Re: Setting up a home gateway/router
Mike McGinn mikemcg...@mcginnweb.net writes: Comments below On Friday, May 23, 2014 11:52:43 csanyi...@gmail.com wrote: csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. I built a gateway / router / vpn / firewall at work using Debian Squeeze. The first thing I noticed is that you did not define a gateway for eth0. That could be your problem. This is normally defined for you by the dhcp server, so you would have not needed it before, but you probably need it now. Yes, I thought as much, but don't know which IP address to add as a default gateway in my case? The command should look like this: # route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.1 dev eth0 ??? but what IP address should I add into this command? -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mwe7scj2@gmail.com
Re: Setting up a home gateway/router
Hi.
On Sat, 24 May 2014 12:21:05 +0200
csanyi...@gmail.com wrote:
Yes, I thought as much, but don't know which IP address to add as a
default gateway in my case?
The command should look like this:
# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.1 dev eth0
???
but what IP address should I add into this command?
As others wrote you, you need a default gateway.
A static route for 10.0.0.0/8 network won't do you any good as your
home router is unable to communicate with the outside world.
Assuming that your 217.17.111.173/24 address on eth0 is correct, you
probably need to set up default gateway as 217.17.111.1 (and you really
should check it with your ISP, they are the only ones who know this).
So, forget this 'route' stuff, just add 'gateway 217.17.111.1' to
your /etc/network/interfaces, bounce eth0, see how it goes.
Given you're using C-class network, you have just 255 possible values
for the default gateway :)
Reco
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/2014052412.9ed79f03bf130a85a50a8...@gmail.com
Re: Setting up a home gateway/router
Reco recovery...@gmail.com writes:
On Sat, 24 May 2014 12:21:05 +0200
csanyi...@gmail.com wrote:
Yes, I thought as much, but don't know which IP address to add as a
default gateway in my case?
The command should look like this:
# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.1 dev eth0
???
but what IP address should I add into this command?
As others wrote you, you need a default gateway.
A static route for 10.0.0.0/8 network won't do you any good as your
home router is unable to communicate with the outside world.
Assuming that your 217.17.111.173/24 address on eth0 is correct, you
probably need to set up default gateway as 217.17.111.1 (and you really
should check it with your ISP, they are the only ones who know this).
I just mail to my ISP and admins will help me but only on monday. :(
So, forget this 'route' stuff, just add 'gateway 217.17.111.1' to
your /etc/network/interfaces, bounce eth0, see how it goes.
Well, I just tried that, but without success.
/etc/network/interfaces
---
auto eth0
iface eth0 inet static
address 217.17.111.173
netmask 255.255.255.0
gateway 217.17.111.1
# ifdown eth0
# ifup eth0
$ ping 8.8.8.8
I get the following output:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 217.17.111.173 icmp_seq=1 Destination Host Unreachable
Can I do anything to setup my home network or must to wait monday for
ISP's admins?
