FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Kubuntu User

 
 
LinkBack Thread Tools
 
Old 05-09-2012, 01:52 PM
Timothy Murphy
 
Default Network problems

I've been trying to move from one home network server to another
(because of hard disk problems with the first).

I've found from this that I don't really understand how networking works,
and I'm writing now to ask for some help with this.

Basically, I have this setup:
ADSL modem/router <-> server <-> Linksys WiFi router.
I'm running dhcp and shorewall on the server.
The ADSL modem has address 192.168.1.254 .
The computers, printers, etc on the LAN have addresses 192.168.2.* ,
eg the laptop I'm using has address 192.168.2.7 ,
and has default gateway 192.168.2.2 , which is the server.
The default gateway on the server is 192.168.1.254 .
(I am running CentOS on the servers, and Fedora-16 on everything else.)

Now this is my question:
Suppose I want to access the internet, say www.google.com .
Presumably my packets go first to the Linksys router,
then to server, and then on to the ADSL modem/router.

I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server, with
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 192.168.2.255
vpn tun0 192.168.6.255
in /etc/shorewall/interfaces .

Am I right in thinking that the masq entry causes packets
arriving at the server along the eth1 (192.168.2.*) LAN
to be re-directed along the eth0 (192.168.1.*) interface,
and thence to the ADSL modem?

What has been happening in practice is that when I change server
(with the new server at 192.168.2.5), alter all the relevant addresses
restart shorewall and dhcpd on the new server,
and check "route -n" on all the computers involved
I'm not able to access the internet from my laptop.
In fact I cannot access anything on the eth0 (192.168.1.*) network.

At this point I have a cup of tea, then re-start everything,
re-boot my laptop, etc, and after some time it all starts working.

What I'd really like is to trace packets as they go through the system,
and see how they change.
Or alternatively, read some document which will explain to me
exactly how all the parts of the system fit together.

I really would be most grateful for any advice or suggestions on this.

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-09-2012, 02:05 PM
Reindl Harald
 
Default Network problems

Am 09.05.2012 15:52, schrieb Timothy Murphy:
> I've been trying to move from one home network server to another
> (because of hard disk problems with the first).
>
> I've found from this that I don't really understand how networking works,
> and I'm writing now to ask for some help with this.
>
> Basically, I have this setup:
> ADSL modem/router <-> server <-> Linksys WiFi router.
> I'm running dhcp and shorewall on the server.
> The ADSL modem has address 192.168.1.254 .
> The computers, printers, etc on the LAN have addresses 192.168.2.* ,
> eg the laptop I'm using has address 192.168.2.7 ,
> and has default gateway 192.168.2.2 , which is the server.
> The default gateway on the server is 192.168.1.254 .
> (I am running CentOS on the servers, and Fedora-16 on everything else.)

google for POSTROUTING / MASQUERADE (iptables)

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-09-2012, 02:16 PM
fedora
 
Default Network problems

try with
traceroute destination.host
traceroute6 destination.host

suomi

On 05/09/2012 03:52 PM, Timothy Murphy wrote:

I've been trying to move from one home network server to another
(because of hard disk problems with the first).

I've found from this that I don't really understand how networking works,
and I'm writing now to ask for some help with this.

Basically, I have this setup:
ADSL modem/router<-> server<-> Linksys WiFi router.
I'm running dhcp and shorewall on the server.
The ADSL modem has address 192.168.1.254 .
The computers, printers, etc on the LAN have addresses 192.168.2.* ,
eg the laptop I'm using has address 192.168.2.7 ,
and has default gateway 192.168.2.2 , which is the server.
The default gateway on the server is 192.168.1.254 .
(I am running CentOS on the servers, and Fedora-16 on everything else.)

Now this is my question:
Suppose I want to access the internet, say www.google.com .
Presumably my packets go first to the Linksys router,
then to server, and then on to the ADSL modem/router.

