Linux box with eth0 to cable modem and eth1 to Windows box
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux box with eth0 to cable modem and eth1 to Windows box
After two days of searching the net, this forum, man pages and the few people I know who could possibly help me, I'm here to lie prostrate at the mercy of those who frequent this forum. Here's my situation:
Distro: Mepis (Debian based)
I have a linux box with NICs, eth0 and eth1.
eth0 is connected to my cable modem and comes up fine. I get to the net with no problem, which is how I am able to post to this forum, as I speak (type) this.
On boot, eth1 doesn't come up automatically (don't know if it should), but if I bring it up manually, it seems to work fine, so I'm trying to configure it to connect to my Windows machine.
I am not clever enough to get the routing set up correctly so that I can use my Windows machine via a route through the linux machine. I have gotten so far as to be able to ping all over the place, but it's been with all manually assigned addresses, and I know that DNS isn't getting set up right on the Windows machine either. And furthermore, I've not gotten the routing working well enough that I can do any more than the pings.
So--Here is what I'm hoping to do:
My eth0 gets an address via DHCP from my ISP (charter.net) with no problem. I would like to get things working so that eth0 continues to come up as it does, that eth1 then gets an address from my local linux box, and that my Windows machine also gets an address from the linux box, and then the Windows machine should be able to have internet access again and I can start my migration away from it.
Here is what I have so far, but be gentle with me. I know that things are screwed up, but I will point out what I know is working correctly. Then you can commence to point out what I did wrong:
Note: eth0 comes up automatically and seems to be fine. The ISP assigns the address via DHCP...
The eth0:1 is an interface that I added, thinking that I would need it for traffic to get from eth1 to eth0. I added the interface on eth1 as well (192... etc.) Doing the routing is where I get messed up ( see below):
Code:
root@0[/]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.254 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
68.119.0.0 * 255.255.254.0 U 0 0 0 eth0
default 68-119-0-1.wa.c 0.0.0.0 UG 0 0 0 eth0
The last two lines came up automatically when eth0 came up. I believe that the second line appeared automatically when I added eth0:1, but I could be wrong. I might have added it ... The crux of my problem is that although I understand basically what has to happen in the routing theory, I'm not getting it to work in practice. I think that understanding the nomenclature of "netstat -r", and some of the finer details will come with help from this forum.
As an aside, believe it or not, I was a level 3 tech support person for two years with a big networking company, but it was several years ago and I've simply been purging my brain of the whole experience ever since. Unfortunately, I have overpurged and can't seem to do even the simplest of networking tasks now. Help!
Will be watching closely for a reply. Thank you.
--Jeff
OK, you don't need that eth0:1 setup - I would get rid of it altogether as it might complicate things. For the bootup problem, check your /etc/network/interfaces file and make sure eth1 is listed on the 'auto' line (ie: auto lo eth0 eth1).
Next, make sure you have IP forwarding enabled ("cat /proc/sys/net/ipv4/ip_forward" should print 1... if it doesn't, add "ip_forward=yes" to your /etc/network/options file, then reboot or do "echo 1 > /proc/sys/net/ipv4/ip_forward" for immediate results).
Next you need to setup your DHCP server, but I would skip this step and manually configure the windows machine to test the connection - once the basics are working, you can worry about dynamic configuration. Set your Windows box to IP 192.168.1.200, using a gateway of 192.168.1.10 (also add your DNS servers) and see if everything works as expected. With this straightforward config, you should have no trouble accessing the net.
If this works, your next priority should be a basic firewall script - check google, as there are much better people than me to get this from.
Once all this is done, you can look into configuring dhcpd to assign the IP configuration to your local network. The docs and examples are very useful and easy to understand, and you should be able to edit a single config file to make this work.
I got rid of the eth0:1 as you suggest. But how does traffic on the 192 network get to the default gateway that is setup automatically on eth0? Excuse my lame questions.