--
Regards, from Paul
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87fvjzs4ur@gmail.com
Re: Setting up a home gateway/router
On 25/05/14 01:06, csanyi...@gmail.com wrote: Assuming that your 217.17.111.173/24 address on eth0 is correct, you probably need to set up default gateway as 217.17.111.1 (and you really should check it with your ISP, they are the only ones who know this). I just mail to my ISP and admins will help me but only on monday. :( Another likely candidate is the top of the block: 217.17.111.254 Give that a go. Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380a2a9.9080...@walnut.gen.nz
Re: Setting up a home gateway/router
Hi. On Sat, 24 May 2014 15:06:52 +0200 csanyi...@gmail.com wrote: Well, I just tried that, but without success. /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. As I wrote, if you don't want to guess - check with your ISP. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524180411.bf499e69a582fa1dfa03f...@gmail.com
Re: Setting up a home gateway/router
On 25/05/14 02:04, Reco wrote: Hi. On Sat, 24 May 2014 15:06:52 +0200 csanyi...@gmail.com wrote: Well, I just tried that, but without success. /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. As I wrote, if you don't want to guess - check with your ISP. Also - did they not give you any documentation when you got your static IP? Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380a813.8090...@walnut.gen.nz
Re: Setting up a home gateway/router
On 05/24/2014 09:06 AM, csanyi...@gmail.com wrote: snip Well, I just tried that, but without success. /etc/network/interfaces --- auto eth0 iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 gateway 217.17.111.1 # ifdown eth0 # ifup eth0 $ ping 8.8.8.8 I get the following output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 217.17.111.173 icmp_seq=1 Destination Host Unreachable Can I do anything to setup my home network or must to wait monday for ISP's admins? -- Regards, from Paul You may have to restart the networking or network-manager service or just reboot. I had to when I first setup static. Not sure why but it needed more than ifdown/ifup. e.g.: # service networking restart or, as I said, reboot. John -- --- John Bleichert-syb...@earthlink.net The heat from below can burn your eyes out! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380ae67.6020...@earthlink.net
Re: Setting up a home gateway/router
Hi. On Sat, 24 May 2014 10:36:23 -0400 John Bleichert syb...@earthlink.net wrote: You may have to restart the networking or network-manager service or just reboot. I had to when I first setup static. Not sure why but it needed more than ifdown/ifup. e.g.: # service networking restart Good intention on your part, but this is bad advice. In /etc/init.d/networking 'force-reload' and 'restart' methods are marked as deprecated. Specifically corresponding script says: log_warning_msg Running $0 $1 is deprecated because it may not re-enable some interfaces A good, Debian-supported way to do this is: service networking stop; service networking start Given that host in question probably lacks a console, above commands should go into exactly one line. PS. Why would anyone would run NetworkManager (better called NetworkDestroyer) willingly on a router is beyond me :) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524194300.6fa2f6c0423e7c34893e4...@gmail.com
Re: Setting up a home gateway/router
Reco recovery...@gmail.com writes: Hi. On Sat, 24 May 2014 15:06:52 +0200 csanyi...@gmail.com wrote: Well, I just tried that, but without success. /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. As I wrote, if you don't want to guess - check with your ISP. Well, I tried the default gateway with IP address: 217.17.111.1 and 217.17.111.254 None of them works. I rebooted every time when changed the default gw address. On both case I get the error message: $ ping -c 3 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 217.17.111.173 icmp_seq=3 Destination Host Unreachable --- 8.8.8.8 ping statistics --- 3 packet transmitted, 0 received, +1 errors, 100% packet loss, time 2017ms Also, I get no documentation else with the static IP address from my ISP but that that I get the static IP address 217.17.111.173 for the NIC with the specific MAC address that I don't wrote down here. Thank you all for help. -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a9a7rxi8@gmail.com
Re: Setting up a home gateway/router
