At 11/22/2001 11:20 AM -0800, you wrote:
>I had somehow missed this response from Rodolfo Paiz.
Shame on you.
BTW, you need to remember that people answering don't always get everything
right. The most normal thing to do (don't know why) is to set eth0 to your
external network and eth1 to your internal network. You have them
*reversed*, with eth1 actually being your path out to the world.
Now, there is NOTHING WRONG WITH THIS. You just need to remember that what
others tell you needs to make sense. Most people *assume* (wrongly) that
eth0 is your outside link, and that's reflected in the answers you get.
Following them very carefully is just going to screw you since it won't
work. Read, validate, *then* apply.
>>* Can you ping from the Winbox to the outside if you use an IP address
>>instead of a name?
>
>No.
Great; with this one piece of data, we know networking is the problem and
not DNS. So...
>>Output of "route -n" on the Linbox, please.
>
>Destination Gateway Genmask Flags MSS Window
>irtt Iface
>192.168.1.0 0.0.0.0 255.255.255.0 U 40 0
> 0 eth0
>216.9.0.0 0.0.0.0 255.255.255.0 U 40 0
> 0 eth1
>127.0.0.0 0.0.0.0 255.0.0.0 U 40 0
> 0 lo
>0.0.0.0 206.9.0.1 0.0.0.0 UG 40 0
> 0 eth1
I still say this is wrong somehow; you can't have eth1 on the 216.9.0
network (note the 216), and have your gateway be 206.9.0.1. HOW IS THAT
POSSIBLE? (AFAIK, it isn't.) Are you using pump or dhcpcd to get your IP
address for eth1? (Running "ps auxw | grep dhcpcd" should tell you whether
dhcpcd is running; similar thing for pump.)
Given that your forwarding nameservers are both on 206, I'm going to assume
that is the correct number. Please correct me.
>>You note the gateway of your RH71 box as 192.168.1.1, which is not
>>correct. The gateway for each interface is where it should send traffic
>>directed to the rest of the world. So, for the Red Hat server to use one
>>of its interfaces as a gateway is an impossible configuration.
>
>I was wondering about that...So it's actually 192.168.1.0, correct? That
>should (obviously) be changed on the Doze box, but isn't it already
>configured on the RH box? (BTW, I had already tested it with the correct
>configurations on the Doze box.)
You don't send traffic to a network (192.168.1.0 is the name of a network
composed of 256 IP addresses in total); you send traffic to a single
destination. Remember, IP addresses belong to interfaces not computers. So
follow the chain here, thinking that for communication to exist one IP
address must send and another receive:
"Windows box (192.168.1.2) sends to its gateway (192.168.1.1) on
the same network, which is a Linux box which internally moves that traffic
to its other network interface. The Linux box sends out said traffic via
its outside interface (206.9.0.x) to its gateway (206.9.0.1) which are also
on the same network."
Roughly speaking, this is how the entire Internet works.
>>However, I assume that this is *not* your problem since your eth1 (to
>>your ISP) is assigned through DHCP and it will have correctly configured
>>its gateway.
I'm now beginning to wonder about this. We need to fix that 206/216 thing.
>>>vi /etc/sysconfig/network-scripts/ifcfg-eth0
>>>
>>>DEVICE=eth0
>>>BOOTPROTO=static
>>>BROADCAST=192.168.1.255
>>>IPADDR=192.168.1.1
>>>NETMASK=255.255.225.0
>>>NETWORK=192.168.1.0
>>>ONBOOT=yes
Only needs to read:
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.1
NETMASK=255.255.225.0
NETWORK=192.168.1.0
ONBOOT=yes
>>>vi /etc/named.conf
>>>
>>>options {
>>> forwarders {
>>> 206.40.133.20
>>> 206.129.112.21
>>> };
>>>};
>>
>>Check this carefully. named.conf is *not* happy using just a newline for
>>separation. You are going to need either commas or semicolons in between
>>those two IP addresses for your forwarders.
