gateway setup
in [Linux Networking]
|
Prev: ntp problems
Next: TSO in TCPv4
From: Joshua Whalen on 22 Apr 2010 13:33 Hi, ya'll. I'm setting up a linux gateway (debian, lenny) on an old dell for a household network here in Brooklyn. I've got four nic's, addressed 192.168.1.2 through 192.168.4.1, and at this stage of the game, all the devices (laptops, etc...) on all the lines can see each other and the host, but not the router, at 192.168.1.1, which is a verizon westell gizmo. From my laptop, at 192.168.2.3, I can ssh into the host at either 192.168.1.2 or 192.168.2.1, and all works dandy. I can ping myslef, and I can ping to assorted address on the internet. However, I can neither ping nor traceroute from my laptop to the internet, or the router. I can ping 192.168.1.2 just fine. Now, to get this far, I did the following: Default install of Debian, Lenny, with all packages except for laptop. After logging in and suing to root, I did the following: ifconfig eth0 192.168.1.2 netmask 255.255.255.0 ifconfig eth1 192.168.2.1 netmask 255.255.255.0 and so on for each of the four nic's. then I did this: route add default gw 192.168.1.1 and then: echo "1" > /proc/sys/net/ipv4/ip_forward And that leaves me where I am. Now, I used to know how to do this quite well a decade ago, but I've been doing other things with my life the past decade. I'm just jumping back in now. What I need this gate way to do is provide access for a dozen to 2 dozen users, and allow all packets to cross the network any which way they like. Firewalling can come later, just getting access for our machines and especially our sip-based VOIP is what's important right now. Any help? TIA! Joshua -- Your processes can run, but they can't hide.
From: klaus zerwes on 22 Apr 2010 14:33 On 04/22/2010 07:33 PM, Joshua Whalen wrote: > Hi, ya'll. > > I'm setting up a linux gateway (debian, lenny) on an old dell for a > household network here in Brooklyn. I've got four nic's, addressed > 192.168.1.2 through 192.168.4.1, and at this stage of the game, all the > devices (laptops, etc...) on all the lines can see each other and the > host, but not the router, at 192.168.1.1, which is a verizon westell > gizmo. If I understand that clearly: WAN - router - gateway <- 3 other NICs 192.168.[2-4].1/24 In short: the router needs to nou the routes too! route to 192.168.[2-4].0/24 via gw 192.168.1.2 [...] > > TIA! > > Joshua Hope this helps. Klaus -- Klaus Zerwes http://www.zero-sys.net
From: David Schwartz on 22 Apr 2010 17:11 On Apr 22, 10:24 am, Joshua Whalen <joshuafwha...(a)gmail.com> wrote: > What I need this gate way to do is provide access for a dozen to 2 dozen > users, and allow all packets to cross the network any which way they > like. Firewalling can come later, just getting access for our machines > and especially our sip-based VOIP is what's important right now. Why are you using a router and a gateway? That will make your setup much more complex and much less reliable. If possible, change the configuration so that the verizon/westell gizmo is just a router/ bridge and the Linux machine is the gateway/NAT proxy. The first problem is that your router has no idea what to do with packets addressed to, say, 192.168.4.3 -- since it has no route to that destination, it sends them along its default route, which goes the wrong way. However, even if you add those routes to the router, it still won't work. Why? Because the rest of the world has no idea that packets bound for 192.168.4.3 need to go to your gateway and the router will only NAT for IPs in the subnet it's serving. One solution is double-NAT. Here, the Linux box NATs connections from 192.168.4.3 to 192.168.1.2, which your router will NAT to your public address. But getting SIP to work through double-NAT is not fun. DS
From: Joshua Whalen on 22 Apr 2010 21:15 The westell/verizon router is configured with a dhcp-assigned address on the telco side, a static ip address of 192.168.1.1 on the user side. I'm doing it this way so that I can share out the connection with about 2 dozen users without overloading the crappy little soho router (linksys) that was in use before. I should mention, that with the dsl router config'd as current, my apple airport extreme (b/g model) has no trouble resolving addresses or forwarding SIP packets. My phone is working great! It's just working only for me. The airport is configured to distribute a range of addresses via dhcp, and has nat disabled. I'd be happy with a similar config on the linux box. are you saying this can't be done? Why not? I would think a full-blown unix os would eat my little airport for breakfast on this task. ??? Thanks none the less for the response. Joshua In article <845e60da-2bfa-419a-b6b6-e004633ea367(a)f13g2000pra.googlegroups.com>, David Schwartz <davids(a)webmaster.com> wrote: > On Apr 22, 10:24�am, Joshua Whalen <joshuafwha...(a)gmail.com> wrote: > > > What I need this gate way to do is provide access for a dozen to 2 dozen > > users, and allow all packets to cross the network any which way they > > like. Firewalling can come later, just getting access for our machines > > and especially our sip-based VOIP is what's important right now. > > Why are you using a router and a gateway? That will make your setup > much more complex and much less reliable. If possible, change the > configuration so that the verizon/westell gizmo is just a router/ > bridge and the Linux machine is the gateway/NAT proxy. > > The first problem is that your router has no idea what to do with > packets addressed to, say, 192.168.4.3 -- since it has no route to > that destination, it sends them along its default route, which goes > the wrong way. > > However, even if you add those routes to the router, it still won't > work. Why? Because the rest of the world has no idea that packets > bound for 192.168.4.3 need to go to your gateway and the router will > only NAT for IPs in the subnet it's serving. > > One solution is double-NAT. Here, the Linux box NATs connections from > 192.168.4.3 to 192.168.1.2, which your router will NAT to your public > address. But getting SIP to work through double-NAT is not fun. > > DS -- Your processes can run, but they can't hide.
From: Joshua Whalen on 22 Apr 2010 21:23
In article <hqq4p5$e5s$03$1(a)news.t-online.com>, klaus zerwes <kzerwes(a)web.de> wrote: > On 04/22/2010 07:33 PM, Joshua Whalen wrote: > > Hi, ya'll. > > > > I'm setting up a linux gateway (debian, lenny) on an old dell for a > > household network here in Brooklyn. I've got four nic's, addressed > > 192.168.1.2 through 192.168.4.1, and at this stage of the game, all the > > devices (laptops, etc...) on all the lines can see each other and the > > host, but not the router, at 192.168.1.1, which is a verizon westell > > gizmo. > > If I understand that clearly: > > WAN - router - gateway <- 3 other NICs 192.168.[2-4].1/24 > > In short: the router needs to nou the routes too! > route to 192.168.[2-4].0/24 via gw 192.168.1.2 > > [...] > > > > > TIA! > > > > Joshua > > > Hope this helps. > > Klaus Hmmmm.... Makes sense. Let me see if that works. Thanks so much for the help, this sounds like it will solve the problem. Joshua -- Your processes can run, but they can't hide. |