Re: USB Networking troubles

2008-08-09 Thread michael cole 
I put a line in yesterday pointing out that the networks need to be
 distinctly different, but it seems to have gone again :-)

 Ah, the joys of community editing.
A pointer to this thread (specifically your description of the larger
network picture and what the USB setup needs to accomplish) would also be
useful for someone trying to sort out networking issues.

Michael


-- 
Michael Cole
[EMAIL PROTECTED]
___
support mailing list
support@lists.openmoko.org
https://lists.openmoko.org/mailman/listinfo/support

Re: USB Networking troubles

2008-08-08 Thread michael cole 
Hi Andrew,

First thanks to all for replying.

These changes worked.

The essence of the change is rather simple -- move the Freerunner to a
different network from the LAN's netwrok
1)  (in my case from 192.168.1.202 to 192.168.2.202)
2) allow the desktop machine to talk to 192.168.2.202
3) do the masquerading to the 192.168.2.* network.

So on my Freerunner /etc/network/interfaces includes:

# Ethernet/RNDIS gadget (g_ether)
# ... or on host side, usbnet and random hwaddr
auto usb0
iface usb0 inet static
address 192.168.2.202
netmask 255.255.255.0
network 192.168.2.0
gateway 192.168.2.200
# orig:
#   up echo nameserver 192.168.0.200 /etc/resolv.conf
# using home (nimiq.net)
up echo nameserver 207.235.125.4 /etc/resolv.conf

on the desktop  /etc/network/interfaces includes:
allow-hotplug usb0
iface usb0 inet static
address 192.168.2.200
netmask 255.255.255.192
post-up iptables -A POSTROUTING -t nat -j MASQUERADE -s 192.168.2.192/26
post-up echo 1  /proc/sys/net/ipv4/ip_forward
post-up iptables -P FORWARD ACCEPT
pre-down iptables -D POSTROUTING -t nat -j MASQUERADE -s
192.168.2.192/26

The page at Openmoko on USB Networking should be updated to make clear
the selection of the network for the desktop-freerunner connection
should be different than the rest of the LAN.

Thanks again to everyone.

Michael

Is this a typo on the page @ Openmoko

On Thu, Aug 7, 2008 at 6:39 PM, Andrew C. Dingman
[EMAIL PROTECTED] wrote:
 This is posted with the hope someone can look at the current state of
 my Freerunner connection to the desktop and just see something that is
 not right. I am sure the answer is simple and am reluctant to ask the
 community for non-FR help but perhaps others are struggling with
 similar network issues in getting their FR hooked up to the Internet.

 My basic setup:
 router - 192.168.1.1
 desktop - 192.168.1.200
 freerunner - 192.168.1.202

 You mean it looks something like this:

 192.168.1.1 192.168.1.200  192.168.1.202
 routerswitch---desktop--freerunner
 /
/
   other_stuff
   192.168.1.x

 and everything on the left has a netmask of 255.255.255.0?

 If that's so forget about the FreeRunner talking to anything but the
 desktop. In fact, be suprised and grateful if it's doing that much. The
 routing table you gave is horrible and it will stop working if you
 re-start the non-usb network interface on your machine. You need
 different subnets on the two desktop NICs to have any hope. The only
 possible way around this fact is to use ethernet bridging instead of
 routing on the desktop, and that's such an ugly hack that I refuse to
 work up directions for configuring it. I've never seen it done on a
 network that worked right.

 Your desktop needs to act as a ROUTER for the FreeRunner. A router by
 definition is connected to two or more *different* networks. From the
 perspective of the stuff on the left, the 192.168.1.192/26 subnet the
 FreeRunner is on is not a different network - it's a few addresses on
 the same network. (This is what netmasks are about. Basically, they tell
 the computer how big the neighborhood is.) Which means they aren't
 sending packets for the FreeRunner through the desktop, they're just
 ARPing and expecting the FreeRunner to respond, but since it's on a
 different network, it can't hear the ARPs. Packets from the FreeRunner
 probably do reach their destinations, but the reply packets don't come
 back, which means you don't get a ping response and can't establish any
 kind of connection.

