Jump to content

Linksys router and Mandrake 10 Home Network


glore
 Share

Recommended Posts

Hello,

 

Please, help me finding out the solution to this problem:

 

One of my computers (Mandrake 10 Official release) accesses Internet through a Linksys router (eth0 card). This computer has a second card (eth1) which is connected to my second computer (win 98).

 

When I share the Internet connection in Mandrake (through its wizard), it works fine but from there on I am not able to send files in Mandrake through messengers such as Kopete or aMSN. When I disabled my home network, I can send files again.

 

In order to set up the router, I have to access this IP: 192.168.1.1 but when I enable my internal network, if I try to access, a message appears with the following text:

 

"Connection refused by server".

 

Until now, I arrived to the following conclusion:

 

I think that Mandrake assigns the same IP (Static) to the LAN (192.168.1.1) so when I try to send files or if I try to access the router setup page, something crashes and it doesn't work. I tried to change this IP (for example to 192.168.1.13) but it didn't work either. I feel I am guessing because I don't really know what I should do.

 

My objective is to have both things running (network + sending files/accessing the router's configuration page). I also did forward ports.

 

Well, I hope this explanation is clear enough. If anyone can help me, I will really appreciate it.

 

Thanks in advance.

Edited by glore
Link to comment
Share on other sites

  • Replies 33
  • Created
  • Last Reply

Top Posters In This Topic

Hello back and thanks for the help.

 

Gowator, this are the results I get after typing the commands you were asking for.

This is when my home network works ok but I can't access the Linksys router configuration page or send files through any messenger like, for example, Kopete.

I use Mandrake 10 OE.

Thanks again. I will be expecting your answer.

 

ifconfig -a

 

eth0 Link encap:Ethernet HWaddr 00:E0:7D:F1:9A:37

inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::2e0:7dff:fef1:9a37/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:838 errors:0 dropped:0 overruns:0 frame:0

TX packets:803 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:337202 (329.2 Kb) TX bytes:162161 (158.3 Kb)

Interrupt:10 Base address:0x6000

 

eth1 Link encap:Ethernet HWaddr 00:E0:7D:73:59:19

inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::2e0:7dff:fe73:5919/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:205 errors:0 dropped:0 overruns:0 frame:0

TX packets:82 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:30191 (29.4 Kb) TX bytes:28034 (27.3 Kb)

Interrupt:11 Base address:0x3000

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:1644 errors:0 dropped:0 overruns:0 frame:0

TX packets:1644 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:98670 (96.3 Kb) TX bytes:98670 (96.3 Kb)

 

sit0 Link encap:IPv6-in-IPv4

NOARP MTU:1480 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

 

route

 

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.0 * 255.255.255.0 U 0 0 0 eth1

192.168.1.0 * 255.255.255.0 U 0 0 0 eth1

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

 

iptables -nvL

 

Chain INPUT (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

1019 56812 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

626 315K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0

93 16897 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0

0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'

0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

1 205 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0

20 1420 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0

0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'

0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

1019 56812 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0

0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

617 134K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0

1066 53597 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0

0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'

0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain all2all (2 references)

pkts bytes target prot opt in out source destination

57 25313 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

1038 32307 common all -- * * 0.0.0.0/0 0.0.0.0/0

1009 28284 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'

1009 28284 reject all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain common (5 references)

pkts bytes target prot opt in out source destination

1020 28560 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0

0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135

99 15091 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139

0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445

0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139

0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445

0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135

0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900

0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255

0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4

0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113

0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW

61 8450 DROP all -- * * 0.0.0.0/0 192.168.1.255

0 0 DROP all -- * * 0.0.0.0/0 192.168.1.255

 

Chain dynamic (4 references)

pkts bytes target prot opt in out source destination

 

Chain eth0_fwd (1 references)

pkts bytes target prot opt in out source destination

0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

1 205 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0

 

Chain eth0_in (1 references)

pkts bytes target prot opt in out source destination

135 19630 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

626 315K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain eth1_fwd (1 references)

pkts bytes target prot opt in out source destination

20 1420 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

20 1420 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0

 

Chain eth1_in (1 references)

pkts bytes target prot opt in out source destination

34 4263 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

93 16897 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain fw2net (1 references)

pkts bytes target prot opt in out source destination

454 112K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

22 1320 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

141 20047 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain icmpdef (1 references)

pkts bytes target prot opt in out source destination

 

Chain loc2fw (1 references)

pkts bytes target prot opt in out source destination

59 12634 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:6891:6900

5 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128

29 4023 all2all all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain loc2net (1 references)

pkts bytes target prot opt in out source destination

0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

20 1420 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain net2all (2 references)

pkts bytes target prot opt in out source destination

1 205 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

139 19742 common all -- * * 0.0.0.0/0 0.0.0.0/0

8 224 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'

