Re: IP forwarding problem
On Fri, 2006-01-27 at 14:52 +, Oliver Elphick wrote: > Can anyone help with this network problem, please? > > This machine is an internal router, with two network cards. iptables is > not configured in the kernel, since masquerading and filtering is not > required. (There is a separate firewall machine.) > > 192.168.2 (eth0) is a network with Windows machines. Packets to and > from that network are no longer being forwarded. The routing table > appears to be correct and IP forwarding is turned on. > > Machines on 192.168.2.* are able to ping 192.168.1.18 (the other network > card on the routing machine) but they cannot ping any other machine on > the 192.168.1 network. Similarly, the router can ping 192.168.2.* but > no other machine on 192.168.1 can do so. > > This set up was working until it was shut down and rebooted :-( To close this thread for the benefit of readers of the archives, the problem was that the routing table on the main gateway did not have an entry for the 192.168.2.0 network. All the server machines had been shut down and rebooted together because the UPS batteries had to be replaced. It seems that the gateway machine came up before the internal router and was unable to add a route for 192.168.2.0 because the router was not yet responding. Oliver Elphick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IP forwarding problem
On Fri, 2006-01-27 at 21:01 +, Oliver Elphick wrote: > On Fri, 2006-01-27 at 12:31 -0600, Matt Zagrabelny wrote: > > On Fri, 2006-01-27 at 14:52 +, Oliver Elphick wrote: > > > Can anyone help with this network problem, please? > > > > > > This machine is an internal router, with two network cards. iptables is > > > not configured in the kernel, since masquerading and filtering is not > > > required. (There is a separate firewall machine.) > > > > > > 192.168.2 (eth0) is a network with Windows machines. Packets to and > > > from that network are no longer being forwarded. The routing table > > > appears to be correct and IP forwarding is turned on. > > > > how are you turning forwarding on? > > $ cat /etc/network/options > ip_forward=yes > spoofprotect=yes > syncookies=no i guess that method is deprecated: see bug #338235 but that is splitting hairs, it obviously is setting your sysctl options. well, take a look at your the FORWARD chain in your filter table: # iptables -v -n -t filter -L FORWARD and report that result. also you could do some tcpdump'ing. -matt zagrabelny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IP forwarding problem
On Fri, 2006-01-27 at 12:31 -0600, Matt Zagrabelny wrote: > On Fri, 2006-01-27 at 14:52 +, Oliver Elphick wrote: > > Can anyone help with this network problem, please? > > > > This machine is an internal router, with two network cards. iptables is > > not configured in the kernel, since masquerading and filtering is not > > required. (There is a separate firewall machine.) > > > > 192.168.2 (eth0) is a network with Windows machines. Packets to and > > from that network are no longer being forwarded. The routing table > > appears to be correct and IP forwarding is turned on. > > how are you turning forwarding on? $ cat /etc/network/options ip_forward=yes spoofprotect=yes syncookies=no > what does: > > # sysctl -a | grep forward > > list? > > ie: > > # sysctl -a | grep forward > net.ipv4.conf.eth1.mc_forwarding = 0 ... net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.eth1.mc_forwarding = 0 net.ipv4.conf.eth1.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.ip_forward = 1 That's the same as yours, bar sorting. > > > > > Machines on 192.168.2.* are able to ping 192.168.1.18 (the other network > > card on the routing machine) but they cannot ping any other machine on > > the 192.168.1 network. Similarly, the router can ping 192.168.2.* but > > no other machine on 192.168.1 can do so. > > > > This set up was working until it was shut down and rebooted :-( > > sometimes after a kernel upgrade or a reboot physical interfaces will be > renamed by the kernel. that will screw things up, but if you can ping > interfaces from the clients that doesnt sound like the problem, just > thought i would mention it. I can't see that that is a factor here. -- Oliver Elphick olly@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA Do you want to know God? http://www.lfix.co.uk/knowing_god.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IP forwarding problem
