Re: Configuration for a Linux router with a client having a public address
peasth...@shaw.ca wrote: Given linux router dalton, eth 3, connected to a local machine carnot, eth0, with a cross-over cable, I need some help to set the configurations properly. #dalton:/etc/network/interfaces ... iface eth3 inet static address 172.24.2.1 up route add -host 142.103.107.138 down route del -host 142.103.107.138 So dalton has address 172.24.2.1 in the RFC1918 private address space. And additionally you are adding a host route to ip address 142.103.107.138 which will be locally connected. This seems like trouble since you do not have a local address on that network. #carnot:/etc/network/interfaces ... iface eth0 inet static address 142.103.107.138 gateway 172.24.2.1 So carnot has address 142.103.107.138, missing a netmask and network configuration, but has a gateway that is not on the local subnet? That is trouble. Strictly speaking it would need a gateway to reach the defined gateway. That isn't good. Obviously these specifications are deficient; but there is no point in fretting details until I understand the concepts. If you want a point to point network between two machines on a crossover cable then both hosts should be on the same subnet. The link must be in a network. How can 172.24.2.1 and 142.103.107.138 be in one network? You have asked the question but it is your configuration! Why did you configure it that way if you already realize that it won't work? Practically they can't. Hypothetically you could join them together but you don't really want to do that. Instead define a subnet for both hosts and put each host on that subnet. Does carnot need a local address along with its public address? You have given carnot the 142.103.107.138 address. That is in the public address space. But it looks like it is on a private network behind another router. Are you trying to put a host up on the public Internet and trying to place it behind a firewall/router? Is dalton a router on the public Internet? (It would help to know if it is a WRT54G type of router or if it is a full functionality Debian host.) Is carnot a machine on your private network that you want to actually host the public Internet service (HTTP, SMTP, SSH)? Are you trying to port forward public Internet services through dalton to carnot? I am guessing it is something like that. In that case it is your public Internet router dalton that should get the public IP address. (Or at least an arp proxy, but I think that is more complicated.) Then have it port forward to carnot for the services that you want to host on carnot. At least this is one way to do it. There are several different ways. And each of them have subtle things that if not configured correctly will cause things not to work as desired. r...@dalton:~# /etc/init.d/networking restart Running /etc/init.d/networking restart is deprecated because it may not enable a gain some interfaces ... (warning). So networking restart deprecated. What is the new way? The new way is with ifup and ifdown. sudo ifdown eth0 sudo ifup eth0 In the old days interfaces were quite static on systems. But with the coming of removable and hotplug devices such as PCMCIA or USB network interface cards there was a need to move to a more dynamic system. Before networking needed to come online at boot time and go offline at shutdown time. But that isn't sufficient now. Now devices come online when they are plugged in and go offline when they are disconnected. Everything has been rewritten to be event driven. For those of us who were used to the old static boot time system it is a little bit of a change in mind set but a worthwhile one because of the new capabilities that it provides. Basically this means that you rarely if ever should have the need to run /etc/init.d/networking stop but would bring an individual interface offline with ifdown eth0 instead. Bob signature.asc Description: Digital signature
Re: Configuration for a Linux router with a client having a public address