I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server, with
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 192.168.2.255
vpn tun0 192.168.6.255
in /etc/shorewall/interfaces .

Am I right in thinking that the masq entry causes packets
arriving at the server along the eth1 (192.168.2.*) LAN
to be re-directed along the eth0 (192.168.1.*) interface,
and thence to the ADSL modem?

What has been happening in practice is that when I change server
(with the new server at 192.168.2.5), alter all the relevant addresses
restart shorewall and dhcpd on the new server,
and check "route -n" on all the computers involved
I'm not able to access the internet from my laptop.
In fact I cannot access anything on the eth0 (192.168.1.*) network.

At this point I have a cup of tea, then re-start everything,
re-boot my laptop, etc, and after some time it all starts working.

What I'd really like is to trace packets as they go through the system,
and see how they change.
Or alternatively, read some document which will explain to me
exactly how all the parts of the system fit together.

I really would be most grateful for any advice or suggestions on this.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-11-2012, 11:44 AM
Timothy Murphy
 
Default Network problems

Reindl Harald wrote:

>> I've found from this that I don't really understand how networking works,
>> and I'm writing now to ask for some help with this.

> google for POSTROUTING / MASQUERADE (iptables)

Thanks for your response;
but I think I do understand what IP masquerading is.

Just to repeat the gist of my question (slightly re-worded):
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?

I couldn't find a clear account of the effect of the line
anywhere in the shorewall documentation.

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-11-2012, 11:48 AM
Olav Vitters
 
Default Network problems

On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
> I couldn't find a clear account of the effect of the line
> anywhere in the shorewall documentation.

Add it, apply the changes and run the following as root:
iptables -t nat -L -n

That'll tell you what it does.

--
Regards,
Olav
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-11-2012, 03:25 PM
Timothy Murphy
 
Default Network problems

Olav Vitters wrote:

> On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
>> I couldn't find a clear account of the effect of the line
>> anywhere in the shorewall documentation.
>
> Add it, apply the changes and run the following as root:
> iptables -t nat -L -n
>
> That'll tell you what it does.

I did do that:
----------------------------------
[tim@grover two-interfaces]$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
dnat all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth0_masq all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain dnat (1 references)
target prot opt source destination
net_dnat all -- 0.0.0.0/0 0.0.0.0/0

Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0
----------------------------------

I don't find this very clear.
I take it that it supports what I said, namely
==================================
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
==================================

If I was right, wouldn't it have been simpler just to say,
"Yes, you are right"?

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-12-2012, 01:30 PM
"Oluwagbenga Shobowale"
 
Default Network problems

I think what you have is dhcp on your router but the interface ip on the router does not change when you change the ip... So when you try to reach it after the change you can't.
I would suggest you do
Netstat -nr
Which should show the ip and default gateway ...
Try this then change the server again ..
Traceroute would also show you what the next hop is ...

Oluwagbenga Shobowale

-----Original Message-----
From: Timothy Murphy <gayleard@eircom.net>
Sender: users-bounces@lists.fedoraproject.org
Date: Fri, 11 May 2012 16:25:12
To: <users@lists.fedoraproject.org>
Reply-To: gayleard@eircom.net,
Community support for Fedora users <users@lists.fedoraproject.org>
Subject: Re: Network problems

Olav Vitters wrote:

> On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
>> I couldn't find a clear account of the effect of the line
>> anywhere in the shorewall documentation.
>
> Add it, apply the changes and run the following as root:
> iptables -t nat -L -n
>
> That'll tell you what it does.

I did do that:
----------------------------------
[tim@grover two-interfaces]$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
dnat all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth0_masq all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain dnat (1 references)
target prot opt source destination
net_dnat all -- 0.0.0.0/0 0.0.0.0/0

Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0
----------------------------------

I don't find this very clear.
I take it that it supports what I said, namely
==================================
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
==================================

If I was right, wouldn't it have been simpler just to say,
"Yes, you are right"?

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 11:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org