pc/linux tcp/ip problems..

ME dugan at libwais.sonoma.edu
Sun Jan 23 20:45:00 PST 2000


On Sun, 23 Jan 2000, David Johnson wrote:
> Subject: pc/linux tcp/ip problems..
> 
> Hello all,
>     My goal here is to configure a box to use dsl and ip masquerading to
> serve as the firewall/proxy to 2 PCs on a small lan.
> that said, here is where i stand,
> -I did a full install of redhat 6.1 w/gnome
> -I then Installed 2 NICs, redhat had no problem with the detection.
> -I configured one as my static dsl connection and configured all dns and
> gateway info with no prob/... its online
> -next I configured the second NIC as a internal private network with
> 192.168.0.1 and a mask of 255.255.255.0 and connected it to the hub.
> -on the same internal lan connected to the hub are two IBM compatible
> machines running WIN98SE,
> -both machines were set-up with sequential ips...i.e. 192.168.0.2 and
> 192.168.0.3 with the gateway as 192.168.0.1(the linux box) and dns as my
> ISP's primary and secondary default..
> - I am able to ping the PC's from each other but neither one can ping
> the linux box, as well as the linux box cannot ping the pcs..

Here is the first suggestion:
Log into the Linux box as root.

type "ifconfig eth0" and look at the information. Does the information
describe the IP address that that Ethernet card should have? (IP Address
netmask, broadcast address, etc for ITS network.)

type "ifconfig eth1" and look at the information. Does the information
describe the IP address that that Ethernet card should have? (IP Address,
netmask, broadcast address, etc for ITS network.)

If both of these are "yes, then continue. If NO, then send another e-mail
with your findings or resolve the inconsistancies on your own.


When you log into the linux box, can you ping the IP addresses that match
either of the two Windows boxes? (192.168.0.2, or 192.168.0.3)

If Yes, then jump down below to "SMB/NMB:"

If No, then read here:

As root, login to you Linux box and type "route"
(or "route -N" if you are not connected to your ISP at the time)

Examine your routing list.

You should have something which may look like this (if we assume that eth0
is your primary Ethernet interface to your ISP over DSL, and eth1 is the
Ethernet link to your LAN.)

YourMachineName:~# route -N
Kernel IP routing table
Destination     Gateway      Genmask         Flags Metric Ref    Use Iface
ISP.ASSIGN.IP.A 0.0.0.0      255.255.255.255 UH    0      0        0 eth0
192.168.0.1     0.0.0.0      255.255.255.255 UH    0      0        4 eth1
192.168.0.0     0.0.0.0      255.255.255.0   U     0      0        4 eth1
127.0.0.0       0.0.0.0      255.0.0.0       U     0      0       16 lo
0.0.0.0         ISP.ASN.GW.A 0.0.0.0         UG    1      0     7470 eth0

Where "ISP.ASSIGN.IP.A" would be the IP address given to you by your ISP
and "ISP.ASN.GW.A" would be the default gateway they gave you. (I am
assuming you only have 1 IP address from your ISP)

If you do not have a local route letting your linux box know that it is
to deal with the "192.168.0.X" network through eth1, then it may try to
reach the "192.168.0.X" by using the default route (see the first left
hand column that has the last entry with "0.0.0.0") and send it out eth0
to your ISP, which will promptly drop the packets since they are part of
the reserved class of IP addresses.

If you have a routing table that tells your kernel how to contact the IP
addresses that are part of the "192.168.0.x" network, and they still do
not respond to pings from your Linux box shell, then we can try adding
static routes to see if that helps, even though it is not likely to help at
all.

For static routes, at the linux box as root try:

route add -host 192.168.0.2 dev eth1
route add -host 192.168.0.3 dev eth1

Then try to ping these IP addresses again. Does it work? 

No? Send another e-mail to the list including a dum of the "route -N" and
"ifconfig eth0" and "ifconfig eth1"

If so, try to ping your linux box from the DOS machines, and if that does
not work, then proceed to "SMB/NMB:"


SMB/NMB:
Here is another guess:
Windows machines are able to exchange some networking formation about
each other using SMB/NMB. 

Also, they often attempt to use Name Resolution using the local hosts
file, then look at the names discovered via the local cached Domain
Controller or Master Domain Browser. 

If none of the above work, then they try a WINS,

If WINS fails, then they resort to DNS.

(My memory is a bit fuzzy on the order, and procedure listed above, so
someone else can feel free to correct me.)

I have had times where even entering just an IP address to ping from a
Windows 95/98 machine, I get no responses appearing when the DNS is not
available. (I have not examined this in detail, but would guess that it
even asks a DNS what IP address the IP address given to them is.)

See if you can locate a "hosts.*" or "lmhosts.*" file in your
c:\Windows or c:\windows\system folders. (I do not recall the extensions.)

In this file, create a temporary entry like "gateway1" to map to the ip
address of your linux gateway.

Reboot the machine, and look through the network neighborhood and make
sure you can see the other windows box.

When you can see the other windows box in the network neighborhood, then
try going to a DOS-box and:
ping gateway1

See if this offers responses.

If after all of the above you are still in no-where-vile, send us
another e-mail with more routing and interface data.

After you are able to have all three machines ping each other, then the
next step would be to set up the IP Masquerading. :-)

(once your can have all 3 machines ping each other, you wouldn't be able to
ping "outside" Internet machines until IP Masquerading is set up. Your
e-mail is well documented in what you have tried, so I strong suspect you
know this, but state it "just in case" you do not.)

> -Is there something I am completely overlooking?

> I'm very familiar with networking on pcs and trying to learn the linux
> platform so any suggestions would be of great help.
> p.s. I am currently reading the how-to's but it is a slow process. ;)
> Thank You for any help
> David Johnson

Your e-mail is well documented, and you have provided an excellent list of
things attempted. The verbose nature of this e-mail is not entirely meant
for your use, but for other on the list that may not be as skilled as you
in networking.

Good question!

-ME

P.S. Confirmation of the actual solution is useful for future problems
encountered by others and allows me to sleep better at night.





More information about the talk mailing list