On 05/24/2014 11:43 AM, Reco wrote: snip # service networking restart Good intention on your part, but this is bad advice. In /etc/init.d/networking 'force-reload' and 'restart' methods are marked as deprecated. Specifically corresponding script says: log_warning_msg Running $0 $1 is deprecated because it may not re-enable some interfaces A good, Debian-supported way to do this is: service networking stop; service networking start You're right. I remember that now (was a couple months ago). Given that host in question probably lacks a console, above commands should go into exactly one line. PS. Why would anyone would run NetworkManager (better called NetworkDestroyer) willingly on a router is beyond me :) Heh. Guilty of missing the rest of the thread... ( crawls back under his rock ) -- --- John Bleichert-syb...@earthlink.net The heat from below can burn your eyes out! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380beb7.2070...@earthlink.net
Re: Setting up a home gateway/router
On Sat, 24 May 2014 17:45:35 +0200 csanyi...@gmail.com wrote: Well, I tried the default gateway with IP address: 217.17.111.1 and 217.17.111.254 None of them works. I rebooted every time when changed the default gw address. Ok. Just to avoid sloppy wording I'd like to add that I meant 254 IP addresses left, not that you should set default gateway's last octet to 254. On both case I get the error message: $ ping -c 3 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 217.17.111.173 icmp_seq=3 Destination Host Unreachable --- 8.8.8.8 ping statistics --- 3 packet transmitted, 0 received, +1 errors, 100% packet loss, time 2017ms To keep things simple. Two host can communicate with each other without third party (router) only if they have their IPs from the same network. To communicate with the host from the different network (in your case, anything other than 217.17.111.0/24, 127.0.0.0/8 and, probably 10.0.0.0/8 which is your home network) - you need IP routing. Simpliest case of routing is to provide host with the default gateway, so any IP packet which does not belong to a 'defined' (see above) network should go there. You're trying to ping Google's DNS server, which isn't part of your network without a working default gateway, so no wonder it says you that 'Destination net is unreachable'. Also, I get no documentation else with the static IP address from my ISP but that that I get the static IP address 217.17.111.173 for the NIC with the specific MAC address that I don't wrote down here. That can greatly simplify things if your ISP is using NAT with some kind of port redirection. Meaning, you obtain your IP as before, and they did all the job already. Can you please try to obtain any address on eth0 via dhcp (as before), check if anything works (i.e. from you to the Internet), and then try to connect to 217.17.111.173 from the outside? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524200555.6bb283e039b509902e7ce...@gmail.com
Re: Setting up a home gateway/router
csanyi...@gmail.com a écrit : Reco recovery...@gmail.com writes: /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. Less. .0 and .255 are reserved as network and broadcast addresses. Also, I get no documentation else with the static IP address from my ISP but that that I get the static IP address 217.17.111.173 for the NIC with the specific MAC address that I don't wrote down here. Is it really static or DHCP with a reservation for your MAC address ? In the latter case, revert to DHCP and you'll get all the required parameters (address, netmask, gateway, DNS) automatically. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380c145.5040...@plouf.fr.eu.org
Re: Setting up a home gateway/router
On Sat, 24 May 2014 17:56:53 +0200 Pascal Hambourg pas...@plouf.fr.eu.org wrote: csanyi...@gmail.com a écrit : Reco recovery...@gmail.com writes: /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. Less. .0 and .255 are reserved as network and broadcast addresses. I seen ISPs that advertise routes ending with 0. A violation of certain RFC, I'm sure, but it did work. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524203851.ba03fee0b42b51f8f849a...@gmail.com
Re: Setting up a home gateway/router
Reco a écrit : To keep things simple. Two host can communicate with each other without third party (router) only if they have their IPs from the same network. No. Only if they share the same broadcast domain (link layer network), regardless of IP addressing. Usually IP subnetting matches link layer network divisions, but not always. That can greatly simplify things if your ISP is using NAT with some kind of port redirection. Meaning, you obtain your IP as before, and they did all the job already. Huh ? NAT does not make things simpler but more complicated ! What would be the benefit of using NAT here ? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380c870.4090...@plouf.fr.eu.org
Re: Setting up a home gateway/router
