Re: routing setup question
On Fri, 18 Apr 1997, Benedikt Eric Heinen wrote:
On Tue, 15 Apr 1997, Jens B. Jorgensen wrote:
[ all my config info deleted ]
Let me comment: Except for one minor flaw, those configs are working. The
only flaw in there was, that in the setup for icemark, the route to
firefranc needs to be a host route (root add -host ${FIREFRANC} eth0)
instead of a net route (route add -net ${NETWORK} eth0). The net route
resulted in me being unable to reach other thenet hosts, like for instance
www.thenet.ch...
that's what i said would happen.
Apart from that Jens help was exactly what I asked for...
good. i'm glad changing it to a host route worked.
What if Benedikt needs two hosts connected because he intends to
run DNS and has to have a primary and secondary server in order to
register his own domains? This *would* *not* *work* using IP masq or
transparent proxying.
yes, as i said there are some limitations to IPmasq...and this is one of
them. However it's not, IMO, a big problem because that isn't something
you *should* be trying to do anyway.
Excellent guess, because that is *exactly* what I needed this
information for... ;) Setting up the nameservers will be the next job.
That's a bad way of doing DNS. if your link is down, no one will be able
to resolve hostnames in your domain (e.g. to forward mail to one of your
MX hosts...probably your ISP, or even to connect to a virtual web server
which you have hosted at a site with a much faster link).
Secondaries should be on different networks. Preferably on completely
different network paths.
Why not just ask someone (or several someones!) to secondary for you?
You'll probably find that most linux users near you with a permanent net
connection will be happy to do it. Ask in a local newsgroup or mailing
list or something.
Even if you can't find some altruistic soul, i'm sure you could find
other people who also need a secondary who dont want to pay some
outrageous sum for 2 seconds worth of editing their named config file.
Swap secondary services with them.
Craig
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
Re: routing setup question
On Tue, 15 Apr 1997, Jens B. Jorgensen wrote:
lisa.thenet.ch icemark.thenet.ch firefranc
ppp0193.135.252.75 193.135.252.47
eth0192.168.101.1 192.168.101.2
[...]
The new setup should look like:
ISP My systems
lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch
--- ppp0 --- --- eth0 ---
193.135.252.75 193.135.252.47 193.135.252.179
Ok, I'm not sure why Rick wanted to swap the IP addresses for icemark
and firefranc, but here's a setup that should work based upon the
info you provided.
Icemark will use 193.135.252.47 as the IP address for *both* the
ppp interface and the ethernet interface. That is, icemark's
/etc/init.d/network should look like this:
#!/bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=193.135.252.47
NETMASK=255.255.255.0
NETWORK=193.135.252.0
BROADCAST=193.135.252.255
#GATEWAY=none
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
#route add default gw ${GATEWAY} metric 1
You won't set the default route at boot time since it doesn't exist.
Instead, make sure that you include the 'defaultroute' option in
your /etc/ppp/options or on the command line for pppd. Now, on
firefranc, you'll have the following for you /etc/init.d/network
#!/bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=193.135.252.179
NETMASK=255.255.255.0
NETWORK=193.135.252.0
BROADCAST=193.135.252.255
GATEWAY=193.135.252.47
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
route add default gw ${GATEWAY} metric 1
This should do the trick. Yes, this means that if you do an ifconfig -a
when the ppp link is up on icemark, you'll see that ppp0 and eth0
*both* have 193.135.252.47 as their IP Address. This is ok, as long as
the netmasks are right.
but the netmasks are wrong. 255.255.255.0 is for a /24 (i.e. class C)
network. The network and broadcast addresses are wrong too, for the same
reason.
The reason you saw looping before when you tried a traceroute to
firefranc from icemark was probably because you still had the eth0's
IP address set to 192.168.101.1. Thus icemark routed the packet
for 193.135.252.179 to it's default route, the only one it knew.
lisa justly sent the packet back to icemark since it is set up to
route 193.135.179 to icemark. This behavior is as expected from your
settings. Now you know why IP packets have a Time-To-Live field!