IP forwarding wasn't on. I turned that on. I think that's a biggy that I just didn't have in my head anymore. My /etc/network/interfaces looks like this (is this generated automatically, because it looks a lot like the numbers I pulled out of my ear when I started this?):
Code:
# /etc/network/interfaces -- configuration file for if
up(8), ifdown(8)
auto lo
iface lo inet loopback
# DO NOT EDIT BELOW THIS LINE
auto eth0
iface eth0 inet dhcp
address 192.168.0.10
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
#wireless_essid any
#wireless_mode Managed
#wireless_freq 0
#wireless_nwid none
#wireless_key off
auto eth1
iface eth1 inet dhcp
address 192.168.0.15
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
#wireless_essid any
#wireless_mode Managed
#wireless_freq 0
#wireless_nwid none
#wireless_key off
#auto ath0
iface ath0 inet dhcp
address 192.168.0.15
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
#wireless_essid any
#wireless_mode Managed
#wireless_freq 0
#wireless_nwid none
#wireless_key off
#auto wlan0
iface wlan0 inet dhcp
address 192.168.0.15
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
#wireless_essid any
#wireless_mode Managed
#wireless_freq 0
#wireless_nwid none
#wireless_key off
# DO NOT EDIT ABOVE THIS LINE
Oh, and Mepis automatically set up Guarddog, and it seems to be doing a fine job as a firewall.
I will work with the info that you provided, but if you can address the above, that will be another step in the right direction. Especially the DHCP issue(s) because I'd like to get this box set up so that I don't have to mess with addresses. Even though I just have one machine right now, I plan to add a few more around the house as I get more Linux involved. Thanks for the help so far!
But how does traffic on the 192 network get to the default gateway that is setup automatically on eth0? Excuse my lame questions.
Your windows machine generates a packet for (say) 202.202.202.202. It doesn't know where to send it, so it sends it to it's default gateway - your linux box. The linux box doesn't know where to send it either, so it sends it to its own default gateway (the machine at your ISP). Once you get to this point, it doesn't matter anymore - your packet is on the internet and someone else's problem
As for eth1 and dhcp, just install dhcpd (if it's not already installed) and follow the directions. If you don't have man pages for dhcpd.conf, look here http://www.zevils.com/cgi-bin/man/man2html?dhcpd.conf+5. Oh, also you don't want eth1 to actually BE dhcp - you have to give it an IP, but that's not a big deal, and it will only be the one time. It's best to have your server or router on a static IP anyway.
Re: Linux box with eth0 to cable modem and eth1 to Windows box
Quote:
Originally posted by videojeff root@0[/]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:A0:CC:32:C5:48
inet addr:68.119.0.72 Bcast:255.255.255.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
...
root@0[/]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.254 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
68.119.0.0 * 255.255.254.0 U 0 0 0 eth0
default 68-119-0-1.wa.c 0.0.0.0 UG 0 0 0 eth0
...
so eth0 gets an IP address from your ISP, it should not have a 192.168.1.xxx address also, looks like you were in some sort of configuration tool and added that in, judging by your /etc/network/interfaces file. Go back in there and make sure there are no 192.168.1.xxx IP addresses tied to eth0 and only one tied to eth1. That should take the 192.168.1.0 * 255.255.255.254 U 0 0 0 eth0
line out of your route table. Packets wont get back to the other box if Linux thinks it can dump them out on eth0. I'm not sure what you have that is supposed to be 'ath0' and 'wlan0' but those also need to not have a 192.168.1.xxx IP address, if they are other interfaces that you want to talk to each other they need different subnets such as 192.168.2.xxx and 192.168.3.xxx. also, if you don't know what DNS to use on the other machine just type as root, 'cat /etc/resolv.conf' when The Internet is working and use those addresses for DNS servers on the other machine for now.
Wow-- Thanks to Cromagnon and Darin for your input so far. This problem just keeps getting deeper. I'm not sure just where to comment next.
Well, I did set things up as you suggested, CroMagnon, and although I can get to where I am pinging everywhere just fine, my Windows machine still can't get anywhere. I'm not sure just where it's falling down.
Darin: I believe that those lines from /etc/network/interfaces were indeed created by the Mepis System Center (?) application. It doesn't seem to be helping me out much. Anyway, I've stopped using it and made my own changes to /etc/network/interfaces. It should just be trying to bring up eth0, then later eth1. When I boot, eth0 does come up properly, but see below for my problems on eth1.
I do see that when it's booting, it gives me a message along the lines of "DHCP failed to start". I also got to playing with ifup (I think it was), and tracing through the scripts that it calls (I'm a bit new to this, but have extensive experience with MS-DOS batch files, so I'm learning quickly), and see that "pump -i eth1" fails as well. I don't know if those are related failure messages. I'm not yet real clear on where to find what error messages are logged where. And the errors that I see on the bootup are often very cryptic for me at this point.