Hi. On Sat, 24 May 2014 18:27:28 +0200 Pascal Hambourg pas...@plouf.fr.eu.org wrote: Reco a écrit : To keep things simple. Two host can communicate with each other without third party (router) only if they have their IPs from the same network. No. Only if they share the same broadcast domain (link layer network), regardless of IP addressing. Usually IP subnetting matches link layer network divisions, but not always. A simplification always steps away from the truth. You're right, of course. Now, if only you could explain all this in simple words to the OP :) That can greatly simplify things if your ISP is using NAT with some kind of port redirection. Meaning, you obtain your IP as before, and they did all the job already. Huh ? NAT does not make things simpler but more complicated ! For the one who maintains it - it is definitely complicates things. For the common user network topology is irrelevant (as many other things do). For the specific task discussed in this thread (obtaining ssh access via the public IP) an appropriate network configuration at ISP's level (most probably including NAT for the end users) simplifies things for the OP. What would be the benefit of using NAT here ? The obvious benefit for the ISP lies in not providing every ISP's customer with costly public IP while using network equipment coming straight from '80s. The benefit for the ISP's user lies in obtaining NATted IP (and stuff) via DHCP exactly the same way as before, yet 'magically' gaining access to the home network from certain ISP-provided public IP. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524210332.94eb05cbf197f1ca40812...@gmail.com
Re: Setting up a home gateway/router
Reco a écrit : Pascal Hambourg pas...@plouf.fr.eu.org wrote: Reco recovery...@gmail.com writes: /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. Less. .0 and .255 are reserved as network and broadcast addresses. I seen ISPs that advertise routes ending with 0. A violation of certain RFC, I'm sure, but it did work. 1) A route is not an address. 2) An address ending with 0 is not always a network address (and conversely), depending on the prefix length. It is for /24. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5380ccb2.5010...@plouf.fr.eu.org
Re: Setting up a home gateway/router
On Sat, 24 May 2014 18:45:38 +0200 Pascal Hambourg pas...@plouf.fr.eu.org wrote: Reco a écrit : Pascal Hambourg pas...@plouf.fr.eu.org wrote: Reco recovery...@gmail.com writes: /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. Less. .0 and .255 are reserved as network and broadcast addresses. I seen ISPs that advertise routes ending with 0. A violation of certain RFC, I'm sure, but it did work. 1) A route is not an address. Indeed it is not. 2) An address ending with 0 is not always a network address (and conversely), depending on the prefix length. It is for /24. And you're correct here too. IIRC in one case they gave their customers /20 subnet with a default route ending with zero. Such 'network configuration' worked only with certain proprietary OS which had four-colored banner as a logotype. Suffice to say that on ISP level nobody cared about any other scenario of using their service. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524211415.92dffdbe50fda435d432b...@gmail.com
Re: Setting up a home gateway/router
Pascal Hambourg pas...@plouf.fr.eu.org writes: csanyi...@gmail.com a écrit : Reco recovery...@gmail.com writes: /24 net allows 256 addresses. You've tried one (and is using another one), so it's 254 to go. Less. .0 and .255 are reserved as network and broadcast addresses. Also, I get no documentation else with the static IP address from my ISP but that that I get the static IP address 217.17.111.173 for the NIC with the specific MAC address that I don't wrote down here. Is it really static or DHCP with a reservation for your MAC address ? In the latter case, revert to DHCP and you'll get all the required parameters (address, netmask, gateway, DNS) automatically. The problem is solved now. It is not really static but DHCP with a reservation for my MAC address. I mentioned before maybe that, that I removed the dhcp-client program. Now, I installed it again. Fortunately, I don't removed it from /var/cache/apt/archives/ directory. In /etc/network/interfaces I have now allow-hotplug eth0 iface eth0 inet dhcp I tried the commands in on command line: # service networking stop service networking start but this freezes the situation; I waiting 2 minutes and after that I power off and then power on the GW machine. After that I can login to it with SSH and can see that everything works. So the problem is solved. Thank you all for help. However, in this case ISP's closes all ports, but 80. So, now I have open port 80 only. But, if I want to setup on this server an LDAP server, then there must be opened other port too. Well, one is depend on her/his ISP very much. -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8738fzrmap@gmail.com