The only problem with this is that neither machine will be able to
communicate directly with other machines on the 193.135.252/24 network -
with a netmask of 255.255.255.0 they will expect the entire 193.135.252
network to be on the local ethernet.
This could be a big problem if, for example, you need to communicate
directly with other customers of your ISP who use the same class C or
even worse if your ISP's news or www or www-proxy machines are on the
same class C.
NOTE: your network configuration would be **much** simpler if your ISP
would give you a small subnet rather than just two random ip addresses.
Ask your ISP to do this for you.
If your ISP can't or won't, then the only way i can think of at the
moment for getting the routing (almost) correct is to set up both
machines so that two small /30 subnets of 193.135.252 are routed via
the ethernet, and everything else is routed via the default gateway
(firefranc's def gw is icemark, icemark's def gw is the ppp interface).
Even this isn't perfect because there will be two subnets which your
machines wont be able to communicate with.
Alternatively, just use private 192.168.1.x addresses for the ethernet
and set up icemark to do IP masquerdading and transparent proxying.
There are very few limitations on what can be done with masquerading
these days, so this is probably the best (least messy!) solution for
you.
craig
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
Re: routing setup question
Craig Sanders wrote: On Tue, 15 Apr 1997, Jens B. Jorgensen wrote: [ all my config info deleted ] The only problem with this is that neither machine will be able to communicate directly with other machines on the 193.135.252/24 network - with a netmask of 255.255.255.0 they will expect the entire 193.135.252 network to be on the local ethernet. This is true. This could be a big problem if, for example, you need to communicate directly with other customers of your ISP who use the same class C or even worse if your ISP's news or www or www-proxy machines are on the same class C. NOTE: your network configuration would be **much** simpler if your ISP would give you a small subnet rather than just two random ip addresses. Ask your ISP to do this for you. If your ISP can't or won't, then the only way i can think of at the moment for getting the routing (almost) correct is to set up both machines so that two small /30 subnets of 193.135.252 are routed via the ethernet, and everything else is routed via the default gateway (firefranc's def gw is icemark, icemark's def gw is the ppp interface). Even this isn't perfect because there will be two subnets which your machines wont be able to communicate with. Alternatively, just use private 192.168.1.x addresses for the ethernet and set up icemark to do IP masquerdading and transparent proxying. There are very few limitations on what can be done with masquerading these days, so this is probably the best (least messy!) solution for you. I agree with everything here *except* for the assertion that using IP masquerading and transparent proxying are the best or least messy solution. The issue you're not addressing at all is that proxy solutions work only for *outgoing* connections--that is, connections which would be initiated by firefranc. What if Benedikt needs two hosts connected because he intends to run DNS and has to have a primary and secondary server in order to register his own domains? This *would* *not* *work* using IP masq or transparent proxying. And let's be realistic here. Do you think you could go to your ISP and say 'Hey, I'd like a subnet please. I've got two hosts and I need my own subnet so please give up 4 IP address from the 253 (yes 253, 0 255 can't be used) available just because I want them.' They'll say 'Sure, let me just ask my manager how much we'll have to charge you for that privilege.' I think the possibility that Benedikt will not be able to reach a few people who use his same ISP is probably the least of his concerns. That said, looking at a DNS dump from thenet.ch, if hostnames are any indication of allocated addresses, it would appear that only 27 addresses within 193.135.252 are currently used, so they could do this without much pain. I appreciate your efforts, Craig, to try to point out all the factors here which should go into a determination of what Benedikt should do. There are many ways to skin this cat. -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: routing setup question
On Tue, 15 Apr 1997, Jens B. Jorgensen wrote:
[ all my config info deleted ]
Let me comment: Except for one minor flaw, those configs are working. The
only flaw in there was, that in the setup for icemark, the route to
firefranc needs to be a host route (root add -host ${FIREFRANC} eth0)
instead of a net route (route add -net ${NETWORK} eth0). The net route
resulted in me being unable to reach other thenet hosts, like for instance
www.thenet.ch...
