact output of the ping command and
    the IP configuration of the hosts.


    Ciao, Horst
     
    Horst Knobloch, Sep 4, 2003
    #7
  8. calle

    calle Guest

    Hello, again.

    The ISDN router is working with the machines on the 192.168.1.0 network,
    so thats not the problem. iptables-save reports
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    # Completed on Fri Sep 5 08:37:30 2003

    Ping output says "Destination Host Unreachable" both from the router and
    from a Linux machine. From an NT server on the other side of my WLAN,
    same subnet though, it says "request timed out".

    I read somewhere that some drivers need to have an alias(or something)
    to be able to be loaded more than once, but lsmod reports the dmfe
    module is used twice.

    Short description of the network I have:

    Subnet 192.168.1.0 works fine and is using th ISDN router as its gateway
    and DNS. It is physically separate by a workgroup WLAN bridge. On one
    side there is the ISDN router and the Windows domain server. On the
    other side there is one Win2k/RH 8 dual boot machine one Win2k machine
    and the intended linux(RH 7.2) router. The communication over WLAN works
    fine. All machines reach each other, except for the RH 7.2 router.

    My plan is to have the RH 7.2 machine as the router/firewall/DNS for my
    192.168.2.0 network and for it to be a DMZ between the ISDN router and
    the 192.168.1.0 subnet.

    /calle
     
    calle, Sep 5, 2003
    #8
  9. On Friday 05 September 2003 09:11, calle wrote:

    [big snip]
    Do I understand correctly? You have the following setup



    10/100Base-T interfaces WLAN interfaces

    Internet .----------.
    --------ISDN Router-----------| |-------Win2k/RH8
    192.168.1.35/24 | | 192.168.2.a/24
    | | def gw 192.168.2.1
    | |
    | |-------Win2k
    | WLAN | 192.168.2.b/24
    | Bridge | def gw 192.168.2.1
    | |
    | |------192.168.2.1/24
    | | Linux Router
    | |------192.168.1.50/24
    WINS------------| | def. gw 192.168.1.35
    192.168.1.z/24 '----------'
    def. gw 192.168.1.35

    So, you have two WLAN interfaces from the Linux Router into the
    same physical net, and you have two IP works (192.168.2.0/24
    and 192.168.1.0/24) overlaid over the same physical net?


    Ciao, Horst
     
    Horst Knobloch, Sep 5, 2003
    #9
  10. calle

    calle Guest

    I saw in another thread, in this newsgroup, a note about a utility
    called "mii-tool". I ran it on the router and got the following output:
    eth0: 10 mbit, half duplex, no link
    eth1: 10 mbit, half duplex, no link

    Which is not very nice since the card type is 100 mbit full duplex.

    I stopped the network removed the driver and reloaded the driver trying
    to force 100 mbit full duplex...need I say; No luck!

    I also looked at the module configuration for eth0 and eth1. his told
    m3e that there's one "alias eth0 dmfe" and one "alias eth1 tulip". Still
    there's no tulip driver loaded but two counts for dmfe?!?!?!

    Does this make sense?

    /calle
     
    calle, Sep 5, 2003
    #10
  11. calle

    calle Guest

    Sort of correct. IP of ISDN router is 192.168.1.50 and I'm using
    192.168.1.x for the machines on the network for now, since I haven't got
    the routing to work. My intension is to move the ISDN router out to the
    192.168.2.0 network. The intended Linux routers IP addresses are
    192.168.1.35 and 192.168.2.1.

    For the working part of my network I have the ISDN router as the default
    gateway, (network 192.168.1.0).
    Your excellent view altered below-
    There's a WLAN bridge communicating with an access point. These two
    devices are connected two a switch on each side and the rest of the
    computers are connected through the switches.

    I posted some other info into this thread. Might this be something to
    follow up on?

    /calle
     
    calle, Sep 5, 2003
    #11
  12. Ok, your physical network looks like
    .------.
    | |---Win2k/RH8
    Air | | 192.168.1.a/24
    Inter- / | |def gw 192.168.1.50
    net .------. .------. / .-------. | Eth. |
    -----ISDN Router ---| Eth. |-| WLAN | / | WLAN | |Switch|---Win2k
    192.168.1.50/24 |Switch| | AP | \ | Bridge|-| |192.168.1.b/24
    | | | | \ | | | |def gw 192.168.1.50
    | | `------' / `-------' | |
    WINS-----------| | |/ | |--192.168.2.1/24
    192.168.1.z/24 | | '- | | Linux Router
    def gw 192.168.1.50 `------' | |--192.168.1.35/24
    | |def gw 192.168.1.50
    `------'

    In this setup you should be able to ping all 192.168.1.0/24
    IP addresses from each machine. Pinging 192.168.2.1 won't
    work and you also can't test the routing function on the
    Linux router here.

    In this scenario you also can't have a real DMZ host. I propose
    that you re-design your network. Put the WINS server to the
    eth. switch on the right side. Remove the switch on the left
    side and replace it with the Linux router.

    So, the Linux router is connected via a cross-over cable directly
    with the ISDN router on the left side and via straight-through
    cable on the right to the WLAN AP.

    The IP configuration should look like

    ISDN router: 192.168.2.1/24
    Linux router left: 192.168.2.2/24, def. gw 192.168.2.1
    right: 192.168.1.50/24
    WINS: 192.168.1.z/24, def. gw 192.168.1.50
    Win2k/RH8: 192.168.1.a/24, def. gw 192.168.1.50
    Win2k: 192.168.1.b/24, def. gw 192.168.1.50

    In this network you still have no _real_ DMZ host however
    you can run the services on the Linux router and it is as
    close as you can get with your existing equipment.

    However from a security perspective you might want to have
    a real DMZ. In this case you need to plug in a third Eth.
    NIC to the Linux router and hook up your DMZ host via cross-
    over cable to this NIC. In the DMZ net you would then use
    another net like 192.168.3.0/24.

    Ciao, Horst
    --
     
    Horst Knobloch, Sep 5, 2003
    #12
  13. Google for "ethernet autonegotiation".
    10 mbit half duplex would be ok if you have connected a
    100 mbit NIC to a 10 mbit HUB. If you have a 10 mbit
    SWITCH, then it should be 10 mbit full duplex. If you
    have a 100 mbit SWITCH then it should be 100 mbit
    full duplex.

    So what kind of ethernet equipment do you have? Is it
    a 100 mbit switch, or 100 mbit hub, a 10 mbit switch,
    or a 10 mbit hub?

    However what it's wrong for sure is the "no link" indication.

    I don't know. Normally, if there are is an ethernet device
    listed via ifconfig, linux has recognized the related NIC
    and has loaded the proper driver for it.

    May be you should remove for the time being the NIC plugged-in
    last and redo the test.


    Ciao, Horst
     
    Horst Knobloch, Sep 5, 2003
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.