 The easiest way to fix this is probably to use your half-working setup
 to SSH into the FreeRunner and reconfigure it to use, say,
 192.168.2.202, then do the same with the desktop side of the USB
 ethernet connection. Then kill the iptables rules in your nat table
 POSTROUTING chain. You can either:

 1) Leave them gone and put a static route to 192.168.2.192/26 in your
 router, specifying your desktop's 192.168.1.x address as the gateway

 OR (exclusive, do not do both of these things)

 2) specify on the desktop an iptables rule to NAT all packets coming
 from the USB network - something like 'iptables -t nat -A POSTROUTING -s
 192.168.2.192/26 -j MASQUERADE'.

 Whichever you choose, you'll need the FORWARD chain in the filter table
 in its current permissive state. You'll also want to double-check that
 sysctl net.ipv4.ip_forward=1. The simplest way to check this is
 'cat /proc/sys/net/ipv4/ip_forward'.

 Hope that helps.



 ___
 support mailing list
 support@lists.openmoko.org
 https://lists.openmoko.org/mailman/listinfo/support




-- 
Michael Cole
[EMAIL PROTECTED]

___
support mailing list
support@lists.openmoko.org
https://lists.openmoko.org/mailman/listinfo/support

Re: USB Networking troubles

2008-08-07 Thread michael cole 
 forever preferred_lft forever
+ ip neigh show
192.168.1.113 dev eth0 lladdr 00:69:00:8c:01:f0 REACHABLE
192.168.1.202 dev usb0 lladdr b2:77:ed:3f:40:a5 STALE
192.168.1.100 dev eth0 lladdr 04:4b:80:80:80:03 REACHABLE
+ iptables -t filter -nvL
Chain INPUT (policy ACCEPT 59694 packets, 14M bytes)
 pkts bytes target prot opt in out source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 41335 packets, 4981K bytes)
 pkts bytes target prot opt in out source
destination
+ iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 6314 packets, 2353K bytes)
 pkts bytes target prot opt in out source
destination

Chain POSTROUTING (policy ACCEPT 217 packets, 9934 bytes)
 pkts bytes target prot opt in out source
destination
 1321 89558 MASQUERADE  all  --  *  *   192.168.1.0/24
0.0.0.0/0
0 0 MASQUERADE  all  --  *  *   192.168.1.192/26
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1534 packets, 98872 bytes)
 pkts bytes target prot opt in out source
destination
+ iptables -t mangle -nvL
WARNING: Failed to open config file /etc/modprobe.d/alsa-base: No such
file or directory
FATAL: Module ip_tables not found.
iptables v1.4.0: can't initialize iptables table `mangle': Table does
not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ cat /etc/resolv.conf
search nimiq
nameserver 207.235.125.4
nameserver 207.235.125.5
= end =

and tcp dump while pinging the router (192.168.1.1) from the FR:

=== tcpdump output ==
# tcpdump -i usb0 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on usb0, link-type EN10MB (Ethernet), capture size 96 bytes

# tcpdump -i eth0 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

= end tcpdump output 


Thanks for your help.

Michael



On Thu, Aug 7, 2008 at 5:54 PM, Timo Juhani Lindfors
[EMAIL PROTECTED] wrote:
 michael cole [EMAIL PROTECTED] writes:
 This is not a Freerunner issue -- I am able to ssh into FR using UBS
 networking but I simply cannot get the Freerunner to ping anything
 other than the desktop it is connected to. The issue almost certainly
 has something to do with the iptables/nat  setup on the desktop
 computer.

 Can you run

 http://iki.fi/lindi/print-net-settings

 on your desktop system and report the output? It should print all
 relevant network information.

 Also,

 desktop$ sudo tcpdump -i usb0 -n icmp
 desktop$ sudo tcpdump -i eth0 -n icmp

 while running

 freerunner$ ping 192.168.1.1

 could be useful. What does tcpdump print in that case?

 ___
 support mailing list
 support@lists.openmoko.org
 https://lists.openmoko.org/mailman/listinfo/support




-- 
Michael Cole
[EMAIL PROTECTED]

___
support mailing list
support@lists.openmoko.org
https://lists.openmoko.org/mailman/listinfo/support