From: Bob Proulx b...@proulx.com Date: Thu, 02 Sep 2010 14:00:20 -0600 So dalton has address 172.24.2.1 in the RFC1918 private address space. Dalton has external address 142.103.107.137 and several internal addresses including 172.24.2.1. Here is an old sketch. Dalton is on the left. We're not concerned with Joule. http://members.shaw.ca:80/peasthope/Network.jpg Until my current tinkering, Carnot and Dalton were both connected to the network through an old Allied Telesis CentreCOM 3612TR not in the sketch. The current objective is to eliminate the 3612TR and route to Carnot through Dalton. Two benefits: less machinery running; faster communication to Dalton. The 3612TR is 10BASE-T. If you want a point to point network between two machines on a crossover cable then both hosts should be on the same subnet. Both ends of a cable must be on one subnet. is an axiom of networking? That's crucial. Instead define a subnet for both hosts and put each host on that subnet. For example, Carnot gets address 172.24.2.2 connecting to Dalton at 172.24.2.1. Still, the outside world expects to find Carnot at 142.103.107.138. Continued below. Is dalton a router on the public Internet? (It would help to know if it is a WRT54G type of router or if it is a full functionality Debian host.) Dalton is a Linux router running Debian Squeeze with public address 142.103.107.137. The firewall will prevent a response by ping. ssh 142.103.107.137 should indicate it exists. Is carnot a machine on your private network that you want to actually host the public Internet service (HTTP, SMTP, SSH)? Correct. HTTP SSH are sufficient. ... dalton that should get the public IP address. ... have it port forward to carnot for the services that you want to host on carnot. Dalton gets 142.103.107.138 while carnot has only a local address; neither machine uses 142.103.107.137. There are several different ways. And each of them have subtle things that if not configured correctly will cause things not to work as desired. OK. It's a learning exercise for now. The new way is with ifup and ifdown. sudo ifdown eth0 sudo ifup eth0 ... bring an individual interface offline with ifdown eth0 instead. Right oh. Will try these ideas tomorrow morning or next week. Thanks,... Peter E. -- VoIP 7785886232 is gone. Please use 13604502132. Sparcstation 2 netboots netbsd; installation pending. Personal site works; http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056610.63433.417...@cantor.invalid
Re: Configuration for a Linux router with a client having a public address
peasth...@shaw.ca wrote: Bob Proulx wrote: So dalton has address 172.24.2.1 in the RFC1918 private address space. Dalton has external address 142.103.107.137 and several internal addresses including 172.24.2.1. Here is an old sketch. Dalton is on the left. We're not concerned with Joule. http://members.shaw.ca:80/peasthope/Network.jpg Excellent diagram! Thank you very much for sharing it. Until my current tinkering, Carnot and Dalton were both connected to the network through an old Allied Telesis CentreCOM 3612TR not in the sketch. The current objective is to eliminate the 3612TR and route to Carnot through Dalton. Two benefits: less machinery running; faster communication to Dalton. The 3612TR is 10BASE-T. And it is a hub instead of a switch too. Good box in its day though. If you want a point to point network between two machines on a crossover cable then both hosts should be on the same subnet. Both ends of a cable must be on one subnet. is an axiom of networking? That's crucial. Yes. Keep both ends of the cable on the same subnet. Instead define a subnet for both hosts and put each host on that subnet. For example, Carnot gets address 172.24.2.2 connecting to Dalton at 172.24.2.1. Yes. Exactly. Still, the outside world expects to find Carnot at 142.103.107.138. Continued below. I see and note that that address is one over from dalton's public IP address. Is dalton a router on the public Internet? (It would help to know if it is a WRT54G type of router or if it is a full functionality Debian host.) Dalton is a Linux router running Debian Squeeze with public address 142.103.107.137. Good to know. It opens up additional possibilities. The firewall will prevent a response by ping. ssh 142.103.107.137 should indicate it exists. Yes. Note that you can get one level lower and connect to the ssh port 22 directly. I like to use 'connect' but others will use 'nc' or 'socat' or other favorite tools. But everyone has telnet. $ telnet example.com 22 Escape character is '^]'. SSH-2.0-OpenSSH_5.1p1 Debian-5 However to exit telnet you have to be able to read the message Escape character is '^]'. and then type that in and then q or quit to get out. You would be surprised at how many times I have had people have trouble there. So I like 'connect' which is 8-bit clean and can be interrupted. apt-get install connect-proxy $ connect example.com 22 SSH-2.0-OpenSSH_5.1p1 Debian-5 Is carnot a machine on your private network that you want to actually host the public Internet service (HTTP, SMTP, SSH)? Correct. HTTP SSH are sufficient. Oh good. ... dalton that should get the public IP address. ... have it port forward to carnot for the services that you want to host on carnot. Dalton gets 142.103.107.138 while carnot has only a local