Thinkpad wireless masquerade

Discussion in 'Linux Networking' started by PenguinsAnonymous, Aug 9, 2004.

  1. Ok I used your subnet in net.

    route table
    Destination Gateway Genmask Flags Metric Ref Use Iface UGH 0 0 0 eth0 * U 0 0 0 eth0
    cpe-069-134-184 * U 0 0 0 eth1
    loopback localhost UG 0 0 0 lo
    default cpe-069-134-184 UG 0 0 0 eth1

    you can see the first line where I added as understanding the
    subnet we added. Ping from (or PCrouter) does not find the
    other subnets interface in the thinkpad. It can ping the interface in its
    own subnet in the thinkpad ie


    PenguinsAnonymous, Aug 17, 2004
    1. Advertisements

  2. PenguinsAnonymous

    Tauno Voipio Guest

    (top-posting corrected - tv)

    Is the Thinkpad kernel able to forward packets and is forwarding
    turned on?

    To verify, run Ethereal or tcpdump on Thinkpad (for both interfaces)
    and show the ping results.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 17, 2004
    1. Advertisements

  3. PenguinsAnonymous

    Tauno Voipio Guest

    The routing netmask for is wrong (/32). Change it to
    24 bits (

    route add -net netmask gw

    The current route to is a host route (note 'H').

    Next time, please print the route table in numberic format:

    route -n

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 17, 2004
  4. yes .... suse 9.0 out of the box.

    PenguinsAnonymous, Aug 18, 2004
  5. I think they define the mask as the non changing part of the address and many
    sources say you can do as
    otherwise why route ?
    isn't a router one subnet to another?


    also you said previously to wide .... can you say why you have a problem
    with that on a private net?

    PenguinsAnonymous, Aug 18, 2004
  6. PenguinsAnonymous

    Tauno Voipio Guest


    Thinkpad needs to route between the subnets of 192.168.0.x and
    192.168.1.x, so the mask must be able to separate
    between them. The correct one is /24 =

    A coarse outline of the routing:

    To be sensible, the target address of a route must be
    compatible with he netmask: all bits in address are
    zeroes if the corresponding netmask bits are zeroes.

    The routing compares the destination masked with the route's
    netmask and if a match is found, the route is taken. A route
    with a gateway is sent to the gateway, which has to do the
    same process over with its own tables. A route without
    a gateway is a local target - it has to be found in the
    local target network.

    Sort the routes by descending netmask order: all masks /32
    = first, then increasing zeroes and last
    the default /0 =

    The sorting guarantees that the narrowest routes are
    considered before the wider routes possibly encompassing
    the narrower routes.

    The default route has a target of zeroes and a netmask of
    zeroes, so it matches always and it is reached last. It
    points to the next router towards the Internet.
    Nothing, except you do not prepare for a network of 65534
    nodes (mask /16 =


    Is the packet forwarding turned on? What does report

    cat /proc/sys/net/ipv4/ip_forward

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 18, 2004
  7. ip_forward = '1'
    on the thinkpad

    now I changed all the masks as you said to
    And I still don't see why each interface of a router does
    not have different subnet but I'll think about it a while.

    Now pings work every which way except the PC behind the
    thinkpad cannot ping the second interface on the thinkpad
    which is It also cannot ping all the way to the
    first router

    Now on I can ping the interface on
    the thinkpad but not the opposite or connected
    to hub servicing PCs. Also cannot ping the PC.
    (behind thinkpad)

    Adding route on generates this....

    smorgasborg root # route add gw
    route: netmask 000000ff doesn't make sense with host route
    Usage: route [-nNvee] [-FC] [<AF>] List kernel
    routing tables
    route [-v] [-FC] {add|del|flush} ... Modify routing
    table for AF.

    route {-h|--help} [<AF>] Detailed usage
    syntax for specified AF.
    route {-V|--version} Display
    version/author and exit.

    -v, --verbose be verbose
    -n, --numeric don't resolve names
    -e, --extend display other/more
    -F, --fib display Forwarding
    Information Base (default)
    -C, --cache display routing cache
    instead of FIB

    <AF>=Use '-A <af>' or '--<af>'; default: inet
    List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk
    x25 (CCITT X.25)
    smorgasborg root # route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric
    Ref Use Iface U 0
    0 0 eth0 U 0
    0 0 eth1 UG 0
    0 0 lo UG 0
    0 0 eth1
    smorgasborg root #

    NOTE THE "doesn't make sense part"

    PenguinsAnonymous, Aug 20, 2004
  8. PenguinsAnonymous

    Tauno Voipio Guest

    Please say again ...

    I seem to have lost the addresses.

    Please list the results of:

    ifconfig -a
    route -n

    on all three computers.
    This is not right.

    You forgot the '-net':

    route add -net netmask gw

    Are there firewalls / packet filters on the hosts? List with:

    iptables -nL


    ipchains -nL

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 20, 2004
  9. In putting this together I discovered the problem with connectivity.
    All points ping every which way now. The routes file on the thinkpad
    in sysconfig had '-' for device and was misassociating the adapter.

    Now I still have a resolution problem of some subtle sort.
    I can load many simple pages like google however I miss graphics. This is
    all browsers so its not a browser setting.
    Also pages like cnn that resolve to many different IPs do not load at all
    but timeout.


    PenguinsAnonymous, Aug 22, 2004
  10. PenguinsAnonymous

    Tauno Voipio Guest

    Does this mean that the Thinkpad gets all OK, but
    the PC behind the forwarded link does not?

    The fastest way to resolve the problem is probably an
    Ethereal or tcpdump trace from the Thinkpad at the
    time a page with a (non-displayed) image is loaded.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 22, 2004
  11. yes that is true but get this .. sniffing on the PC shows the graphic
    on Googles mainpage coming in.
    I get
    HTTP 200
    HTTP 200

    This seems normal. (obviously this shows on the thinkpad too)
    Is it possible I have a caching server installed evading the presentation
    and resolution of some sites/objects?


    PenguinsAnonymous, Aug 23, 2004
  12. PenguinsAnonymous

    Tauno Voipio Guest

    Does it show the sites on Thinkpad?

    There is a strong scent of an upstream problem.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 23, 2004
  13. yes I have the same feel but yes everything fine on thinkpad
    as a client.
    Like I said the graphic that does not appear (say on the google page)
    does come down as evidenced by the 200 packets sniffed there.
    And is there any connection between the missing graphics on some pages
    and the sites that totally are not found like CNN.
    Later I'll post the route and ifconfig on the PC behind thinkpad
    maybe I'm blind. :)


    PenguinsAnonymous, Aug 23, 2004
  14. Ok I revisited the PC backward of the thinkpad. Graphic
    images still don't load and some sites as I said are not
    even found. Aren't graphic images usually continued
    On the thinkpad all webpages load completely and proper
    including graphics.

    Also to try and get data out to post here I tried to ftp
    forward to to the thinkpad to no avail. The password request
    never comes back to the PC. In sniffer it shows 'destination
    unreachable' to the PC quite a bit which ARP seems to
    resolve but the next request has the same problem.
    Yet ping from thinkpad to PC works fine.

    PenguinsAnonymous, Aug 24, 2004
  15. PenguinsAnonymous

    Tauno Voipio Guest

    There's no such thing as a continued packet.

    The data sent over TCP (as HTTP, the Web protocol) is sent
    in slices called segments. If the setup of the routers
    and endpoint computers is correct, TCP detects automatically
    how long segments fit to the transfer path. Clueless firewalls
    (disabling whole ICMP) may break the automatic detection.

    If the IP packet is sent in smaller pieces, it's called
    fragmentation, and it should not happen with TCP.

    We really need simultaneous packet traces on Thinkpad
    for a Web page load gone awry.

    I'd like to see the traces to se which kind of packet
    does not get forwarded.

    One thing that may be creating the problem is called
    ECN (Explicit Congestion Notification). It is a part
    of the TCP protocol not understood by older equipment
    and software. Try this on the Linux host:

    echo "0" >/proc/sys/net/ipv4/tcp_ecn

    Forget FTP.

    The way to transfer files is scp, part of the SSH suite.
    Set up a SSH server on the Linux computers and use scp
    (or WinScp on Windows) to move the files around.


    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 24, 2004
  16. I have a formatted printout from an ethereal
    sniff of the PC behind thinkpad loading simple google page.
    It's a little big though, want me to send the file?

    PenguinsAnonymous, Aug 26, 2004
  17. PenguinsAnonymous

    Tauno Voipio Guest

    Use tcpdump or Ethereal *on the Thinkpad*, save the traces in
    pcap format (default, pretty compressed binary), tar/gzip
    them and send them. You can find the proper mail address
    by making the obvious corrections to the address in my sig
    (sorry for the spam-bot obfuscation).

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 26, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.