On Fri, 2006-01-27 at 14:52 +, Oliver Elphick wrote: > Can anyone help with this network problem, please? > > This machine is an internal router, with two network cards. iptables is > not configured in the kernel, since masquerading and filtering is not > required. (There is a separate firewall machine.) > > 192.168.2 (eth0) is a network with Windows machines. Packets to and > from that network are no longer being forwarded. The routing table > appears to be correct and IP forwarding is turned on. how are you turning forwarding on? what does: # sysctl -a | grep forward list? ie: # sysctl -a | grep forward net.ipv4.conf.eth1.mc_forwarding = 0 net.ipv4.conf.eth1.forwarding = 1 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.all.forwarding = 1 net.ipv4.ip_forward = 1 > > Machines on 192.168.2.* are able to ping 192.168.1.18 (the other network > card on the routing machine) but they cannot ping any other machine on > the 192.168.1 network. Similarly, the router can ping 192.168.2.* but > no other machine on 192.168.1 can do so. > > This set up was working until it was shut down and rebooted :-( sometimes after a kernel upgrade or a reboot physical interfaces will be renamed by the kernel. that will screw things up, but if you can ping interfaces from the clients that doesnt sound like the problem, just thought i would mention it. -matt zagrabelny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IP forwarding problem
Can anyone help with this network problem, please? This machine is an internal router, with two network cards. iptables is not configured in the kernel, since masquerading and filtering is not required. (There is a separate firewall machine.) 192.168.2 (eth0) is a network with Windows machines. Packets to and from that network are no longer being forwarded. The routing table appears to be correct and IP forwarding is turned on. Machines on 192.168.2.* are able to ping 192.168.1.18 (the other network card on the routing machine) but they cannot ping any other machine on the 192.168.1 network. Similarly, the router can ping 192.168.2.* but no other machine on 192.168.1 can do so. This set up was working until it was shut down and rebooted :-( Kernel 2.6.13 [EMAIL PROTECTED] netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 192.168.1.140.0.0.0 UG0 0 0 eth1 [EMAIL PROTECTED] cat /proc/sys/net/ipv4/ip_forward 1 [EMAIL PROTECTED] sudo ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:81:2E:17:30 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:81ff:fe2e:1730/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29786 errors:0 dropped:0 overruns:0 frame:0 TX packets:17333 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3292835 (3.1 MiB) TX bytes:3704290 (3.5 MiB) Interrupt:153 eth1 Link encap:Ethernet HWaddr 00:E0:81:2E:17:31 inet addr:192.168.1.18 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:81ff:fe2e:1731/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2202383 errors:0 dropped:0 overruns:0 frame:0 TX packets:1480881 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:524809613 (500.4 MiB) TX bytes:358879507 (342.2 MiB) Interrupt:161 Oliver Elphick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PPP server / IP forwarding problem?
I sent you a reply via email, but it bounced. It is a bit long to post here, so please contact me with a valid address. Lindsay =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lindsay Allen <[EMAIL PROTECTED]> Perth, Western Australia voice +61 8 9316 2486modem +61 8 9364-9832 32S, 116E http: http://rolf.ece.curtin.edu.au/~lindsay debian linux =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
PPP server / IP forwarding problem?
I'm trying to setup a ppp dialup server on Linux (2.0.29)/ Debian 1.3 and am having problems. I want a Win95 machine to be able to dialup into my linux box and access the Internet through the linux box which is connected to a router (internet). I am able to get the modems to connect and I can ping the win95 machine from linux and the Win95 machine can ping my ethernet port. However, I can't get the win95 machine to ping the router. So, the Win95 machine cannot access the Internet (web,etc.), or anything beyond the Linux machine. Is this an IP forwarding problem? I'm not sure if I have IP forwarding turned on or not. How can I tell? What does IP forwarding do anyway? I know I can access the Internet from the Linux box w/ no problems. I used debian to install everything so I can't find any source files around for the kernel to see if IP forwarding was turned on or not. Does this mean I have to use "kernel-package_VVV_all.deb" to build a custom kernel??? I'm confused. Here's my setup: -- Internet | -- | | | --- Router: 208.128.204.1 | --- | | | eth0: 208.128.204.2| | Linux Box | | ttyS1 serial port: | 208.128.204.3??| | | - 208.128.204.4 | Win95 machine | - Does the serial port need its own ip? Does it have to be a real IP or can it be a private one? In my options.ttyS1 (setup for dynamic IP addressing) file I have: 208.128.204.3:208.128.204.4 Is this right? Or, should it be the ethernet (.2) or router (.1) address instead of (.3 serial port). I've tried all three, and it doesn't seem to matter. When I used .1 (router) address I think my linux box got locked out of the router (couldn't ping the router from linux). I still can't access the Internet via the WIn95 machine. Any help would be greatly appreciated. Everything's been pretty much setup based on reading the PPP howto, mgetty stuff, and serial howtos. Going Bonkers, Chris [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .