redhat FC8 routing problem
in [Linux Networking]
|
Prev: Anybody got a working wireless wpa interfaces file?
Next: resolv.conf, bind9 and unresolvable local address
From: Matthew Shelton on 1 Feb 2008 12:30 Hi all, I've been researching the group for an answer, but haven't found the same problem replicated. Here is what I want to accomplish ________________________ |Linksys WCG200 | | modem/router | | WAN:<private> |---------------| | LAN: 192.168.1.1/24 | | |_______________________| 192.168.1.0/24 | | | | | | | ________|________________ | |WinXP | | | desktop | | | eth0:192.168.1.20/24 | | | eth1:<disabled> | | |_______________________| | | | | 192.168.1.0/24 | | | ________________________ |Redhat FC8 | | router | | eth0:192.168.1.2/24 | | gw: 192.168.1.1/24 | | eth1:192.168.2.1/24 | |_______________________| | | | 192.168.2.0/24 | | | ________________________ |win xp | |laptop | | eth0:192.168.2.20/24 | | gw: 192.168.2.1/24 | | eth1:<wireless> | |_______disabled________| so from the desktop (192.168.1.20), everything works. I can ping the modem/router, both interfaces on the FC8 box, and the laptop, get to internet, etc. The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0, and get to internet. But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet, (with plain ip address). [root(a)linuxbox init.d]# cat /proc/sys/net/ipv4/ip_forward 1 [root(a)linuxbox init.d]# route -nv Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 [root(a)linuxbox init.d]# iptables -L -v Chain INPUT (policy ACCEPT 3836 packets, 559K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 528 packets, 73808 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4494 packets, 552K bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (0 references) pkts bytes target prot opt in out source destination [root(a)linuxbox init.d]# /etc/resolv.conf nameserver 68.87.75.194 naeserver 68.87.64.146 /etc/hosts 127.0.0.1 localhost.localdomain linuxbox localhost ::1 localhost6.localdomain localhost6 192.168.1.2 linuxbox.localdomain linuxbox linuxbox-eth0 192.168.2.1 linuxbox-eth1 /etc/sysconfig/network NETWORKING=yes HOSTNAME=linuxbox.localdomain FORWARD_IPV4=YES ifcfg-eth0 device=eth0 bootproto=none hwaddr..... onboot=yes type=ethernet nm_controlled=no userctl=no peerdns=yes netmask= 255.255.255.0 ipaddr=192.168.1.2 gateway=192.168.1.1 gatewaydev=eth0 ifcfg-eth1 same as above... hwaddr....... device=eth1 ipaddr=192.168.2.1 gateway=192.168.1.1 the routing table for the laptop is dest mask gw iface metric 0 0 192.168.2.1 192.168.2.20 30 127.0.0.0 /8 127.0.0.1 same 1 192.168.1.0 /24 192.168.2.1 192.168.2.20 30 192.168.2.0 /24 192.168.2.20 192.168.2.20 30 192.168.2.20 /32 127.0.0.1 127.0.0.1 30 192.168.2.255 /32 192.168.2.20 192.168.2.20 30 224.0.0.0 240.0.0.0 192.168.2.20 192.168.2.20 30 255.255.255.255 /32 192.168.2.20 192.168.2.20 1 default: 192.168.2.1 I thought about a caching dns/proxy, but there has to be an easier fix. any help would be greatly appreciated. Again, the problem is a host on 192.168.2.0 cannot see internet. Thanks again.