Re: Setting up a home gateway/router
On Sat, 24 May 2014 18:27:28 +0200 Pascal Hambourg pas...@plouf.fr.eu.org wrote: Huh ? NAT does not make things simpler but more complicated ! What would be the benefit of using NAT here ? Security by obscurity. NAT is one more hassle the badguys have to get through to get to your stuff. As botnets turn into brute force supercomputers, security by obscurity, used properly, is beginning to have some credibility again. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140524171928.736534bc@mydesk
Re: Setting up a home gateway/router
Vincent W. Chen a écrit : Do you mean that eth0 on GW has a static IP address? No, the OP wrote that internet-facing eth0 has a DHCP address from the ISP. # If you have IPv6 iface eth0 inet6 static address ::1 netmask 64 Nonsense. ::1 is for the loopback interface only. If you have IPv6, use your own global prefix. If you meant ::1 as an example, note that there is an IPv6 prefix dedicated to examples and documentation : 2001:db8::/32. You have to allow forwarding from your LAN to the outside internet. In /etc/sysctl.conf, enable net.ipv4.ip_forward=1 # If you have IPv6 net.ipv6.conf.all.forwarding=1 You'll probably need to do masquerading for IPv4 with iptables. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE. You could also set up a DHCP and DNS server on the gateway to make configuration easier on the LAN hosts. dnsmasq is reported to be easy. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/537f072b.2080...@plouf.fr.eu.org
Re: Setting up a home gateway/router
On Fri, 23 May 2014 06:57:15 +0200 csanyi...@gmail.com wrote: Hi, I wish to set up my home headless power pc box as a gateway/router ( GW ). I can connect to it with SSH only. Before, I set up this GW to get an IP address from my ISP with dhcp.client. Now, I ask a static IP address for this GW and don't know how to setup eth0 interface so I can connect to Internet from this GW and to forward Internet connection to my LAN. My ISP | --- eth0 ( GW ) --- eth1 | LAN This is my home network that I want to set up. The state of this setup so far is that that I can SSH into GW only, but can't reach the Internet, and from LAN I can't reach Internet too. Can I get advices how to setup my home network? Here's how I did it: http://www.troubleshooters.com/linux/pf/index.htm After Heartbleed, I temporarily switched to pfSense (https://www.pfsense.org/), and that's also working very well. As a matter of fact, right now I'm receiving this email, via ssh, through a port-forward in that router/firewall. I like Linux for a lot of things, but when it comes to firewalling, I'll pick pf over iptables every time. SteveT -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140523100307.1abbc02d@mylap4
Re: Setting up a home gateway/router
On 2014-05-23, Pascal Hambourg pas...@plouf.fr.eu.org wrote: Do you mean that eth0 on GW has a static IP address? No, the OP wrote that internet-facing eth0 has a DHCP address from the ISP. I understood that *before* he had a DHCP address from his ISP, but *now* he has a static address (only mentioning what he had before to sow confusion in the ranks :-)). Or perhaps he had it working before, with the dynamic ip address, but not now, with the static one. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnlnumtt.28r.cu...@einstein.electron.org
Re: Setting up a home gateway/router
Hi Vincent, Vincent W. Chen vin...@gmail.com writes: On Thu, May 22, 2014 at 9:57 PM, csanyi...@gmail.com wrote: I wish to set up my home headless power pc box as a gateway/router ( GW ). I can connect to it with SSH only. Before, I set up this GW to get an IP address from my ISP with dhcp.client. Before eth0 had dynamically assigned IP addresses that it get from my ISP with dhcp3.client. Now I don't have dhcp3 client installed on GW. I removed it. Now, I ask a static IP address for this GW and don't know how to setup eth0 interface so I can connect to Internet from this GW and to forward Internet connection to my LAN. Do you mean that eth0 on GW has a static IP address? If so, you probably have to modify /etc/network/interfaces for eth0, e.g. Yes, I mean that now, eth0 has a static IP address, that is: 217.17.111.173 specifically assigned to MAC address of eth0 interface. My ISP set this up on his side. At home, I have only a Cable modem. To this Cable Modem is connected the GW ( my headless power pc box ) with eth0 interface. I don't