Apart from that Jens help was exactly what I asked for...
What if Benedikt needs two hosts connected because he intends to run DNS
and has to have a primary and secondary server in order to register his
own domains? This *would* *not* *work* using IP masq or transparent
proxying.
Excellent guess, because that is *exactly* what I needed this information
for... ;)
Setting up the nameservers will be the next job.
That said, looking at a DNS dump from thenet.ch, if hostnames are any
indication of allocated addresses, it would appear that only 27
addresses within 193.135.252 are currently used, so they could do this
without much pain.
Nope, actually most addresses are in use, the 193.135.252 net is also used
for their dialins. The 27 registered names are the only *fixed* numbers in
there.
Benedikt
signoff
---
Benedikt Eric Heinen - Muehlemattstrasse 53 - CH3007 Bern - SWITZERLAND
email: [EMAIL PROTECTED]
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
Re: routing setup question
Benedikt Eric Heinen wrote:
My first question would be are these valid IP addresses or did you pick
arbitrary addresses for your local systems?
As that question was asked by several people, the 192.168.101.x addresses
are arbritrary addresses for my own subnet. The 193.135.252.47 and
193.135.252.179 were addresses assigned to me by my ISP. Both are routed
from his machine, so if I try a traceroute from icemark to
firefrancs new address without setting the host-route for .179 to my
second machine first, the traceroute packets just 'run in circles' between
icemark and lisa. Still, there's one host at thenet that still needs to be
configured properly (traceroute from the outside currently stops before
reaching lisa, but that will be fixed soon). The problem on my own system
can't currently be solved by thenet, as their linux guy is on a
holiday at the moment...
lisa.thenet.ch icemark.thenet.ch firefranc
ppp0193.135.252.75 193.135.252.47
eth0192.168.101.1 192.168.101.2
[...]
The new setup should look like:
ISP My systems
lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch
--- ppp0 --- --- eth0 ---
193.135.252.75 193.135.252.47 193.135.252.179
Two people here suggested, that I might route the .179 address along the
192.168.101.0 network, but both couldn't tell me exactly how the icemark
needs to be set up, so that packets leaving firefranc out to the internet
have the proper sender address (193.135.252.179)...
Ok, I'm not sure why Rick wanted to swap the IP addresses for icemark
and firefranc, but here's a setup that should work based upon the
info you provided.
Icemark will use 193.135.252.47 as the IP address for *both* the
ppp interface and the ethernet interface. That is, icemark's
/etc/init.d/network should look like this:
#!/bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=193.135.252.47
NETMASK=255.255.255.0
NETWORK=193.135.252.0
BROADCAST=193.135.252.255
#GATEWAY=none
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
#route add default gw ${GATEWAY} metric 1
You won't set the default route at boot time since it doesn't exist.
Instead, make sure that you include the 'defaultroute' option in
your /etc/ppp/options or on the command line for pppd. Now, on
firefranc, you'll have the following for you /etc/init.d/network
#!/bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=193.135.252.179
NETMASK=255.255.255.0
NETWORK=193.135.252.0
BROADCAST=193.135.252.255
GATEWAY=193.135.252.47
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
route add default gw ${GATEWAY} metric 1
This should do the trick. Yes, this means that if you do an ifconfig -a
when the ppp link is up on icemark, you'll see that ppp0 and eth0
*both* have 193.135.252.47 as their IP Address. This is ok, as long as
the netmasks are right. The reason you saw looping before when you
tried a traceroute to firefranc from icemark was probably because
you still had the eth0's IP address set to 192.168.101.1. Thus icemark
routed the packet for 193.135.252.179 to it's default route, the only
one it knew. lisa justly sent the packet back to icemark since it is
set up to route 193.135.179 to icemark. This behavior is as expected
from your settings. Now you know why IP packets have a Time-To-Live
field!