From: Philippe.Weill on 1 Feb 2008 00:46 Matthew Shelton wrote: > Hi all, > > I've been researching the group for an answer, but haven't found the > same problem replicated. > > Here is what I want to accomplish > > ________________________ > |Linksys WCG200 | > | modem/router | > | WAN:<private> |---------------| > | LAN: 192.168.1.1/24 | | > |_______________________| 192.168.1.0/24 > | | > | | > | | > | ________|________________ > | |WinXP | > | | desktop | > | | eth0:192.168.1.20/24 | > | | eth1:<disabled> | > | |_______________________| > | > | > | > | > 192.168.1.0/24 > | > | > | > ________________________ > |Redhat FC8 | > | router | > | eth0:192.168.1.2/24 | > | gw: 192.168.1.1/24 | > | eth1:192.168.2.1/24 | > |_______________________| > | > | > | > 192.168.2.0/24 > | > | > | > ________________________ > |win xp | > |laptop | > | eth0:192.168.2.20/24 | > | gw: 192.168.2.1/24 | > | eth1:<wireless> | > |_______disabled________| > > > so from the desktop (192.168.1.20), everything works. I can ping the > modem/router, both interfaces on the FC8 box, and the laptop, get to > internet, etc. > > The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0, > and get to internet. > > But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet, > (with plain ip address). In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet if the linksys can't it's must be do by the FC8
From: Pascal Hambourg on 1 Feb 2008 04:40 Hello, Philippe.Weill(a)aero.jussieu.fr a �crit : > Matthew Shelton wrote: > >> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to >> internet, (with plain ip address). > > In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet And have a proper route to this subnet, via gateway 192.168.1.2. > if the linksys can't it's must be do by the FC8 Right.
From: Matthew Shelton on 1 Feb 2008 08:09 Philippe.Weill(a)aero.jussieu.fr wrote: > Matthew Shelton wrote: >> Hi all, >> >> I've been researching the group for an answer, but haven't found the >> same problem replicated. >> >> Here is what I want to accomplish >> >> ________________________ >> |Linksys WCG200 | >> | modem/router | >> | WAN:<private> |---------------| >> | LAN: 192.168.1.1/24 | | >> |_______________________| 192.168.1.0/24 >> | | >> | | >> | | >> | ________|________________ >> | |WinXP | >> | | desktop | >> | | eth0:192.168.1.20/24 | >> | | eth1:<disabled> | >> | |_______________________| >> | >> | >> | >> | >> 192.168.1.0/24 >> | >> | >> | >> ________________________ >> |Redhat FC8 | >> | router | >> | eth0:192.168.1.2/24 | >> | gw: 192.168.1.1/24 | >> | eth1:192.168.2.1/24 | >> |_______________________| >> | >> | >> | >> 192.168.2.0/24 >> | >> | >> | >> ________________________ >> |win xp | >> |laptop | >> | eth0:192.168.2.20/24 | >> | gw: 192.168.2.1/24 | >> | eth1:<wireless> | >> |_______disabled________| >> >> >> so from the desktop (192.168.1.20), everything works. I can ping the >> modem/router, both interfaces on the FC8 box, and the laptop, get to >> internet, etc. >> >> The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0, >> and get to internet. >> >> But 192.168.2.20 CANNOT process dns queries, and CANNOT get to >> internet, (with plain ip address). > > > In your setup , the Linksys must doing NAT also for 192.168.2.0/24 subnet > if the linksys can't it's must be do by the FC8 > > Thanks for the reply... Can you be a little more specific on how to NAT the addresses? Are you suggesting that I map the 192.168.2.0 addresses to 192.168.1.0...and then the linksys router would NAT again, as if they were on the same subnet? Or something different? I suppose I could install a proxy on the FC8 box, and squid would take care organizing the connections, they would be coming out of the 192.168.1.0 network (which has never had any issues). And the linksys router would NAT them accordingly. And I'd still be able to keep separate subnets, without NATing. Anybody see any problem with that? Thanks again for the insight. As a quick aside, my real job starts on monday, and today and tomorrow are probably the last times I'll ever have to retro-fit a home networking product. Very much looking forward to getting back into the Cisco IOS.