have ( I think ) IPv6. So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 # If you have IPv6 iface eth0 inet6 static address ::1 netmask 64 Change the IP address / netmask to your own. My ISP | --- eth0 ( GW ) --- eth1 | LAN This is my home network that I want to set up. The state of this setup so far is that that I can SSH into GW only, but can't reach the Internet, and from LAN I can't reach Internet too. Can I get advices how to setup my home network? You have to allow forwarding from your LAN to the outside internet. In /etc/sysctl.conf, enable net.ipv4.ip_forward=1 I have this already set. # If you have IPv6 net.ipv6.conf.all.forwarding=1 There may be other options in /etc/sysctl.conf that you'd want to change. Read the associated comments and manpages. If you are setting up a gateway, you might want to look into the firewall iptables/ip6tables. The standard procedure is to drop all packets, allowing only specific ones to pass through. I'm using Shorewall on my GW ( headless power pc ). -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbswldf0@gmail.com
Re: Setting up a home gateway/router
Curt cu...@free.fr writes: On 2014-05-23, Pascal Hambourg pas...@plouf.fr.eu.org wrote: Do you mean that eth0 on GW has a static IP address? No, the OP wrote that internet-facing eth0 has a DHCP address from the ISP. I understood that *before* he had a DHCP address from his ISP, but *now* he has a static address (only mentioning what he had before to sow confusion in the ranks :-)). Exactly. Or perhaps he had it working before, with the dynamic ip address, but not now, with the static one. Exactly. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ppj4ld88@gmail.com
Re: Setting up a home gateway/router
csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. Say, the output of the command 'ping gnu.org' is: ping: unknown host gnu.org My ISP | --- eth0 ( GW ) --- eth1 | LAN The LAN part of my home network works, I have setup a DHCPD server for eth1 interface. I can connect from LAN to my GW with SSH client. -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ioowlcfo@gmail.com
Re: Setting up a home gateway/router
On 23/05/2014 16:52, csanyi...@gmail.com wrote: csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. Say, the output of the command 'ping gnu.org' is: ping: unknown host gnu.org My ISP | --- eth0 ( GW ) --- eth1 | LAN The LAN part of my home network works, I have setup a DHCPD server for eth1 interface. I can connect from LAN to my GW with SSH client. That reply is reporting a DNS failure - its causes could be various. Is basic connectivity working, at all, beyond the GW? Here's how to find out. I suggest, instead, that you try: ping 8.8.8.8 which is Google's DNS service machine. Report back if you can ping. Include reports back when trying from (a) the GW device, and (b) a LAN device regards, Ron -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/537f7204.2090...@tesco.net
Re: Setting up a home gateway/router
Comments below On Friday, May 23, 2014 11:52:43 csanyi...@gmail.com wrote: csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. I built a gateway / router / vpn / firewall at work using Debian Squeeze. The first thing I noticed is that you did not define a gateway for eth0. That could be your problem. This is normally defined for you by the dhcp server, so you would have not needed it before, but you probably need it now. Mike Say, the output of the command 'ping gnu.org' is: ping: unknown host gnu.org My ISP --- eth0 ( GW ) --- eth1 LAN The LAN part of my home network works, I have setup a DHCPD server for eth1 interface. I can connect from LAN to my GW with SSH client. -- Regards, from Paul -- Mike McGinn KD2CNU Be happy that brainfarts don't smell. No electrons were harmed in sending this message, some were inconvenienced. ** Registered Linux User 377849 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201405231209.01310.mikemcg...@mcginnweb.net
Re: Setting up a home gateway/router
On 2014-05-23, csanyi...@gmail.com csanyi...@gmail.com wrote: csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. I don't know anything about it, but it seems something is missing here like gateway? dns servers (/etc/resolv.conf)? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnlnuskg.28r.cu...@einstein.electron.org
Re: Setting up a home gateway/router
