Jump to content

Routing/Network etc


wlessard
 Share

Recommended Posts

Okay I have read through everything here and on the net and maybe I am just being thickheaded. I hope I am not missing something and I am sorry if this has been answered ad naseaum but I really need to ask as I am pulling what is left of my hair out.

 

What I am trying to accomplish

 

Static IP Static IP

ISP -> eth0 on server -> eth1 as DHCP -> Intranet/Internal office system.

Server IP -> 192.168.1.1

mydomain.com

 

Sorry about the above formatting I am not sure what I am losing in regards to the spaces that are supposed to be there.

 

The actual server IP and Domain are properly setup as my webserver and e-mail server are working fine.

 

I am trying to route all the internal PCs of various types with the Manrdake 10.1 DHCP server. I had it actually working but not sure what I may have broken as after a reboot and reading Isle of Wight's simple tutorial about how to set this up and following his instructions.

 

SMB locked on boot also but I have disabled that for now.

 

So the server has a static IP from my ISP, it is my webhost and has the domain name setup on it. All through eth0. eth1 has a static IP of 192.168.1.1 and is where I want the DHCP to offer 192.168.1.X ips to internal computers. Eventually I want to add a WAP for the business as well.

 

Problems

 

1: DHCP stopped working. dhcpd start returns "failed" and nothing else.

2: Allow traffic between eth0 and eth1

 

netstat -rn

 

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

192.168.1.1 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1

Server IP Server IP 255.255.255.252 UG 0 0 0 eth0

Server IP 0.0.0.0 255.255.255.252 U 0 0 0 eth0

0.0.0.0 Server IP 0.0.0.0 UG 0 0 0 eth0

 

Sorry for being slightly paranoid here but I also have spent many hours adding IPs to my iptables to block hacks.

 

So what other information is needed and suggestions where to check as well as what would be recommended to upgrade software wise. It is a very standard install of mandrake 10.1 with just about everything and the kitchen sink thrown in.

 

I did update webmin to 1.580 and I use putty to access the command line from my office computer which is on a separate network and from home.

 

I really am sorry if I am rehashing what others have asked but I have not seen a clear and obvious answer of what to look for and how it should actually look.

 

I have also tried doing a lot of this through the "Configure your Computer" on the KDE install.

 

As much as I know and can do this one is escaping me for some reason and if you want to treat me like an absolute total newbie I do not mind.

 

Thanks for any and all help.

 

BTW I have made all the setting changes from http://www.iwpcs.co.uk/ics.html as suggested and still not working.

Edited by wlessard
Link to comment
Share on other sites

  • 2 weeks later...

Here are the details. Actual IP masked for privacy. Hope it doesn't matter.

 

eth0 Link encap:Ethernet HWaddr 00:C0:9F:1E:BE:A6

inet addr:1.1.1.229 Bcast:1.1.1.231 Mask:255.255.255.252

inet6 addr: fe80::2c0:9fff:fe1e:bea6/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:193 errors:0 dropped:0 overruns:0 frame:0

TX packets:338 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:19984 (19.5 Kb) TX bytes:55342 (54.0 Kb)

Interrupt:21

 

eth1 Link encap:Ethernet HWaddr 00:C0:9F:1E:BE:A7

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.255

inet6 addr: fe80::2c0:9fff:fe1e:bea7/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:268 errors:0 dropped:0 overruns:0 frame:0

TX packets:11 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:20903 (20.4 Kb) TX bytes:1346 (1.3 Kb)

Interrupt:22

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:147 errors:0 dropped:0 overruns:0 frame:0

TX packets:147 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:11800 (11.5 Kb) TX bytes:11800 (11.5 Kb)

 

route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

1.1.1.228 0.0.0.0 255.255.255.252 U 0 0 0 eth0

0.0.0.0 1.1.1.229 0.0.0.0 UG 0 0 0 eth0

 

iptables -nvL

Chain INPUT (policy ACCEPT 319 packets, 27367 bytes)

pkts bytes target prot opt in out source destination

0 0 DROP all -- * * 70.103.198.101 0.0.0.0/0

0 0 DROP all -- * * 83.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 216.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 178.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 200.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 218.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 221.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 211.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 159.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 80.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 124.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 60.0.0.0/8 0.0.0.0/0

0 0 DROP all -- * * 190.0.0.0/8 0.0.0.0/0

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

 

Chain OUTPUT (policy ACCEPT 334 packets, 57326 bytes)

pkts bytes target prot opt in out source destination

 

iptables -nvL -t nat

Chain PREROUTING (policy ACCEPT 49 packets, 4882 bytes)

pkts bytes target prot opt in out source destination

 

Chain POSTROUTING (policy ACCEPT 3 packets, 84 bytes)

pkts bytes target prot opt in out source destination

35 2250 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT 38 packets, 2334 bytes)

pkts bytes target prot opt in out source destination

 

I think I see one problem but not sure where to find the answer. Route issue but not sure how to fix it at this time.

 

Basically 2 problems

 

1: DHCPD doesn't start automatically.

2: Does not allow internal network 192.168.1.XX to access internet

 

Currently client computers inside the network on the 192.168.1.XX get a gateway of 192.168.1.1

Edited by wlessard
Link to comment
Share on other sites

Hi,

 

What you said about your client computers is correct. They should get 192.168.1.1 as the default gateway, because they then have their connection routed out to the internet here. Did you enable ip routing on this machine? You have the NAT working, but wondered if you enabled IP routing in /etc/sysctl.conf? You can check it easily, because it should have this line:

 

net.ipv4.ip_forward = 0

 

these means that ip routing is disabled, so change it to:

 

net.ipv4.ip_forward = 1

 

to enable it. Then try and see if the other machines can access the internet. I expect that machine 192.168.1.1 can access the internet if you check DNS resolution and pinging something.

Link to comment
Share on other sites

Hi,

 

What you said about your client computers is correct. They should get 192.168.1.1 as the default gateway, because they then have their connection routed out to the internet here. Did you enable ip routing on this machine? You have the NAT working, but wondered if you enabled IP routing in /etc/sysctl.conf? You can check it easily, because it should have this line:

 

net.ipv4.ip_forward = 0

 

these means that ip routing is disabled, so change it to:

 

net.ipv4.ip_forward = 1

 

to enable it. Then try and see if the other machines can access the internet. I expect that machine 192.168.1.1 can access the internet if you check DNS resolution and pinging something.

 

Okay checked and net.ipv4.ip_forward = 1 is what it is set at.

 

I also noticed I did something that scrambled my DNS somewhere. My e-mail server which was working is no longer getting DNS so it wont send or receive e-mails.

 

I am pretty sure I fubared something in the DNS or forwarding setup.

 

I checked to see what I might have done and did a new route -n

 

route -n
Kernel IP routing table
Destination Gateway     Genmask         Flags Metric Ref Use Iface
1.1.1.228   0.0.0.0     255.255.255.252  U      0     0   0  eth0
192.168.1.0 192.168.1.1 255.255.255.0    U      0     0   0  eth1
0.0.0.0     1.1.1.229   0.0.0.0          UG     0     0   0  eth0

 

I appreciate the suggestions.

 

Just checked the servers ability to get out. Apparently it wont DNS. Checking some other possibilities such as the Comcast Business Router for the Static IP.

Edited by wlessard
Link to comment
Share on other sites

Check your /etc/resolv.conf to see if it has valid DNS settings.

 

Looks valid.

 

nameserver 75.75.75.75
nameserver 75.75.76.76
domain wp.comcast.net

 

Which is what the computers on the DHCP from Comcast get and is what is internal to the Comcast Business Router. Not too happy with it but I don't have much choice but I am using a static IP from Comcast Business.

 

Still cannot get out on the server to any websites.

 

I am about ready to reinstall and check the default working settings before I update anything. Should know better.

Edited by wlessard
Link to comment
Share on other sites

You can change it, however, you can query some others, for example:

 

dig @8.8.8.8 google.com
dig @208.67.222.222 google.com

 

see if you get DNS resolution. You can always edit /etc/resolv.conf and use Google DNS servers 8.8.8.8 and 8.8.4.4 or OpenDNS server 208.67.222.222 and 208.67.220.220.