So here is where I'm at:
IP_forward = 1
Had to bring up eth1 manually, but seemed to come 'up' without a problem. See below:
From the windows machine, I can ping 192.168.0.10, but can't ping 68.119.0.1 nor nor even .72, so pings aren't getting off eth1.
Any ideas why not?
You don't know how badly I want to get away from windows. I hate admitting it, but one thing about windows is that you really don't have to know much about what you're doing to get things up and running. I have attempted to move to Linux several times in the past, and always run into a problem like this and I cave in and go back to Windows. I'm close to doing that again, but this time I've invested quite a bit of time into it. If I can get connected with my two machines both having connectivity to the internet, and I can start moving my files over, I will start making every attempt to do my work on Linux when possible, and just switch back to Windows if I have to, until I can get weaned off completely.
Switching from Windows to Linux is like knowing full well that the drug you're on is killing you, but having to shoot up again anyway just to avoid the pain of withdrawal ...
--Jeff
P.S. As an aside, I'm using Mozilla, and I find it a bit disconcerting that every time I hit "Submit Reply" on my postings to this forum, Mozilla unceremoniously DISAPPEARS. On my previous posts, I was happy to find that when I logged back in, my post did make it in, but it's not giving me warm fuzzies. Anyone heard of that happening?
Did you setup IP fowarding?
echo 1 > /proc/sys/net/ipv4/ip_forward
Did you set the gateway on the windows box to 192.168.1.10
Are you using DHCP or a static IP address on the windows box?
If using a static IP address be sure to add the DNS IP address in the windows box the same as the /etc/resolv.conf on the linux box.
And are you running any type of firewall on the linux box? If so be sure to allow traffic from eth1
Originally posted by michaelk
Did you setup IP fowarding?
echo 1 > /proc/sys/net/ipv4/ip_forward
Yes
Quote:
Did you set the gateway on the windows box to 192.168.1.10
Yes
Quote:
Are you using DHCP or a static IP address on the windows box?
Just static addresses until I can get it to even limp out to the internet. Then I'll try to tackle DHCP.
Quote:
If using a static IP address be sure to add the DNS IP address in the windows box the same as the /etc/resolv.conf on the linux box.
Did that.
Quote:
And are you running any type of firewall on the linux box? If so be sure to allow traffic from eth1
As for DHCP, one thing that I noticed as I was booting this morning, is that it does hang up for a bit where it says "Configuring network interfaces", and I'm sure that is where it is failing with the "pump -i eth1". Then I see that later in the bootup, it says "Starting DHCP-- failed". I've got a strong suspicion that this is my whole problem. Maybe someone can comment on this theory: The bootup doesn't start a local DHCP server until later. But when it's trying to bring up interfaces, it hasn't brought up a local DHCP server yet, so the requests go to my ISP, who doesn't allow that (?) because I'm only paying for one connection-- Then when DHCP tries to come up...well, that's where I'm stuck right now. I think I need to dig into the dhcpd.conf file more. Haven't touched that at all. Mostly because I don't understand how that relates to pump. Does pump use dhcpd.conf?
I have a similar setup and i do have a dns/dhcp server running. <-- this simplifies things
slackware has an exelent small dns/dhcp server that will make your life better when setting that up ill post it later when i get home and can look at it.
Getting back to your issue.
1. setup dhcp for your eth0
do not setup dhcp for your eth1
use 192.168.0.1 for eth1
Code:
root@computername# ifconfig eth1 192.168.0.1 netmask 255.255.255.0 up
then go to windows and set the ip for 192.168.0.2 and the netmask to 255.255.255.0 dont worry about the stupid gateway for now considering you need to get local crap working first.
ping the linux box 192.168.0.1 from windows command line
Code:
C:/supiddirecotry>ping 192.168.0.1
if thats working then communications is working
then go back to linux and get a firewall/routeing script
there is one called firegate that is ultra ez to get working and understand <-- im stupid about iptables and even i could get this working here
after you run the script it will setup everything as far as nat goes to route packets properly.
then go back to windows and add 192.168.0.1 to the gateway and for now your isps dns servers <-- untill you get a dns/dhcp server but honestly if this computer is gonna be the only one connected to the server then in reality this would be over complicating it.