8 224 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain net2fw (1 references)

pkts bytes target prot opt in out source destination

487 295K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:6891:6900

139 19742 net2all all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain newnotsyn (6 references)

pkts bytes target prot opt in out source destination

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:'

0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain reject (11 references)

pkts bytes target prot opt in out source destination

1 60 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset

99 15091 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

1008 28224 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable

0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

 

Chain shorewall (0 references)

pkts bytes target prot opt in out source destination

 

/etc/resolv.conf

nameserver 200.49.159.69

nameserver 200.49.156.3

nameserver 24.232.0.21

Link to comment
Share on other sites

eth1 (and your other PC) MUST have a different network number from eth0, eg 192.168.2.0 instead of 192.168.1.0 . Network number in this case is the first 3 numbers (octets) of the IP address.

 

Your Linux PC will then be able to route packets between the 2 networks.

 

So change eth1 to 192.168.2.1 and your Windows PC to 192.168.2.2 and it may all start working. leave eth0 alone.

 

Phew - not awake enough to look through and follow all that iptables output, so do above first - if it doesn't work, we can look at the firewall then. Please post output of "iptables -nvL -t nat" if it doesn't work.

 

Chris

Edited by streeter
Link to comment
Share on other sites

Whew...

Yep thats a fairly long IPtables output for 'default'

 

When I share the Internet connection in Mandrake (through its wizard), it works fine but from there on I am not able to send files in Mandrake through messengers such as Kopete or aMSN. When I disabled my home network, I can send files again.

 

Yep well the Mandrake wizard is pretty crap!

It assumes ... if you have one interface it will be used for everything and creates a virtual if. Then it NAT's across the with input and output.

 

When it finds TWO interfaces like you have it assumes that you wish to be a firewall which can give access to the internet but is blocked itself.

All in all for some setitngs it works... for others it FUBARS!

 

With all the messing about with MDK wizards I never worked out how to make it do both which is what you are trying to do.

It is possible, I know someone who did its just the Mandrake settings are undocumented and they are impossible to fathom out with the shorewall documentation (the firewall it uses) because it uses it a very weird way.

 

Now to get it working

 

Like streeter says (and to be honest he knows more about this than me) you can never have your routes working while they are in the same subnet.

If you MUST use both in the same CLASS C i.e. 192.168.1.n then you need to make a partial netmask. It CAN be done but its not the simplest to understand and this will have consequences setting up the sharing!

 

By far the easiest way is like streeter says and change eth1 to a different network like 192.168.2.x

 

This way your routes will be

default 192.168.1.1 eth0

192.168.2.0 255.255.255.0 U 0 0 0 eth1

 

eth0 will go to the rounter and hence internet and eth1 the windows PC..

then dependent upon whatever is returned from iptables -nvL -t nat it should show how it send packets ACROSS eth0 to eth1 and back while translating the address.

 

If you go to www.shorewall.net

Running Shorewall on Mandrake® with a two-interface setup?

If so, the documentation on this site will not apply directly to your setup. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a setup that matches the documentation on this site. See the Two-interface QuickStart Guide for details.

 

Update: I've been informed by Mandrake Development that this problem has been corrected in Mandrake 10.0 Final (the problem still exists in the 10.0 Community release).

Well follow the instructions if you want to keep using shorewall to do this. Its a nice frontend to iptables... and if you use their setup it works !

Link to comment
Share on other sites

I'm probably missing the point here!

But, if you have a router (more than likely to have >=4 ports) wouldn't you connect both the computers to the router and let it do its DHCP and NAT all that stuff, rather than ICS(Linux or MS)

Or is this an idealogical question, where linux HAS to be the Firewall/DHCP/NAT appliance?

I ask this, not knowing his financial constraints and No. of computers v's No. of ports. etc.

 

cheers

Link to comment
Share on other sites

I would rather have a windows PC masqueraded behind a (well set up) Linux firewall (double security!), but you do have a point, assuming the ports (or a hub/switch) are there, and this isn't a learning exercise/necessary.

 

Why didn't I spot this much simpler answer??? :screwy:

 

Chris

Link to comment
Share on other sites

LOL,

I kinda presumed there was a reason like it being a single ethernet router orbeig locked tot he mac address of the card or ...

 

The internet connection sharing is a real dog anyway...

ugly solution.... I guess Im the only one that bothers though!!!

 

The shorewall settings on their quickstart are quite nice and a good way to set out learning Iptables (gee I really must one day) becuase they are documented and well explained...

 

ultimately its better to make your own rules but i gotta lota readin to do first!

Link to comment
Share on other sites

Here I am back. Thanks for all your efforts trying to help me solve this.

 

I tried to change the IP to 192.168.2.0 but it doesn't matter the number I write, as soon as I set the network, I can't access the router configuration page and I can't send files through messengers. I disable the network and I can access the conf. page and can also send files with messengers.