address; neither machine uses 142.103.107.137. The .137 is in the diagram as attached to dalton. I know you said that was an old diagram. But is that perhaps reversed with .138? It doesn't really matter since you know which is wich but just trying to keep up here. I will make the assumption for now and move on. There are several different ways. And each of them have subtle things that if not configured correctly will cause things not to work as desired. OK. It's a learning exercise for now. There are two main directions that I would suggest, and one of those main directions has two sub-directions. (grin) One way is to have dalton configured for *both* addresses and then tunnel the ports over to carnot through ssh. That has the advantage of being simple and easy to put together in parts. But the use of ssh isn't the most efficient and some people find ssh confusing. Another way would be to use the Linux netfilter interface to port forward the desired ports. My favorite netfilter tool is Shorewall. Using the Linux netfilter with Shorewall seems the most attractive. But it can be the most confusing to debug and get working correctly so isn't the easiest either. But I think you probably want a Proxy ARP configuration. Look at this documentation for one way of how to set this up. http://www.shorewall.net/shorewall_setup_guide.htm http://www.shorewall.net/ProxyARP.htm Good luck! I would be interested to know how this turns out. Bob signature.asc Description: Digital signature
Re: configuration of a linux router
Andrew others, At Date: Mon, 16 Jun 2008 16:42:41 -0700 A.S-W. wrote, that does not mean that a rule for POP3 is not needed. I don't remember if shorewall is case sensitive, but I bet it is in the context of defining a rule. maybe post the actual config line to produces the error? My /etc/shorewall/rules, with the offending rules for POP3 commented out, is now visible. http://carnot.pathology.ubc.ca/rules The report from shorewall. http://carnot.pathology.ubc.ca/ShorewallReport Equally peculiar: while the rule for SMTP is commented out, a message can be sent from loc _via_ SMTP. Thanks for any help, ... Peter E. -- http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ Desktops.OpenDoc http://members.shaw.ca/peasthope/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
Folk, At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote, ... if you want to really understand it use shorewall after reading shorewall-doc. ipmasq works but I want to use shorewall. I wonder why rules are needed for FTP but not for POP3. In fact, a rule for POP3 produces a complaint about ... unknown protocol 'pop3' Any ideas? Thanks, ... Peter E. -- http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ Desktops.OpenDoc http://members.shaw.ca/peasthope/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
Folk, At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote, ... if you want to really understand it use shorewall after reading shorewall-doc. ipmasq works but I want to use shorewall. I wonder why rules are needed for FTP but not for POP3. In fact, a rule for POP3 produces a complaint about ... unknown protocol 'pop3' Any ideas? Thanks, ... Peter E. -- http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ Desktops.OpenDoc http://members.shaw.ca/peasthope/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Mon, 2008-06-16 at 16:01 -0700, [EMAIL PROTECTED] wrote: Folk, At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote, ... if you want to really understand it use shorewall after reading shorewall-doc. ipmasq works but I want to use shorewall. I wonder why rules are needed for FTP but not for POP3. In fact, a rule for POP3 produces a complaint about ... unknown protocol 'pop3' In an unusual move, the FTP server connects to the client: Two connections are maintained instead of just one. You can force FTP to just use the client to server connection by using passive mode, but given that doing so makes some operations problematic, it's kind of a last-resort mode. -- Paul Johnson [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: configuration of a linux router