Link to comment
Share on other sites

You can change it, however, you can query some others, for example:

 

dig @8.8.8.8 google.com
dig @208.67.222.222 google.com

 

see if you get DNS resolution. You can always edit /etc/resolv.conf and use Google DNS servers 8.8.8.8 and 8.8.4.4 or OpenDNS server 208.67.222.222 and 208.67.220.220.

 

I really did something wrong so I reloaded last night.Now I am documenting all changes one step at a time. This time around I will pay more attention to my changes and what they did.

 

BTW would it be worthwhile to install Shorewall or stick with the standard Mandrake 10.1 firewall?

Edited by wlessard
Link to comment
Share on other sites

Okay went back to square 1.

 

Everything is working so far as far as the server is concerned. I have not reinstalled my e-mail client but that is minor.

 

DHCP is working but not sure where I am missing where the default gateway and the DNS suffice is specified. Looking now for info on the net.

 

Okay found the issue I think.

 

etc/sysconfig/network file

 

It was pointing towards eth0 now I have it pointing at eth1. Not that I know if that is good. :(

 

Okay, I have gone through the posts in this thread and checked what I have vs what is here. I think I have it all the way it is supposed to work. BTW I updated to the latest DHCP.

 

I get IPs for client machines but no internet access.

 

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
75.144.150.228  0.0.0.0         255.255.255.252 U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         75.144.150.230  0.0.0.0         UG    0      0        0 eth0

Edited by wlessard
Link to comment
Share on other sites

If the clients are not working, then you need to check what the default route is on the machines and if they are the machine that is acting as the gateway to your internet. Also check DNS on these machines, because maybe its misconfigured. And if you enabled ip_forwarding in /etc/sysctl.conf. And NAT, if iptables then postrouting.

Link to comment
Share on other sites

If the clients are not working, then you need to check what the default route is on the machines and if they are the machine that is acting as the gateway to your internet. Also check DNS on these machines, because maybe its misconfigured. And if you enabled ip_forwarding in /etc/sysctl.conf. And NAT, if iptables then postrouting.

 

Sad thing is despite being very literate in Linux and computers as well as playing with them and being a profession for over 20 years sometimes I am slow.

 

IP_forwarding is set to 1 as in net.ipv4.ip_forward = 1

 

NAT? What file would I be looking for in that one?

 

Additionally maybe a page with a simple example of the config files and their formats for something like this.

 

Do I need to make my machine a DNS and update the internic records to show this? IE: Log into Register.com and change things?

 

I found out that I changed my /etc/sysconfig/network file which messed up eth0 from getting out. I fixed that so back to that part working.

Link to comment
Share on other sites

iptable has the rules for setting the nat stuff with postforwarding. I'm not sure what firewall you are using that's why I mentioned about it generally. To get from a private address, so 192.168.x.x to a public address (internet) you need to nat to do it, and the PC that is your gateway to the internet needs to do this. Since you have ip_forwarding enabled, you need to set up the nat on this machine to let the other machines access the internet.

Link to comment
Share on other sites

iptable has the rules for setting the nat stuff with postforwarding. I'm not sure what firewall you are using that's why I mentioned about it generally. To get from a private address, so 192.168.x.x to a public address (internet) you need to nat to do it, and the PC that is your gateway to the internet needs to do this. Since you have ip_forwarding enabled, you need to set up the nat on this machine to let the other machines access the internet.

 

Other than upgrading webmin and dhcpd and adding communigate pro it is plain vanilla mandrake/iva 10.1, as far as I can tell I am just using iptables and 1.2 at that so I am thinking no matter what else upgrading to iptables 1.4.9 is reasonable but I don't want to break anything by doing it.

 

I am using iptables commands for what is my firewall as far as I can tell in this case.

 

I am considering building another linux box as a test bed instead of playing around with my production server.

 

Though as I said, is there any place someone has placed a plain jane example of the file and the file name for things like NAT....

 

This is where I am lost right now. I am quite happy to run any program or test and take the time to output it here.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...