Cheers,
I've been on Windoze most of my life and am teaching myself linux, starting with MNF2.
Here's my problem...
I'm installing MNF2 on a 2 NIC P4/1.7ghz intel Compaq Evo, in this config...
Internet <-> DLink824VUP router <-> MNF2 <-> Switch <-> 3 Windoze boxes.
Once installed, I get access to MNF2 from Windoze thru https://1.2.3.4:8843 just fine.
On the MNF2 box, I can resolve/ping in both directions (to WAN and to LAN), but I CANNOT ping/resolve any addresses from Windoze thru the MNF to the Internet.
Addressing...
Rogers ISP DHCP
|
(71.x.y.z)
DLinkDI824VUP
(192.168.0.1)
|
(what should this be??)
MNF2 box
(192.168.0.10)
|
Switch
|
Windoze
I need some help trying to understand what configuration MNF2 prefers. I think that I really need advice/help on:
1. What config for eth0 and eth1 should I use in install?
2. Is the hardware setup correct?
I know I don't know much about this (yet), but I'm asking anyways.
T.
Full Version: MNF2 install problems (from a n00b) [solved]
Welcome to the board! 
First things first:
Reading through your issue it seems to me the most likely source is IP packet forwarding. Unfortunately I don't have experience with MNF2 so I'm not sure where to set the options in the GUI, but if it's like the Mandriva Control Center there should be an option for Internet Connection Sharing or at least a Firewall section with an IP forwarding option.
Sorry I can't be more detailed, I've never even seen a MNF system
If you think you could handle it, I could give you information on editing the configuration files by hand with a text editor, but Mandriva likes to overwrite those settings sometimes...
First things first:
QUOTE
(what should this be??)
MNF2 box
It should be whatever IP your router assigns to it. Technically with this setup you don't need the router, but it really shouldn't complicate matters too much as long as things inside are set up right.MNF2 box
Reading through your issue it seems to me the most likely source is IP packet forwarding. Unfortunately I don't have experience with MNF2 so I'm not sure where to set the options in the GUI, but if it's like the Mandriva Control Center there should be an option for Internet Connection Sharing or at least a Firewall section with an IP forwarding option.
Sorry I can't be more detailed, I've never even seen a MNF system
If you think you could handle it, I could give you information on editing the configuration files by hand with a text editor, but Mandriva likes to overwrite those settings sometimes...
Check if ip routing is enabled:
if it's set to zero then this will be why it's failing. Then edit /etc/sysctl.conf and make sure this line exists:
this entry might already exist, so change it from "0" to "1". Then do:
and the new setting will take effect. Then try and ping something from the Windows boxes on the internet.
CODE
cat /proc/sys/net/ipv4/ip_forward
if it's set to zero then this will be why it's failing. Then edit /etc/sysctl.conf and make sure this line exists:
CODE
net.ipv4.ip_forward = 1
this entry might already exist, so change it from "0" to "1". Then do:
CODE
sysctl -p
and the new setting will take effect. Then try and ping something from the Windows boxes on the internet.
Tyme and ianw,
I know the my questions seem very basic, but thanks very much for quick replies!
I'm in the (unenviable?) position of being an army of one (growing a consulting company).
I have no trouble learning how to edit linux config files...one step at a time...
I've used Mandrake SNF (Single network firewall) before with no trouble, and in that instance placed the SNF box right at the boundry as the gateway, and subsequent config'ing and ops ran very very smoothly. I think I should do this with MNF as well...i.e.: Rogers ISP <-> MNF <-> swtich <-> Windows boxes...
Then, examine and edit (if necessary) the entries you folks described.
I was hoping to sandbox the MNF before exposing it to the Internet, but I have a feeling that residential gateways don't play nicely with advanced appliances BEHIND them, maybe only in FRONT of them. Hence, strange addressing and routing. Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
I know the my questions seem very basic, but thanks very much for quick replies!
I'm in the (unenviable?) position of being an army of one (growing a consulting company).
I have no trouble learning how to edit linux config files...one step at a time...
I've used Mandrake SNF (Single network firewall) before with no trouble, and in that instance placed the SNF box right at the boundry as the gateway, and subsequent config'ing and ops ran very very smoothly. I think I should do this with MNF as well...i.e.: Rogers ISP <-> MNF <-> swtich <-> Windows boxes...
Then, examine and edit (if necessary) the entries you folks described.
I was hoping to sandbox the MNF before exposing it to the Internet, but I have a feeling that residential gateways don't play nicely with advanced appliances BEHIND them, maybe only in FRONT of them. Hence, strange addressing and routing. Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
QUOTE (Tmanisaur @ Nov 7 2006, 01:36 PM) 
Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
Yes. That is most definitely an issue. Change the configuration in one of the to use a different default IP (probably easiest to do in the router), i.e. 192.168.1.1 - this may resolve your issue.
QUOTE (tyme @ Nov 7 2006, 02:16 PM)
QUOTE (Tmanisaur @ Nov 7 2006, 01:36 PM)
Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
Yes. That is most definitely an issue. Change the configuration in one of the to use a different default IP (probably easiest to do in the router), i.e. 192.168.1.1 - this may resolve your issue.I tried that approach as well and was advised by a friend that 192.168.0.x and 192.168.1.x may not be able to communicate (subnetting rules I believe)...I had tried this with no success (and before I learned of your suggestions for ipforward-on)...
Rogers ISP
|
(71.a.b.c)
DI824VUP
(192.168.0.1)
|
(eth1-192.168.0.10)
MNF
(eth0-192.168.1.1 - dhcp on)
|
Switch
|
Windows boxes
Also, I'm not explicitly clear on the meaning of some entries in setup. For example, when configuring the LAN interface, I'm prompted to enter the "Gateway Address - if you have one"...which gateway is this? MNF or router in the above setup?
I'm very grateful for the help and advice, believe me!
T.
For the machines, they should use the MNF as their gateway, unless there is a router between the PC's and the MNF.
For the MNF, it should use the ISP as it's default gateway.
For the MNF, it should use the ISP as it's default gateway.
Guys, I got! And without having to vi any linux/MNF files!
I put MNF at the gateway (had to call ISP to flush ARP caches on their routers).
MNF got an IP just fine, dchp configured with good DNS entries.
Had to config MNF masquerading to build NAT, done (rather fun, too).
*poof*
Internet
|
MNF
|
SWITCH---ROUTER---WLAN Clients + NAS
|
LAN Clients
GOOD:
DHCP from MNF to LAN works great.
DHCP from ROUTER to WLAN works great.
All clients’ inbound/outbound native configs on SWITCH works great.
WLAN clients’ inbound/outbound native configs on ROUTER work great.
NAS seen by WLAN clients.
NOTSOGOOD:
Clients on WLAN can’t browse shares on SWITCH
Clients on SWITCH can’t see NAS or WLAN clients on ROUTER
I think now I just have to turn that ROUTER into a SWITCH.
By the way, if this MNF ‘appliance’ (seriously, this thing challenges Cisco) can’t get an IP for the WAN, it logically separates the WAN interface into two segments (ifconfig shows eth1 and eth1:9), uses one to monitor outbound LAN traffic, and dumps any WAN packets into a false-library buffer for maintain continuous IDS (deep packet inspection) and DoS prevention. It's as close to an automatic air-gap as you can get with pulling a cable out yourself.
Very cool box.
Thanks for the help, gents. I owe you one.
T.
I put MNF at the gateway (had to call ISP to flush ARP caches on their routers).
MNF got an IP just fine, dchp configured with good DNS entries.
Had to config MNF masquerading to build NAT, done (rather fun, too).
*poof*
Internet
|
MNF
|
SWITCH---ROUTER---WLAN Clients + NAS
|
LAN Clients
GOOD:
DHCP from MNF to LAN works great.
DHCP from ROUTER to WLAN works great.
All clients’ inbound/outbound native configs on SWITCH works great.
WLAN clients’ inbound/outbound native configs on ROUTER work great.
NAS seen by WLAN clients.
NOTSOGOOD:
Clients on WLAN can’t browse shares on SWITCH
Clients on SWITCH can’t see NAS or WLAN clients on ROUTER
I think now I just have to turn that ROUTER into a SWITCH.
By the way, if this MNF ‘appliance’ (seriously, this thing challenges Cisco) can’t get an IP for the WAN, it logically separates the WAN interface into two segments (ifconfig shows eth1 and eth1:9), uses one to monitor outbound LAN traffic, and dumps any WAN packets into a false-library buffer for maintain continuous IDS (deep packet inspection) and DoS prevention. It's as close to an automatic air-gap as you can get with pulling a cable out yourself.
Very cool box.
Thanks for the help, gents. I owe you one.
T.
remove the switch. you don't need it. the router can handle everything, as long as it has enough LAN ports.
I'd remove the router, and just connect everything to the switch, unless there is a real need for the wireless stuff and nas to be on a separate IP range to the normal LAN clients. Of course, it would mean reconfiguration of all your wireless clients and this side of the setup though.
If so, then I'd use the router, although this may complicate things if you have any incoming access rules.
If so, then I'd use the router, although this may complicate things if you have any incoming access rules.
QUOTE (ianw1974 @ Nov 8 2006, 08:58 AM)
unless there is a real need for the wireless stuff...
Obviously he wants the wireless functionality, since he's using it 
You missed the rest of my sentence! 
selective quoting
QUOTE
and nas to be on a separate IP range to the normal LAN clients
selective quoting
err...that's two things, i was just saying, without the router, he wouldn't have wireless, and since he's obviously using wireless, he needs the router...the switch is the extra part - because he wants wireless
did i mention he wants wireless? wireless, wireless....wireless........
i think my job is driving me insane.
did i mention he wants wireless? wireless, wireless....wireless........
i think my job is driving me insane.
Isn't the wireless separate from the router? So it's kinda like:
switch ----- router ----- wireless
and that it could be:
switch ----- wireless
or is it a combo switch/wireless/router
I'm gonna go home, I'm confused. And besides, I could keep posting and posting, but I'd never beat you to 10,000
switch ----- router ----- wireless
and that it could be:
switch ----- wireless
or is it a combo switch/wireless/router
I'm gonna go home, I'm confused. And besides, I could keep posting and posting, but I'd never beat you to 10,000
QUOTE
or is it a combo switch/wireless/router
that's my understanding, as he listed WLAN clients and not WLAN access point...could be wrong though.QUOTE
And besides, I could keep posting and posting, but I'd never beat you to 10,000
Post count....don't count
Nope, you're probably right, I read back and it seems his clients get DHCP from the router, so it must be operating the wireless.
So I've just been rambling for nuthin
So I've just been rambling for nuthin
QUOTE (ianw1974 @ Nov 8 2006, 11:13 AM)
So I've just been rambling for nuthin
I do it all the time. Why do you think I'm so close to 10,000? I certainly haven't made that many useful posts 
Hey guys...went to sleep at 3:30am...but got it all together.
Yes, need wireless. Must have it. WLAN and SAN must see each other.
No, no need for WLAN and SAN to be separated from rest of network.
I've read that there is a way uf turning residential routers (like my DI824VUP) into switches by not using the WAN port, and pluging say LAN port 1 of the router into LAN port n of the switch.
I'm exploring that one now...
cheers,
T.
PS> I have you both solidly beat with my mighty <10 posts...
Yes, need wireless. Must have it. WLAN and SAN must see each other.
No, no need for WLAN and SAN to be separated from rest of network.
I've read that there is a way uf turning residential routers (like my DI824VUP) into switches by not using the WAN port, and pluging say LAN port 1 of the router into LAN port n of the switch.
I'm exploring that one now...
cheers,
T.
PS> I have you both solidly beat with my mighty <10 posts...
QUOTE (Tmanisaur @ Nov 8 2006, 11:29 AM)
PS> I have you both solidly beat with my mighty <10 posts...
go go low post count power!! 
Each time (or should that be tyme ) you post, tyme will just reply to get him one more post closer to 10,000.
So everyone, stop posting, then he can't get there or he'll just reply to his own posts
) you post, tyme will just reply to get him one more post closer to 10,000.So everyone, stop posting, then he can't get there
or he'll just reply to his own posts
if you don't want me to reply, just stop mentioning me
Alrighty then...you post-fiends.... ;-)
Any idea how to turn a router into a switch?
Cheers,
T.
Any idea how to turn a router into a switch?
Cheers,
T.
a router IS a switch...and then some. it'll give IP's to your systems, instead of MNF2 doing it, but since the Wireless LAN works fine this way, so should the wired...
Yep, got that part...still not sure about getting the WLAN and LAN clients to see each other fully.
Everything on the router gets an IP jsut fine. Everything on the switch gets an IP just fine. The router and switch clients don't see other..
T.
Everything on the router gets an IP jsut fine. Everything on the switch gets an IP just fine. The router and switch clients don't see other..
T.
if you remove the switch, and just plug all the wired clients into the router, they should see each other. unless your router doesn't have RJ45 ports?
It would be likes this:
Internet
|
MNF
|
ROUTER---WLAN Clients + NAS
|
LAN Clients
It would be likes this:
Internet
|
MNF
|
ROUTER---WLAN Clients + NAS
|
LAN Clients
Yep, it has RJ45 ports, but not enough...would your scheme still work if I added the switch AFTER the router, like this?
Internet
|
MNF
|
ROUTER---WLAN Clients + NAS
|
SWITCH
|
LAN Clients
Would all clients see each other?
Cheers,
T.
Internet
|
MNF
|
ROUTER---WLAN Clients + NAS
|
SWITCH
|
LAN Clients
Would all clients see each other?
Cheers,
T.
Yes, as the router would be giving out all the ip addresses effectively putting all the systems on the same subnet.
IMHO, that's a ton of hardware
My setup is simply:
Cable modem -> Cable/DSL Router -> Clients
but then, the cable/dsl router i got was a linksys and i was able to install dd-wrt on it, so I got a lot of extra stuff that basically made an add-on firewall system irrelevant.
IMHO, that's a ton of hardware
My setup is simply:
Cable modem -> Cable/DSL Router -> Clients
but then, the cable/dsl router i got was a linksys and i was able to install dd-wrt on it, so I got a lot of extra stuff that basically made an add-on firewall system irrelevant.
I concur, switch the router and switch around. My setup at home is like this:
Internet --> Router --> Firewall --> Switch --> Clients
although some clients are connected directly to the firewall as there are a few ports on there.
This is similar to you, where your router is in the place of the firewall, as you're using this as a switch and also for DHCP assigning of devices as well as wireless.
So putting the router before the switch is much better, and should fix your problem, as you drew out in your diagram in your last post.
Internet --> Router --> Firewall --> Switch --> Clients
although some clients are connected directly to the firewall as there are a few ports on there.
This is similar to you, where your router is in the place of the firewall, as you're using this as a switch and also for DHCP assigning of devices as well as wireless.
So putting the router before the switch is much better, and should fix your problem, as you drew out in your diagram in your last post.
Sorry I didn't respond yesterday; the girlfriend appliance needed some updating and maintenance (heh heh).
Okay, I think I see what the solution is based on all the good stuff you gents have advised on...
MNF
|
ROUTER (to enable WLAN clients' access)
|
SWITCH
|
Clients (+SAN)
I'll try this config next, and I 'll advise on the results.
Thanks again gents!
T.
Okay, I think I see what the solution is based on all the good stuff you gents have advised on...
MNF
|
ROUTER (to enable WLAN clients' access)
|
SWITCH
|
Clients (+SAN)
I'll try this config next, and I 'll advise on the results.
Thanks again gents!
T.
no problem always happy to help!
always happy to help!
No worries, that's what we're here for
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.