Folk, At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote, ... if you want to really understand it use shorewall after reading shorewall-doc. ipmasq works but I want to use shorewall. I wonder why rules are needed for FTP but a rule for POP3 produces a complaint about ... unknown protocol 'pop3' I need POP3 and SMTP to move mail. Any ideas? Thanks, ... Peter E. -- http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ Desktops.OpenDoc http://members.shaw.ca/peasthope/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Mon, Jun 16, 2008 at 04:01:39PM -0700, [EMAIL PROTECTED] wrote: Folk, At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote, ... if you want to really understand it use shorewall after reading shorewall-doc. ipmasq works but I want to use shorewall. I wonder why rules are needed for FTP but not for POP3. In fact, a rule for POP3 produces a complaint about ... unknown protocol 'pop3' that does not mean that a rule for POP3 is not needed. I don't remember if shorewall is case sensitive, but I bet it is in the context of defining a rule. maybe post the actual config line to produces the error? A signature.asc Description: Digital signature
Re: configuration of a linux router
Paul others, At Mon, 16 Jun 2008 16:33:50 -0700 Paul Johnson wrote, ... the FTP server connects to the client: Two connections are maintained ... As I am aware, ssh uses only one connection but it also gets ACCEPT rules. So I still don't understand why some protocols, dns, ftp and ssh, need rules in /etc/shorewall/rules while other protocols, pop, smtp and http, do not. Does shorewall accept the latter protocols by default? Seems contrary to reason. Thanks, ... Peter E. -- http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ Desktops.OpenDoc http://members.shaw.ca/peasthope/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
Douglas, dt Now you're using shaw.ca for your home domain. Do you own that? Would you like to e.g. relay mail for all of shaw.ca? Not really. OK, I've invented the domain name petershouse; the current hosts file follows. Please let me know of any remaining errors. Isn't there a place to specify the domain, analogous to /etc/hostname? Unfortunate that these matters aren't mentioned in the hosts man page. Also, I wonder that /etc/hostname, /etc/hosts, /etc/network/interfaces and perhaps a few other files haven't been amalgated into one. Excessive fragmentation increases the likelihood of confusion and error. Thanks, ... Peter E. # /etc/hosts file 127.0.0.1 localhost.localdomain localhost # Private LANs at home 172.23.4.1 joule.petershouse joule 172.23.4.2 curie.petershouse curie 172.23.5.1 joule.petershouse joule 172.23.5.2 heaviside.petershouse heaviside # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts Desktops.OpenDoc http://carnot.yi.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Sun, Mar 23, 2008 at 09:07:32AM -0700, [EMAIL PROTECTED] wrote: Douglas, dt Now you're using shaw.ca for your home domain. Do you own that? Would you like to e.g. relay mail for all of shaw.ca? Not really. OK, I've invented the domain name petershouse; the current hosts file follows. Please let me know of any remaining errors. Isn't there a place to specify the domain, analogous to /etc/hostname? Unfortunate that these matters aren't mentioned in the hosts man page. Also, I wonder that /etc/hostname, /etc/hosts, /etc/network/interfaces and perhaps a few other files haven't been amalgated into one. Excessive fragmentation increases the likelihood of confusion and error. Hhmm, not really. /etc/network/interfaces is for configuring your *interfaces* and is Debian specific. /etc/hostname and /etc/hosts are traditional *nix and serve a different purpose (yes I know they are all related to the network, but still ...). Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: configuration of a linux router
On Sun, Mar 23, 2008 at 09:07:32AM -0700, [EMAIL PROTECTED] wrote: dt Now you're using shaw.ca for your home domain. Do you own that? Would you like to e.g. relay mail for all of shaw.ca? Not really. Didn't think so :) OK, I've invented the domain name petershouse; the current hosts file follows. Please let me know of any remaining errors. It looks fine. Does it work? Do you have any firewall doing network address translation? If you want fire-and-forget just use ipmasq, if you want to really understand it use shorewall after reading shorewall-doc. What about supplying DNS services to your network? The easiest is to install dnsmasq. Isn't there a place to specify the domain, analogous to /etc/hostname? Unfortunate that these matters aren't mentioned in the hosts man page. Also, I wonder that /etc/hostname, /etc/hosts, /etc/network/interfaces and perhaps a few other files haven't been amalgated into one. Excessive fragmentation increases the likelihood of confusion and error. No. Each *NIX has its own way, however /etc/hosts is standard. Unix networking was developed with BSD and was then imported by the other *nix in various ways. Then different *nix made automated scripts to do the networking setup and each puts its configs somewhere different. On debian, its /etc/hostname and /etc/network/interfaces. Its all well documented and hasn't changed in a long time. Read the debian-reference. # /etc/hosts file 127.0.0.1 localhost.localdomain localhost # Private LANs at home 172.23.4.1joule.petershouse joule 172.23.4.2curie.petershouse curie 172.23.5.1joule.petershouse joule 172.23.5.2heaviside.petershouse heaviside # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts Desktops.OpenDoc http://carnot.yi.org/ I don't know what this line is for. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Mon, Mar 17, 2008 at 11:20:24AM -0700, [EMAIL PROTECTED] wrote: dt if you don't own peasthope.yi.org, then I wouldn't use it even locally. But I do own the machine and the name. OK I, personally, for the 127.0.0.1 would only use localhost and localhost.localdomain yi.org is a dynamic dns service. Not already being allocated is a precondition to assigning peasthope.yi.org to my computer. If this means that there is some possibility at any given time that you will not own that domain, then I would not use it locally. I'd use something else entirely. I suppose there would be no problem with using peasthope' without the .yi.org as a local domain sice without it, it will never be routable on the internet. dt It is a valid name. So ... I miss your drift here. I've seen people use a made-up name on their local network then have trouble, if they don't get their DNS setup just right, with packets getting routed to the real example.com whatever. I thought that you had just made up the name. If you owned the name outright, then there would be no problem using it locally. dt e.g. dt 172.23.4.1[thisbox].[yourlocaldoamin] [thisbox] Is [yourlocaldoamin] a domain name used only on my private LAN? Yes. One that cannot be routed to the internet, unless you own the domain. I understand why computers have names. ftp curie is better than ftp 172.23.4.2. But what is the benefit of a domain name for my LAN? Well, any time you need to lump your network together in, e.g. hosts.allow or in an MTA setup (e.g. host for which you will relay mail), its a lot easier to say *.hooton than to individually list all the hosts. Especially if you later add a host, you don't have to go around adding its name everywhere. I also is fundamental if you use anything other than files for resolving. The revised /etc/hosts is appended. With any luck it is closer to what you suggested. === .joule:~# cat /etc/hosts # /etc/hosts file 127.0.0.1 localhost.localdomain localhost # Private LANs at home 172.23.4.1joule.shaw.ca joule 172.23.4.2curie.shaw.ca curie 172.23.5.1joule.shaw.ca joule 172.23.5.2heaviside.shaw.ca heaviside Now you're using shaw.ca for your home domain. Do you own that? Would you like to e.g. relay mail for all of shaw.ca? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Sun, Mar 16, 2008 at 08:12:44PM -0400, Douglas A. Tutty wrote: On Sun, Mar 16, 2008 at 04:38:36PM -0700, [EMAIL PROTECTED] wrote: # /etc/hosts file 127.0.0.1 peasthope.yi.orgjoule localhost ^^ this should be: localhost.localdomain localhost the archive of the debian mailing lists contain a long discussion about localhost versus localhost.localdomain From what I remember, the RFCs for the DNS say that localhost *is* a FQDN (the only one without a dot, to the best of my knowledge), and they do not speak about localhost.localdomain So a line 127.0.0.1 localhost or 127.0.0.1 localhost first-alias second-alias should be correct. -- Chi usa software non libero avvelena anche te. Digli di smettere. Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale. Informatica=bomba: intelligente solo per gli stupidi che ci credono. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
Douglas, dt if you don't own peasthope.yi.org, then I wouldn't use it even locally. But I do own the machine and the name. yi.org is a dynamic dns service. Not already being allocated is a precondition to assigning peasthope.yi.org to my computer. dt It is a valid name. So ... I miss your drift here. dt e.g. dt 172.23.4.1 [thisbox].[yourlocaldoamin] [thisbox] Is [yourlocaldoamin] a domain name used only on my private LAN? I understand why computers have names. ftp curie is better than ftp 172.23.4.2. But what is the benefit of a domain name for my LAN? The revised /etc/hosts is appended. With any luck it is closer to what you suggested. Thanks, ... Peter E. === .joule:~# cat /etc/hosts # /etc/hosts file 127.0.0.1 localhost.localdomain localhost # Private LANs at home 172.23.4.1 joule.shaw.ca joule 172.23.4.2 curie.shaw.ca curie 172.23.5.1 joule.shaw.ca joule 172.23.5.2 heaviside.shaw.ca heaviside # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts === Desktops.OpenDoc http://carnot.yi.