Jump to content

MNF2 install problems (from a n00b) [solved]


Guest Tmanisaur
 Share

Recommended Posts

Guest Tmanisaur

Cheers,

 

I've been on Windoze most of my life and am teaching myself linux, starting with MNF2.

 

Here's my problem...

 

I'm installing MNF2 on a 2 NIC P4/1.7ghz intel Compaq Evo, in this config...

 

Internet <-> DLink824VUP router <-> MNF2 <-> Switch <-> 3 Windoze boxes.

 

Once installed, I get access to MNF2 from Windoze thru https://1.2.3.4:8843 just fine.

On the MNF2 box, I can resolve/ping in both directions (to WAN and to LAN), but I CANNOT ping/resolve any addresses from Windoze thru the MNF to the Internet.

 

Addressing...

 

Rogers ISP DHCP

|

(71.x.y.z)

DLinkDI824VUP

(192.168.0.1)

|

(what should this be??)

MNF2 box

(192.168.0.10)

|

Switch

|

Windoze

 

 

I need some help trying to understand what configuration MNF2 prefers. I think that I really need advice/help on:

1. What config for eth0 and eth1 should I use in install?

2. Is the hardware setup correct?

 

I know I don't know much about this (yet), but I'm asking anyways.

 

T.

Edited by Tmanisaur
Link to comment
Share on other sites

  • Replies 30
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the board! :)

 

First things first:

(what should this be??)

MNF2 box

It should be whatever IP your router assigns to it. Technically with this setup you don't need the router, but it really shouldn't complicate matters too much as long as things inside are set up right.

 

Reading through your issue it seems to me the most likely source is IP packet forwarding. Unfortunately I don't have experience with MNF2 so I'm not sure where to set the options in the GUI, but if it's like the Mandriva Control Center there should be an option for Internet Connection Sharing or at least a Firewall section with an IP forwarding option.

 

Sorry I can't be more detailed, I've never even seen a MNF system :unsure:

 

If you think you could handle it, I could give you information on editing the configuration files by hand with a text editor, but Mandriva likes to overwrite those settings sometimes...

Link to comment
Share on other sites

Check if ip routing is enabled:

 

cat /proc/sys/net/ipv4/ip_forward

 

if it's set to zero then this will be why it's failing. Then edit /etc/sysctl.conf and make sure this line exists:

 

net.ipv4.ip_forward = 1

 

this entry might already exist, so change it from "0" to "1". Then do:

 

sysctl -p

 

and the new setting will take effect. Then try and ping something from the Windows boxes on the internet.

Link to comment
Share on other sites

Guest Tmanisaur

Tyme and ianw,

 

I know the my questions seem very basic, but thanks very much for quick replies!

I'm in the (unenviable?) position of being an army of one (growing a consulting company).

I have no trouble learning how to edit linux config files...one step at a time...

 

I've used Mandrake SNF (Single network firewall) before with no trouble, and in that instance placed the SNF box right at the boundry as the gateway, and subsequent config'ing and ops ran very very smoothly. I think I should do this with MNF as well...i.e.: Rogers ISP <-> MNF <-> swtich <-> Windows boxes...

Then, examine and edit (if necessary) the entries you folks described.

 

I was hoping to sandbox the MNF before exposing it to the Internet, but I have a feeling that residential gateways don't play nicely with advanced appliances BEHIND them, maybe only in FRONT of them. Hence, strange addressing and routing. Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.

Link to comment
Share on other sites

Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
Yes. That is most definitely an issue. Change the configuration in one of the to use a different default IP (probably easiest to do in the router), i.e. 192.168.1.1 - this may resolve your issue.
Link to comment
Share on other sites

Guest Tmanisaur
Both the DI824VUP router and MNF default to 192.168.0.1 as their address to act as the gateway, so perhaps there's part of the issue as well.
Yes. That is most definitely an issue. Change the configuration in one of the to use a different default IP (probably easiest to do in the router), i.e. 192.168.1.1 - this may resolve your issue.

 

I tried that approach as well and was advised by a friend that 192.168.0.x and 192.168.1.x may not be able to communicate (subnetting rules I believe)...I had tried this with no success (and before I learned of your suggestions for ipforward-on)...

 

Rogers ISP

|

(71.a.b.c)

DI824VUP

(192.168.0.1)

|

(eth1-192.168.0.10)

MNF

(eth0-192.168.1.1 - dhcp on)

|

Switch

|

Windows boxes

 

 

Also, I'm not explicitly clear on the meaning of some entries in setup. For example, when configuring the LAN interface, I'm prompted to enter the "Gateway Address - if you have one"...which gateway is this? MNF or router in the above setup?

 

I'm very grateful for the help and advice, believe me!

 

T.

Link to comment
Share on other sites

For the machines, they should use the MNF as their gateway, unless there is a router between the PC's and the MNF.

 

For the MNF, it should use the ISP as it's default gateway.

Link to comment
Share on other sites

Guest Tmanisaur

Guys, I got! And without having to vi any linux/MNF files!

 

 

I put MNF at the gateway (had to call ISP to flush ARP caches on their routers).

MNF got an IP just fine, dchp configured with good DNS entries.

Had to config MNF masquerading to build NAT, done (rather fun, too).

 

*poof*

 

Internet

|

MNF

|

SWITCH---ROUTER---WLAN Clients + NAS

|

LAN Clients

 

 

GOOD:

DHCP from MNF to LAN works great.

DHCP from ROUTER to WLAN works great.

All clients’ inbound/outbound native configs on SWITCH works great.

WLAN clients’ inbound/outbound native configs on ROUTER work great.

NAS seen by WLAN clients.

 

NOTSOGOOD:

Clients on WLAN can’t browse shares on SWITCH

Clients on SWITCH can’t see NAS or WLAN clients on ROUTER

 

I think now I just have to turn that ROUTER into a SWITCH.

 

By the way, if this MNF ‘appliance’ (seriously, this thing challenges Cisco) can’t get an IP for the WAN, it logically separates the WAN interface into two segments (ifconfig shows eth1 and eth1:9), uses one to monitor outbound LAN traffic, and dumps any WAN packets into a false-library buffer for maintain continuous IDS (deep packet inspection) and DoS prevention. It's as close to an automatic air-gap as you can get with pulling a cable out yourself.

 

Very cool box.

 

 

Thanks for the help, gents. I owe you one. B)

 

T.

Link to comment
Share on other sites

I'd remove the router, and just connect everything to the switch, unless there is a real need for the wireless stuff and nas to be on a separate IP range to the normal LAN clients. Of course, it would mean reconfiguration of all your wireless clients and this side of the setup though.

 

If so, then I'd use the router, although this may complicate things if you have any incoming access rules.

Link to comment
Share on other sites

err...that's two things, i was just saying, without the router, he wouldn't have wireless, and since he's obviously using wireless, he needs the router...the switch is the extra part - because he wants wireless :P

 

did i mention he wants wireless? wireless, wireless....wireless........

 

i think my job is driving me insane.

Link to comment
Share on other sites

Isn't the wireless separate from the router? So it's kinda like:

 

switch ----- router ----- wireless

 

and that it could be:

 

switch ----- wireless

 

or is it a combo switch/wireless/router :P

 

I'm gonna go home, I'm confused. And besides, I could keep posting and posting, but I'd never beat you to 10,000 :P

Link to comment
Share on other sites

or is it a combo switch/wireless/router :P
that's my understanding, as he listed WLAN clients and not WLAN access point...could be wrong though.

 

And besides, I could keep posting and posting, but I'd never beat you to 10,000 :P

Post count....don't count ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...