--
Jens B. Jorgensen
[EMAIL PROTECTED]
Re: routing setup question
On Mon, 14 Apr 1997, Benedikt Eric Heinen wrote: The new setup should look like: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch --- ppp0 --- --- eth0 --- 193.135.252.75 193.135.252.47 193.135.252.179 Assuming you in reality have more than 1 IP address being routed to you, it's easy. You can't have the ppp0 and eth0 interfaces on icemark use the same IP. However, if you isp is willing to route you a /30, you'll be cool. Here's how you should be set up (assuming your ISP is sending you 193.135.252.177/30 aka 193.135.252.177 - .180, and the IP addr of your ppp0 is 193.135.252.47): icemark: ifconfig eth0 193.135.252.178 broadcast 193.135.252.180 netmask 255.255.255.252 route add -net 193.135.252.0 netmask 255.255.255.252 now bring up your ppp0 and set it to be the default route. Make sure your kernel on icemark has IP forward turned ON. firefranc: ifconfig eth0 193.135.252.179 broadcast 193.135.252.180 netmask 255.255.255.252 route add -net 193.135.252.0 netmask 255.255.255.252 route add default gw 193.135.252.178 If this is not the case, use a /24 from 192.168.0.0/16 for the ethernet interfaces on the boxes and use IP_Masquerade... Jason Costomiris | Finger for PGP 2.6.2 Public Key [EMAIL PROTECTED] | There is a fine line between idiocy My employers like me, but not| and genius. We aim to erase that line enough to let me speak for them. | --Unknown http://www.jasons.org/~jcostom
Re: routing setup question
My first question would be are these valid IP addresses or did you pick arbitrary addresses for your local systems? As that question was asked by several people, the 192.168.101.x addresses are arbritrary addresses for my own subnet. The 193.135.252.47 and 193.135.252.179 were addresses assigned to me by my ISP. Both are routed from his machine, so if I try a traceroute from icemark to firefrancs new address without setting the host-route for .179 to my second machine first, the traceroute packets just 'run in circles' between icemark and lisa. Still, there's one host at thenet that still needs to be configured properly (traceroute from the outside currently stops before reaching lisa, but that will be fixed soon). The problem on my own system can't currently be solved by thenet, as their linux guy is on a holiday at the moment... lisa.thenet.ch icemark.thenet.ch firefranc ppp0193.135.252.75 193.135.252.47 eth0192.168.101.1 192.168.101.2 [...] The new setup should look like: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch --- ppp0 --- --- eth0 --- 193.135.252.75 193.135.252.47 193.135.252.179 Two people here suggested, that I might route the .179 address along the 192.168.101.0 network, but both couldn't tell me exactly how the icemark needs to be set up, so that packets leaving firefranc out to the internet have the proper sender address (193.135.252.179)... Any more ideas anyone? Benedikt signoff --- Benedikt Eric Heinen - Muehlemattstrasse 53 - CH3007 Bern - SWITZERLAND email: [EMAIL PROTECTED]
Re: routing setup question
-BEGIN PGP SIGNED MESSAGE- On 15-Apr-97 Benedikt Eric Heinen wrote: are arbritrary addresses for my own subnet. The 193.135.252.47 and 193.135.252.179 were addresses assigned to me by my ISP. Both are routed from his machine, so if I try a traceroute from icemark to firefrancs new address without setting the host-route for .179 to my second machine first, the traceroute packets just 'run in circles' between icemark and lisa. Still, there's one host at thenet that still needs to be configured properly (traceroute from the outside currently stops before reaching lisa, but that will be fixed soon). The problem on my own system can't currently be solved by thenet, as their linux guy is on a holiday at the moment... You have to assign *.179 to eth0 on icemark - *.47 to eth0 on firefrancs. Assign ppp0 as default route on icemark and add *.179 to routing table so *.179 isn't sent out ppp0. Anything not in the routing table is sent out via the default route. Could explain the loop. Assign eth0 as default route on firefrancs. And until outside packets are routed properly you'll never know if it works. A traceroute from lisa should show lisa - icemark - firefranc. From icemark