Jump to content

Routing by Hand --MOTTS ???


Gowator
 Share

Recommended Posts

OK hackers....

I'm on a PC which will could soon have a second NIC.

its currently got a static IP...for eth0 in a uncommon RFC range.

 

ppp0 is assigned a IP 193.253.160.3

 

I have a /dev/ppp

crw------- 1 root root 108, 0 Jan 1 1970 ppp

 

and a valid resolv.conf in /etc/ppp

/etc/ppp/options

 

more options

lock

noipdefault

persist

noauth

usepeerdns

defaultroute

and a valid/working /etc/ppp/pppoe.options

 

ifconfig

eth0 Link encap:Ethernet HWaddr 00:60:97:1B:B2:52

inet addr:172.16.122.55 Bcast:172.16.122.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:354942 errors:1 dropped:0 overruns:0 frame:2

TX packets:238453 errors:0 dropped:0 overruns:0 carrier:338

collisions:10 txqueuelen:100

RX bytes:359189379 (342.5 Mb) TX bytes:32651979 (31.1 Mb)

Interrupt:5 Base address:0xdc00

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:936 errors:0 dropped:0 overruns:0 frame:0

TX packets:936 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:81756 (79.8 Kb) TX bytes:81756 (79.8 Kb)

 

ppp0 Link encap:Point-to-Point Protocol

inet addr:81.53.194.18 P-t-P:193.253.160.3 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1

RX packets:606 errors:0 dropped:0 overruns:0 frame:0

TX packets:712 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:3

RX bytes:353124 (344.8 Kb) TX bytes:128454 (125.4 Kb)

 

 

 

route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

193.253.160.3 * 255.255.255.255 UH 0 0 0 ppp0

172.16.122.0 * 255.255.255.0 U 0 0 0 eth0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default 193.253.160.3 0.0.0.0 UG 0 0 0 ppp0

 

I want to use this machine as a gateway for the rest and route the default gateway.

 

DSL MODEM<------>GWPC<-------->switch<--------> the rest.

 

Any suggestions ....???????????[/i]

Link to comment
Share on other sites

a few tips:

 

you'll need to give eth1 (the new NIC) a static IP. you'll have to install a dhcp server and configure it to run _only_ on eth1.

 

as for specifics...i'm unsure, i've never done this sort of setup myself (although I was considering it). but I believe the dhcp server should take care of the routing....someone please correct, because I know I'm most likely wrong...

Link to comment
Share on other sites

shorewall clear: Yeah that gives me back access from a single PC.

I checked out the shorewall website and in their words the Mandrake wizard install is a little weird.

 

Unfortunately the wizard didn't tell me I needed 2 NIC's (shorewall did) or that they shouldmn't go through the same hub (shorewall did).

 

Shorewall also say if you use the Mandrake Wizard the quickstart won't make sense.... It didn't.

 

So I'm going to reconfigure shorewall the shorewall way .....

Link to comment
Share on other sites

1) Using MCC wizard do I need two NIC's .

My DSL is Ethernet, i have as many hubs and switches as I can use ...

 

Can I connect the DSL router directly to a hub and still route through a single NIC for a gateway i.e. Can i route from eth0 => ppp0 and perform the NAT there??

 

or do I need two NICs definitively. It really doesn't seem that obvious from MCC but shorewall say it must be a different hub/switch never mind the same card.

 

I can see theoretically you can have two IP's for the same NIC and just route between them (vmware uses virtual ones for instance)

 

2) Do I have to use DHCP ????

 

I'm presuming I set the IP of the router PC as the default gw for the others. It needs to go through the ppp0 as far as I can see otherwise it won't get authentification from ppp.secrets???

 

So Im presuming the router PC has to have an open Internet connection ?

The other PC's route through that connection ??

 

Someone answer please !!!

Link to comment
Share on other sites

You give me more credit than I'm worth :)... I've never set up a network, bet I try to help you as good as I can. It can be you know all of this stuff, so sorry for wasting your time then...(good chance I'll waste your time and confuse you in teh meanwhile...:))

 

Suppose you have a zone for your local lan. Then you coudl route all your traffic coming from the local and send it on. And route all teh outgoing traffic(internet stuff anyway) towards your gateway that accepts all stuff from the lan. I think this is what you want, if I'm not using the wrongw ords, making myself ridiculous :) ansd maybe some typo's too:).

 

Anyway. One way( but mayeb not the best way) I could think of is to specify this in the rules-file in /etc/shorewall.

 

you have the NAT-command for forwarding.....