From: Matthew Shelton on 1 Feb 2008 23:09
Matthew Shelton wrote: > Hi all, > > I've been researching the group for an answer, but haven't found the > same problem replicated. > > Here is what I want to accomplish > > ________________________ > |Linksys WCG200 | > | modem/router | > | WAN:<private> |---------------| > | LAN: 192.168.1.1/24 | | > |_______________________| 192.168.1.0/24 > | | > | | > | | > | ________|________________ > | |WinXP | > | | desktop | > | | eth0:192.168.1.20/24 | > | | eth1:<disabled> | > | |_______________________| > | > | > | > | > 192.168.1.0/24 > | > | > | > ________________________ > |Redhat FC8 | > | router | > | eth0:192.168.1.2/24 | > | gw: 192.168.1.1/24 | > | eth1:192.168.2.1/24 | > |_______________________| > | > | > | > 192.168.2.0/24 > | > | > | > ________________________ > |win xp | > |laptop | > | eth0:192.168.2.20/24 | > | gw: 192.168.2.1/24 | > | eth1:<wireless> | > |_______disabled________| > > > so from the desktop (192.168.1.20), everything works. I can ping the > modem/router, both interfaces on the FC8 box, and the laptop, get to > internet, etc. > > The FC8 box can do the same, can ping lo, both networks .2.0 and .1.0, > and get to internet. > > But 192.168.2.20 CANNOT process dns queries, and CANNOT get to internet, > (with plain ip address). > > [root(a)linuxbox init.d]# cat /proc/sys/net/ipv4/ip_forward > 1 > [root(a)linuxbox init.d]# route -nv > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > eth1 > 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 > eth0 > [root(a)linuxbox init.d]# iptables -L -v > Chain INPUT (policy ACCEPT 3836 packets, 559K bytes) > pkts bytes target prot opt in out source destination > > Chain FORWARD (policy ACCEPT 528 packets, 73808 bytes) > pkts bytes target prot opt in out source destination > > Chain OUTPUT (policy ACCEPT 4494 packets, 552K bytes) > pkts bytes target prot opt in out source destination > > Chain RH-Firewall-1-INPUT (0 references) > pkts bytes target prot opt in out source destination > [root(a)linuxbox init.d]# > > /etc/resolv.conf > nameserver 68.87.75.194 > naeserver 68.87.64.146 > > /etc/hosts > 127.0.0.1 localhost.localdomain linuxbox localhost > ::1 localhost6.localdomain localhost6 > > 192.168.1.2 linuxbox.localdomain linuxbox linuxbox-eth0 > 192.168.2.1 linuxbox-eth1 > > /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=linuxbox.localdomain > > FORWARD_IPV4=YES > > ifcfg-eth0 > device=eth0 > bootproto=none > hwaddr..... > onboot=yes > type=ethernet > nm_controlled=no > userctl=no > peerdns=yes > netmask= 255.255.255.0 > ipaddr=192.168.1.2 > gateway=192.168.1.1 > gatewaydev=eth0 > > ifcfg-eth1 > same as above... > hwaddr....... > device=eth1 > ipaddr=192.168.2.1 > gateway=192.168.1.1 > > > the routing table for the laptop is > > dest mask gw iface metric > 0 0 192.168.2.1 192.168.2.20 30 > 127.0.0.0 /8 127.0.0.1 same 1 > 192.168.1.0 /24 192.168.2.1 192.168.2.20 30 > 192.168.2.0 /24 192.168.2.20 192.168.2.20 30 > 192.168.2.20 /32 127.0.0.1 127.0.0.1 30 > 192.168.2.255 /32 192.168.2.20 192.168.2.20 30 > 224.0.0.0 240.0.0.0 192.168.2.20 192.168.2.20 30 > 255.255.255.255 /32 192.168.2.20 192.168.2.20 1 > default: 192.168.2.1 > > I thought about a caching dns/proxy, but there has to be an easier fix. > > any help would be greatly appreciated. Again, the problem is a host on > 192.168.2.0 cannot see internet. > > Thanks again. > I found from a linksys forum that this model home router will not NAT any addresses outside of the subnet directly connected to the router. So my problem is solved. Many thanks to those who replied. I suppose another solution would be to put the linux router in the DMZ port. But the ideal setup in that situation would be to have a standalone cable modem plugged into the router, and a switch (or more NICs) plugged into the inside interface. And then you could have as many subnets as you want. |