it should show icemark - firefrancs. This is the only checking you can do until the outside gateway is set up. My next question would be are those IP's arbitrary at the lisa machine? Is the lisa machine the server at your ISP? Strange that outside packets don't even reach lisa is why I ask. Have a good one. - -- Rick Jones E-Mail: Rick [EMAIL PROTECTED] Date: 15-Apr-97 Time: 16:10:29 - -- -BEGIN PGP SIGNATURE- Version: 2.6.2 iQCVAwUBM1PgtQi+Ph+i3TgpAQE3PwP+NDQQoWPq6EDM0w8V2B22pppQUWRHPK7Y itq2YrjEBX/Kx198b5B9NGBUexCffDh7zXfaI8Ji7273txx7KU1qSA8uHGJ0B692 VHuFeCbFjL+2+bCB+N7uXDci7jBHi6G1mQd5XdFyKsYifgfjDqgXrwlAtsYIu6NO h00+Tb2Sv28= =ZE3L -END PGP SIGNATURE-
routing setup question
Hi there, I've got a problem setting up routing for two linux boxes connected to the Internet. The setup used to be like this: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc ppp0193.135.252.75 193.135.252.47 eth0192.168.101.1 192.168.101.2 My systems are connected to each other using a fast ethernet link (3com 3c905TX cards), one of the two systems (icemark) is connected to the Internet via a ppp link. In that setup, firefranc can't access the Internet itself, but only by using proxy services on icemark. The new setup should look like: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch --- ppp0 --- --- eth0 --- 193.135.252.75 193.135.252.47 193.135.252.179 The firefranc should get a full link onto the Internet, but how do I have to set up the routing to make this work? I tried binding both ppp0 eth0 on icemark to the same IP address and setting icemark's default route to lisa and setting a host route to firefranc. firefranc got a default route to icemark. The result is, that firefranc can access icemark and vice versa, and icemark can access the Internet and vice versa. But I can't get firefranc to get through to the Internet (also giving icemark as the gateway for firefranc's default route didn't help). I am not too knowledgable in IP routing, so I guess the mistake a made is probably pretty stupid - nevertheless, I'd like to know what's wrong and how to fix it... Any ideas? Benedikt signoff --- Benedikt Eric Heinen - Muehlemattstrasse 53 - CH3007 Bern - SWITZERLAND email: [EMAIL PROTECTED]
Re: routing setup question
Benedikt Eric Heinen wrote: Hi there, I've got a problem setting up routing for two linux boxes connected to the Internet. The setup used to be like this: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc ppp0193.135.252.75 193.135.252.47 eth0192.168.101.1 192.168.101.2 My systems are connected to each other using a fast ethernet link (3com 3c905TX cards), one of the two systems (icemark) is connected to the Internet via a ppp link. In that setup, firefranc can't access the Internet itself, but only by using proxy services on icemark. The new setup should look like: ISP My systems lisa.thenet.ch icemark.thenet.ch firefranc.thenet.ch --- ppp0 --- --- eth0 --- 193.135.252.75 193.135.252.47 193.135.252.179 The firefranc should get a full link onto the Internet, but how do I have to set up the routing to make this work? I tried binding both ppp0 eth0 on icemark to the same IP address and setting icemark's default route to lisa and setting a host route to firefranc. firefranc got a default route to icemark. The result is, that firefranc can access icemark and vice versa, and icemark can access the Internet and vice versa. But I can't get firefranc to get through to the Internet (also giving icemark as the gateway for firefranc's default route didn't help). I am not too knowledgable in IP routing, so I guess the mistake a made is probably pretty stupid - nevertheless, I'd like to know what's wrong and how to fix it... Well, from the looks of thenet.ch's DNS zone info, you don't own a subnet, but rather just a single IP address. The reason you can't get anything from the internet back to firefranc is that thenet.ch's router isn't routing anything to you but packets destined for 193.135.252.47. If you wan't to have more than one host on your end on the net without using a proxy or IP masquerading, you'll have to negotiate with your ISP to get a subnet. I suggest you check out the IP masquerading HOWTO or take a look at SOCKS. -- Jens B. Jorgensen [EMAIL PROTECTED]