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Sun, Mar 16, 2008 at 04:38:36PM -0700, [EMAIL PROTECTED] wrote: Douglas others, dt Now you will have three networks. ... ... You shouldn't have to add routes like this ... Right oh. dt change this to 172.23.5.1, and change heaviside's to 172.23.5.2 The revised configuration follows. Everything appears OK now. There is no hub consuming power and two cables rather than three. Thanks for the help, ... Peter E. joule:~# cat /etc/hosts # /etc/hosts file 127.0.0.1 peasthope.yi.orgjoule localhost ^^ this should be: localhost.localdomain localhost if you don't own peasthope.yi.org, then I wouldn't use it even locally. It is a valid name. Then you should have entries for this box on your local network domain e.g. 172.23.4.1 [thisbox].[yourlocaldoamin] [thisbox] 172.23.5.1 ditto Then ensure either that these entries are duplicated on currie and heaviside or run dnsmasq on this box. # Private LANs at home 172.23.4.2 curie try 172.23.4.2curie.[yourlocaldomain] curie 172.23.5.2 heaviside ditto In short, its always helpful to have a local domain name, especially for handling email. The rest looks fine, I'm glad it works. Doug. # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts joule:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). auto lo eth0 eth1 eth2 # The loopback network interface iface lo inet loopback # The primary network interface iface eth0 inet dhcp # The interface to curie iface eth1 inet static address 172.23.4.1 netmask 255.255.255.0 # The interface to heaviside iface eth2 inet static address 172.23.5.1 netmask 255.255.255.0 joule:~# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.23.5.0 * 255.255.255.0 U 0 0 0 eth2 172.23.4.0 * 255.255.255.0 U 0 0 0 eth1 24.108.32.0 * 255.255.252.0 U 0 0 0 eth0 default 24.108.32.1 0.0.0.0 UG0 0 0 eth0 Desktops.OpenDoc http://carnot.yi.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuration of a linux router
On Sun, Mar 02, 2008 at 02:40:22PM -0700, [EMAIL PROTECTED] wrote: Folk, My LAN has a Debian router, joule, and two subordinate machines, curie and heaviside. The three connect to an old Linksys 10Base-T hub. joule connects to a cable modem through a second NIC and runs ipmasq. Currently I want to add a third NIC to joule, remove the hub and connect each of curie and heaviside to a NIC in joule using a crossover cable. All appears OK except that curie and heaviside fail to communicate with each other. To my unexperienced ear it sounds like you want bridging. Shorewall should be able to do it. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: configuration of a linux router
On Sun, Mar 02, 2008 at 02:40:22PM -0700, [EMAIL PROTECTED] wrote: My LAN has a Debian router, joule, and two subordinate machines, curie and heaviside. The three connect to an old Linksys 10Base-T hub. joule connects to a cable modem through a second NIC and runs ipmasq. Currently I want to add a third NIC to joule, remove the hub and connect each of curie and heaviside to a NIC in joule using a crossover cable. All appears OK except that curie and heaviside fail to communicate with each other. Now you will have three networks. The first, from joule to the cable modem, a second from joule to curie, and a third from joule to heaviside. The output of cat /etc/network/interfaces and netstat -r follow. Thanks for any ideas, ... Peter E. joule:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). auto lo eth0 eth1 eth2 # The loopback network interface iface lo inet loopback # The primary network interface iface eth0 inet dhcp #iface eth0 inet static # The interface to curie iface eth1 inet static address 172.23.4.1, is curie 172.23.4.2? netmask 255.255.255.0 up route add -host 172.23.4.4 dev $IFACE downroute del -host 172.23.4.4 dev $IFACE You shouldn't have to add routes like this. # The interface to heaviside iface eth2 inet static address 172.23.4.1 change this to 172.23.5.1, and change heaviside's to 172.23.5.2 netmask 255.255.255.0 up route add -host 172.23.4.3 dev $IFACE down route del -host 172.23.4.3 dev $IFACE You shouldn't have to add routes like this joule:~# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface heaviside * 255.255.255.255 UH0 0 0 eth2 curie * 255.255.255.255 UH0 0 0 eth1 172.23.4.0 * 255.255.255.0 U 0 0 0 eth1 172.23.4.0 * 255.255.255.0 U 0 0 0 eth2 24.108.32.0 * 255.255.252.0 U 0 0 0 eth0 default 24.108.32.1 0.0.0.0 UG0 0 0 eth0 The problem is that you have two separate network segments but haven't made that clear to the system. Joule is triple-homed and so needs three IPs. /etc/hosts will have to reflect this too appropriatly on all three boxes. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]