 

My router is a Linksys BEFSR11.

 

As always, I will appreciate your help. What I really need is a step by step guide.

 

:-)

Edited by glore
Link to comment
Share on other sites

Read the posts again - you don't set the IP address to 192.168.2.0 - this is what is known as the network address - it describes the numbering policy for the entire network segment.

 

Your IP addresses should be:

 

eth0 192.168.1.104

 

eth1 192.168.2.1

 

windows 192.168.2.2

 

All subnet masks should be 255.255.255.0

 

Just as an exercise to make sure it is not Mandrakes wizards messing things up, don't use them to set the IP addresses - type the following as root:

 ifconfig eth0 192.168.1.104 up

 ifconfig eth1 192.168.2.1 up

 

Once you have this set up, try typing (from both computers - leave out the "-c 4" on windows)

 ping -c 4 192.168.1.1

You should get an output similar to:

64 bytes from ap (192.168.1.1): icmp_seq=3 ttl=30 time=1.47 ms

 

If this works, your network is OK.

 

Next try accessing the router's set up - does it work now?

If not, what command are you using?

 

Let us know how you get on

 

Chris

Link to comment
Share on other sites

PS - step by step guide:

 

1) Learn all about networking

 

2) Learn all about Linux

 

3) Set up your network

 

:D

 

Seriously, there are howtos out there on the net, but a little background knowledge goes a long way - a step by step guide is not really possible in a forum - we don't have the time, and each case is a little different...

 

Chris

Link to comment
Share on other sites

a step by step guide is not really possible in a forum - we don't have the time, and each case is a little different...

 

The shorewall documentation is a good start...

also the LDP HOWTO-s theirs a short 8 page NAT HOWTO ... enough to get you running...

 

however its rqther breif.. if I remember the IPtqbles HOWTO is 200 pages + its serious stuff .. hence like streeter says we can hardly write all of that on a forum...

 

O Reilly TCP/IP is a good book ... but I cant type anymore with this damned french keyb its driving me mad !!!

Link to comment
Share on other sites

Hello my friends and sorry for all the help I need. I promise to learn more about networking :D

 

I did this streeter:

 

a) In Mandrake (console), I typed:

ifconfig eth0 192.168.1.104 up

 

and then:

ifconfig eth1 192.168.2.1 up

 

When typing ping -c 4 192.168.1.1 I get the result you wrote in the computer with MANDRAKE.

but when I type ping 4 192.168.1.1 in windows, I get a timeout message.

 

If I leave things so, I can access the router's configuration page (typing 192.168.1.1 in mozilla) and I can send files through Kopete but computer 2 (windows 98) doesn't access internet.

If I restart the computer, the lan configuration goes back to where it was before changing things with ifconfig (eth1 to 192.168.1.13).

 

What I did in computer 2 is: network neighborhood, properties and there I choose tcpip and change the automatic configuration to 192.168.2.2 but there I don't know what else to do. Then when I type ping I tried changing Internet Explorer Internet options (LAN-advanced) and where it says HTTP I wrote 192.168.2.1 but I am not sure what to write there. What I really need is to be able to access internet from both computers.

 

Until now, the only way my network works is: Using mandrake wizard: it configures eth1 to -for instance- 192.168.1.13 then I go to computer 2 (win) and add 192.168.1.13 in Internet Explorer (LAN- advanced-HTTP). There, I can access the web from both machines but I can't access the router and I can't send files through Kopete.

 

 

Well, as always, thanks.

Link to comment
Share on other sites

Right - we are getting close now...

 

Please follow carefully and post results -

 

What you need to do now is to edit (as root) the file /etc/sysconfig/network-scripts/ifcfg-eth0.

Change the IPADDR line to IPADDR=192.168.1.104 and save it.

 

Then in /etc/sysconfig/network-scripts/ifcfg-eth1 do the same, but with IPADDR=192.168.2.1 , the line NETWORK=192.168.2.0 and BROADCAST=192.168.2.255 .

 

This will save the settings across a reboot.

 

In the windows network dialogue, the IP address should be 192.168.2.2 and the default gateway should be 192.168.2.1 . You shouldn't need to change anything in explorer - uncheck the Connections->Lan settings->use a proxy server box.

 

Please don't change anything else for now - one step at a time, or this will get difficult for us...

 

Reboot, and do an "ifconfig" to make sure the IP addresses are correct (eth0 192.168.1.104 & eth1 192.168.2.1).

 

Windows should now be 192.168.2.2, and you should be able to "ping 192.168.2.2" and "ping 192.168.2.1" from windows.

 

The next step is to allow Linux to forward packets for the windows box. Try a "ping 192.168.1.104" from windows - any good? If it works, try "ping 192.168.1.1" from windows. If this works, so probably will your internet connection. If not, as will probably happen, let us know, and we can go on to the next step.

 

Chris

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...