I checked my own server; you need a semicolon after each one, I think. No
commas.
>Yeah, I need to pay better attention to logs. I get confused, though: is
>/var/log/messages the one I should be following for most things such as this?
Mostly, yes.
>>/etc/sysconfig/network:
>>
>> NETWORKING=yes|no
>> HOSTNAME=<fqdn by default, but whatever hostname you want>
>> GATEWAY=<gateway IP>
>
>206.9.0.1 correct?
Correct.
>> GATEWAYDEV=<gateway device> (e.g. eth0)
>
>eth0? Put that in, but eth1 appears to be connected to DSL
>Oops! Saw note below and changed it to eth1
eth1 is correct. Since eth1 knows its gateway, you could conceivably use
only "GATEWAYDEV=eth1" and remove the "GATEWAY=206.9.0.1" altogether. This
might even be better, since your gateway could change (in theory) if your
provider decides to move you to a different network.
>> NISDOMAIN=<nis domain name>
>
>Is that my ISP? cnw.com?
Leave it out; it's optional and not relevant to you at all.
>>Both net.ipv4.ip_forward and net.ipv4.ip_always_defrag should be set to
>>"1" in /etc/sysctl.conf.
>
>They were set to 0; changed them to 1
These do not take effect until you reboot. There is a command to make them
take effect immediately, but I don't remember what it is. You might want to
simply reboot for them to take effect.
Let me try to work through Harry's stuff here too...
> > Harry Putman writes:
> > Your IP has given you nameservers so those should appear in
> > resolv.conf of the linux box. You say you can surf the net from that
> > box so that is apparently set up OK.
> > In brief: If you restart eth0, with:
> > ifconfig eth0 up
> > You see normal connectivity to internet from the linux box.
>
>Nope. Not any more. Must be one of the changes I made up above because it
>was working before.
Harry has made the mistake of assuming eth0 is your outside network, and
you have followed him into that mistake. It *should* work if you use eth1
instead.
> > Netstat -nr ouput shows 216.9.0.0 as eth1 IP address. Maybe a typo
> > and is really 209.9.0.1 but either way that is wrong.
Another typo here. It should be *206*, not 209, not 216. (We think... you
need to confirm to us which network and IP is actually right here.
By the way, either dhcpcd or pump (whichever of the two you're using)
provide a way to see what config you've received from the DHCP server at
your ISP; I just don't remember how to go look for it. The man pages for
pump and dhcpcd will have the answer, and you can use the "ps auxw | grep
dhcpcd" command I mentioned to find out which one you are running. Note:
eth1 must be up or neither will be running.
> > Eth1 IP should be set to an address you've choosen for your internal
> > network. Something in the 192 range like 192.168.0.1. If I remember
> > correctly, there will be no gateway for eth1.
Again, in your config this was eth0
> > Test it with:
> > ifconfig eth1 up
> > ping 192.168.0.1 (or what ever number you've chosen)
>
>Works.
Huh? You bring up your outside link and you can talk to the Windows box? WTF?
OK, I'm confused now.
I think this is a good time to stop and think. Kindly send a new message with:
1. the *current* contents of:
/etc/sysctl.conf
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
2. the output of:
route -n
lsmod
3. your DHCP config information from your ISP (obtained from some file
from pump or dhcpcd)
4. Are you using ipchains or iptables? I forget.
5. The actual network config of the Winbox
6. Harry told you to remove all firewall rules INCLUDING YOUR
IP MASQUERADING as a test; have you reactivated it?
6. What currently works (after a reboot) out of this list:
o Ping Win-Lin and Lin-Win by IP address
o Ping Win-Out by IP address
o Ping Win-Out by name
o Browse Win-Out by IP address
o Browse Win-Out by name
o Ping Lin-Out by IP address
o Ping Lin-Out by name
o Browse Lin-Out by IP address
o Browse Lin-Out by name
--
Rodolfo J. Paiz
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