Originally posted by exvor
what Distro are you using ?
Mepis (Debian based--see previous posts)
Quote:
...then go to windows and set the ip for 192.168.0.2 and the netmask to 255.255.255.0 dont worry about the stupid gateway for now considering you need to get local crap working first. <snip>
if thats working then communications is working
That's the thing (see previous posts)--I'm getting through in the 192 network just fine.
Quote:
then go back to linux and get a firewall/routeing script
I have a good firewall working, and in fact I've taken it up and down at times to see if that is causing part of the problem, but doesn't seem to be the cause of the interferrence.
Quote:
...if this computer is gonna be the only one connected to the server then in reality this would be over complicating it.
I agree. But I hope to have a number of computers on this network in the near future. I'd be happy to get it set up with static entries right now, but would like to have it automated, ultimately.
This is something dumb that we do in testing and is not reccomended as a permenant fix, but to take the firewall out of the equation (iptables is the firewall, things like firegate are just interfaces for iptables) type as root, 'iptables --flush' which clears all firewall rules then see if it works. If so then all you need is a good IPTables script, or maybe find the one your distro is running and see if it can be fixed. The script might have variables set at the top for INTERNAL and EXTERNAL and you can set internal to eth1 and external to eth0, if not then you will need iptables expertise beyond mine
Another thing that occurs to me is that you might need to enable masquerading. I have been thinking of your cable modem as a router (like most external DSL routers) that handle NAT, but a cable modem might not be such a beast (cable is not an option where I am, so I've never even seen a cable modem... I'm sure there are both types)
I'm also a bit confused about the fact that you said you can ping everything - if you can ping a webserver successfully, you should be able to get a web page from it too. What have you been able to ping?
The best tests are these (on the windows machine):
ping www.yahoo.com - does it resolve to an IP, and if so does it reply?
If it doesn't resolve, can you ping 66.94.230.49 successfully?
CroMagnon: Sorry about my unclear statement about pinging everywhere. What I mean is this:
On the linux box, I can ping anything, anywhere. I can ping www.yahoo.com, I can ping the gateways, I can ping the interfaces. I can ping the windows box.
On the windows box, it can ping itself, of course (192.168.1.200) and can ping to eth1 (192.168.1.10) on the linux box, but can't ping anything else. I www.yahoo.com doesn't resolve and using the ip address directly doesn't work either.
I have to admit, I hadn't thought about the possibility that my firewall wasn't actually completely out of the picture when I was shutting down guarddog. I would occassionally shut it down completely for just a few seconds to pop back over to the windows box to see if the firewall was part of the problem. I did find, however, that there were occassions when shutting down guarddog DID help me get a ping to eth1, so that would lead me to adjusting some firewall settings. But nothing that I've done has gotten me to be able to ping to eth0, which has 68.119.0.72 (assigned via DHCP by the ISP). So I generally don't drop the firewall unless I'm feeling like I have done all I can with configuring, and think that it should work by now, so I'll drop the firewall and give it another ping, but it has rarely made a difference.
My brother and I were doing some long distance (me living in Washington NOT D.C. and him living in Virginia), and we're both wondering if some of this might be part of the problem...It's showing up in various logs with a pretty high frequency:
Having said that, I might also point out that I was playing a bit with Ethereal (having used NAI Sniffer Pro in my past life, but having forgotten much of it) and was annoyed to see tons and tons of arps, all coming from the same source, all to different destinations, in very much a sequential order. Doubt that it is related, but just as an aside, it irritates me to think that what I am seeing are people up to no good...
Darin: I will see if flushing iptables as you instructed does any good. If it does, I'll get back on immediately. If any time passes, you'll know I didn't get anywhere with it and will keep working on it and will update you when I learn more.
Try flushing the firewall rules as Darin said, but also enable masquerading. I don't have masq enabled in my kernel (don't need it), but I think the command is like this:
iptables -A PREROUTING -t NAT -j MASQUERADE
Just use this for testing - if you can then ping properly from your Windows box, shut down the interface and bring it back up with the firewall intact and check for a decent masquerading firewall script (I can't remember specifics, but you only want to allow masquerading in one direction, and discard packets that appear to be local but actually come in via eth0, etc etc)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