Ron Leach ronle...@tesco.net writes: On 23/05/2014 16:52, csanyi...@gmail.com wrote: csanyi...@gmail.com writes: So I tried with this setup: iface eth0 inet static address 217.17.111.173 netmask 255.255.255.0 but it doesn't work. Say, the output of the command 'ping gnu.org' is: ping: unknown host gnu.org My ISP | --- eth0 ( GW ) --- eth1 | LAN The LAN part of my home network works, I have setup a DHCPD server for eth1 interface. I can connect from LAN to my GW with SSH client. That reply is reporting a DNS failure - its causes could be various. Is basic connectivity working, at all, beyond the GW? Here's how to find out. I suggest, instead, that you try: ping 8.8.8.8 which is Google's DNS service machine. Report back if you can ping. Include reports back when trying from (a) the GW device, and (b) a LAN device When ping 8.8.8.8 from: a) GW device connect: Network is unreachable b) LAN device ping -c 3 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 192.168.10.1 icmp_seq=1 Destination Net Unreachable From 192.168.10.1 icmp_seq=2 Destination Net Unreachable From 192.168.10.1 icmp_seq=3 Destination Net Unreachable --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1998ms less /etc/resolv.conf nameserver 91.102.231.242 nameserver 91.102.231.241 -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d2f4l57j@gmail.com
Re: Setting up a home gateway/router
On Fri, 23 May 2014 06:57:15 +0200 csanyi...@gmail.com wrote: Hi, I wish to set up my home headless power pc box as a gateway/router ( GW ). I can connect to it with SSH only. Before, I set up this GW to get an IP address from my ISP with dhcp.client. Now, I ask a static IP address for this GW and don't know how to setup eth0 interface so I can connect to Internet from this GW and to forward Internet connection to my LAN. My ISP | --- eth0 ( GW ) --- eth1 | LAN This is my home network that I want to set up. The state of this setup so far is that that I can SSH into GW only, but can't reach the Internet, and from LAN I can't reach Internet too. Can I get advices how to setup my home network? -- Regards, from Paul Are the ip adresses on your LAN publicly routable ? Probably not ? You will need to set up network address translation to masquerade all your internal traffic as coming from the public ip address assigned by your ISP. This requires some trickery with iptables. You will need a firewall too, anyway. The shorewall documentation gives some guidelines on how this can be done, and shorewall is more managable than manipulating iptables directly. http://www.shorewall.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140523210244.0fc88...@orac.fil
Setting up a home gateway/router
Hi, I wish to set up my home headless power pc box as a gateway/router ( GW ). I can connect to it with SSH only. Before, I set up this GW to get an IP address from my ISP with dhcp.client. Now, I ask a static IP address for this GW and don't know how to setup eth0 interface so I can connect to Internet from this GW and to forward Internet connection to my LAN. My ISP | --- eth0 ( GW ) --- eth1 | LAN This is my home network that I want to set up. The state of this setup so far is that that I can SSH into GW only, but can't reach the Internet, and from LAN I can't reach Internet too. Can I get advices how to setup my home network? -- Regards, from Paul -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mwe9ay8k@gmail.com
Re: Setting up a home gateway/router
On Thu, May 22, 2014 at 9:57 PM, csanyi...@gmail.com wrote: Hi, I wish to set up my home headless power pc box as a gateway/router ( GW ). I can connect to it with SSH only. Before, I set up this GW to get an IP address from my ISP with dhcp.client. Now, I ask a static IP address for this GW and don't know how to setup eth0 interface so I can connect to Internet from this GW and to forward Internet connection to my LAN. Do you mean that eth0 on GW has a static IP address? If so, you probably have to modify /etc/network/interfaces for eth0, e.g. iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 # If you have IPv6 iface eth0 inet6 static address ::1 netmask 64 Change the IP address / netmask to your own. My ISP | --- eth0 ( GW ) --- eth1 | LAN This is my home network that I want to set up. The state of this setup so far is that that I can SSH into GW only, but can't reach the Internet, and from LAN I can't reach Internet too. Can I get advices how to setup my home network? You have to allow forwarding from your LAN to the outside internet. In /etc/sysctl.conf, enable net.ipv4.ip_forward=1 # If you have IPv6 net.ipv6.conf.all.forwarding=1 There may be other options in /etc/sysctl.conf that you'd want to change. Read the associated comments and manpages. If you are setting up a gateway, you might want to look into the firewall iptables/ip6tables. The standard procedure is to drop all packets, allowing only specific ones to pass through. Regards, Vincent Chen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAFuqiEbUx=qpzw2+5han2s1rmucg1yeraz66drm+qqchkzx...@mail.gmail.com