 

This may help and is probably what you're lookign for:

 

http://www.shorewall.net/two-interface.htm

 

Hopefully it helps a little bit...:D

Link to comment
Share on other sites

Yeah, I looked at that.

The first thing was the polite warning to MDK users ...

 

If you are running Shorewall under Mandrake 9.0 or later, you can easily configure the above setup using the Mandrake "Internet Connection Sharing" applet. From the Mandrake Control Center, select "Network & Internet" then "Connection Sharing".

 

 

Note however, that the Shorewall configuration produced by Mandrake Internet Connection Sharing is strange and is apt to confuse you if you use the rest of this documentation (it has two local zones; "loc" and "masq" where "loc" is empty; this conflicts with this documentation which assumes a single local zone "loc"). We therefore recommend that once you have set up this sharing that you uninstall the Mandrake Shorewall RPM and install the one from the download page then follow the instructions in this Guide.

 

According to Shorewall I need TWO interfaces, MDK don't specify very decisively. I know it should be possible (perhaps not advisable) with a single NIC and Im trying to work out exactly what the Mandrake wizard did.

 

 

ugghh

Link to comment
Share on other sites

Hi Gowator and Michel

 

Ok .. to start what I have to say : You NEED 2 nics for it to work correctly. One nic connected to your DSL modem (eth0 for instance) and the other one to the hub (eth1). Now start your net connection (ppp0e) and run the ICS wizard. The computers connected to the hub should be able to access the net no problem by now if you configured them to get an IP from a DHCP server (the Mandrake box that has 2 nics - the server). By now, NAT is enabled on the server as well as a DHCP server (to give IPs to the clients on the hub) and a firewall (ie Shorewall). Now, the only thing you have to tweak is Shorewall. Forget about the MCC for that since this GUI was probably made for a 1 interface computer (simple desktop .. not a server). You have to play with the files in /etc/shorewall/. The important files are policy and rules. Read the top of each files since lots of examples are there for you to understand what you can do with them. If you want to play with them, forget about the 'loc' zone. By using the ICS wizard in the MCC, you have the three following zones: 'net' = the big internet, 'masq' = the computers behind the hub and 'fw' = the server (the machine on which Shorewall is running). .. oh yeah, by default all connections from the 'masq' zone to the 'fw' zone are blocked. If you want to kill the firewall between them (between the computers behind the hub and the firewall), put that line in /etc/shorwall/policy before 'all all DROP' and restart shorewall (type 'service shorewall restart' as root in a console)

masq fw ACCEPT

 

Good luck

 

MOttS

Link to comment
Share on other sites

We really do need a we are not worthy emoticon :D

 

Thanks, Its good to have it spelt out.

Its kinda phasing to see the MDK CC so vague and then when you check out the vendor site tell you differently and that the MCC defined one is 'confusing' if you follow the quick start.

 

Now I definitively know I need 2 NIC's that will help. Its no problem I have at least 20 lying about.

 

I guess I can disable the DHCP server later if I temporarily deactivate the present one running on a different machine. It was (the other PC) my squid/NFS/DHCP server in addition to doing my DVD/MP3/DivX --- c'est la vie --- I can redo it later....

 

Just out of interest: I'll do it with 2 NIC's but VMWARE uses virtual NIC's and runs NAT over them. I can't see in theory why this shouldn't work if you assign a virtual IP to the aliased NIC... Surely the packet forwarding will just follow the routing ???

Link to comment
Share on other sites

I guess you have to choose a BRIDGED network and link it to the Ethernet card on which ICS is enabled (if the modem is connected to eth0 then ICS is enabled on eth1). This way your VMWare client will receives an IP from the DHCP server and act just like another client behind the hub. Look there:

 

http://www.vmware.com/support/ws4/doc/netw...ws.html#1061788

 

MOttS

Link to comment
Share on other sites

Its always easier to work out how it works once its actually working :-)

:mystilol:

Alors j'espère que ça va fonctionner pour que tu comprennent comment tout fonctionne...

 

MOttS

Link to comment
Share on other sites

Many thanks all who helped out, esp. Motts.

 

As usual i spent a long time frustrated and learned loads.

 

I guess my configuration is half standalone and half two-interface as defined by shorewall. That is I actually want tobe able to use my firewall/routing PC as a normal PC.

 

So, now it works minimally (and with static IP) I can start to learn.

 

Motts: alors ca marche! merci mille fois pour ton aide. comme d'habitude, maintenant que ca fonctionne, tout parait simple...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...