I've been trying to move from one home network server to another
(because of hard disk problems with the first).
I've found from this that I don't really understand how networking works,
and I'm writing now to ask for some help with this.
Basically, I have this setup:
ADSL modem/router <-> server <-> Linksys WiFi router.
I'm running dhcp and shorewall on the server.
The ADSL modem has address 192.168.1.254 .
The computers, printers, etc on the LAN have addresses 192.168.2.* ,
eg the laptop I'm using has address 192.168.2.7 ,
and has default gateway 192.168.2.2 , which is the server.
The default gateway on the server is 192.168.1.254 .
(I am running CentOS on the servers, and Fedora-16 on everything else.)
Now this is my question:
Suppose I want to access the internet, say www.google.com .
Presumably my packets go first to the Linksys router,
then to server, and then on to the ADSL modem/router.
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server, with
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 192.168.2.255
vpn tun0 192.168.6.255
in /etc/shorewall/interfaces .
Am I right in thinking that the masq entry causes packets
arriving at the server along the eth1 (192.168.2.*) LAN
to be re-directed along the eth0 (192.168.1.*) interface,
and thence to the ADSL modem?
What has been happening in practice is that when I change server
(with the new server at 192.168.2.5), alter all the relevant addresses
restart shorewall and dhcpd on the new server,
and check "route -n" on all the computers involved
I'm not able to access the internet from my laptop.
In fact I cannot access anything on the eth0 (192.168.1.*) network.
At this point I have a cup of tea, then re-start everything,
re-boot my laptop, etc, and after some time it all starts working.
What I'd really like is to trace packets as they go through the system,
and see how they change.
Or alternatively, read some document which will explain to me
exactly how all the parts of the system fit together.
I really would be most grateful for any advice or suggestions on this.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-09-2012, 02:05 PM
Reindl Harald
Network problems
Am 09.05.2012 15:52, schrieb Timothy Murphy:
> I've been trying to move from one home network server to another
> (because of hard disk problems with the first).
>
> I've found from this that I don't really understand how networking works,
> and I'm writing now to ask for some help with this.
>
> Basically, I have this setup:
> ADSL modem/router <-> server <-> Linksys WiFi router.
> I'm running dhcp and shorewall on the server.
> The ADSL modem has address 192.168.1.254 .
> The computers, printers, etc on the LAN have addresses 192.168.2.* ,
> eg the laptop I'm using has address 192.168.2.7 ,
> and has default gateway 192.168.2.2 , which is the server.
> The default gateway on the server is 192.168.1.254 .
> (I am running CentOS on the servers, and Fedora-16 on everything else.)
google for POSTROUTING / MASQUERADE (iptables)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-09-2012, 02:16 PM
fedora
Network problems
try with
traceroute destination.host
traceroute6 destination.host
suomi
On 05/09/2012 03:52 PM, Timothy Murphy wrote:
I've been trying to move from one home network server to another
(because of hard disk problems with the first).
I've found from this that I don't really understand how networking works,
and I'm writing now to ask for some help with this.
Basically, I have this setup:
ADSL modem/router<-> server<-> Linksys WiFi router.
I'm running dhcp and shorewall on the server.
The ADSL modem has address 192.168.1.254 .
The computers, printers, etc on the LAN have addresses 192.168.2.* ,
eg the laptop I'm using has address 192.168.2.7 ,
and has default gateway 192.168.2.2 , which is the server.
The default gateway on the server is 192.168.1.254 .
(I am running CentOS on the servers, and Fedora-16 on everything else.)
Now this is my question:
Suppose I want to access the internet, say www.google.com .
Presumably my packets go first to the Linksys router,
then to server, and then on to the ADSL modem/router.
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server, with
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 192.168.2.255
vpn tun0 192.168.6.255
in /etc/shorewall/interfaces .
Am I right in thinking that the masq entry causes packets
arriving at the server along the eth1 (192.168.2.*) LAN
to be re-directed along the eth0 (192.168.1.*) interface,
and thence to the ADSL modem?
What has been happening in practice is that when I change server
(with the new server at 192.168.2.5), alter all the relevant addresses
restart shorewall and dhcpd on the new server,
and check "route -n" on all the computers involved
I'm not able to access the internet from my laptop.
In fact I cannot access anything on the eth0 (192.168.1.*) network.
At this point I have a cup of tea, then re-start everything,
re-boot my laptop, etc, and after some time it all starts working.
What I'd really like is to trace packets as they go through the system,
and see how they change.
Or alternatively, read some document which will explain to me
exactly how all the parts of the system fit together.
I really would be most grateful for any advice or suggestions on this.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-11-2012, 11:44 AM
Timothy Murphy
Network problems
Reindl Harald wrote:
>> I've found from this that I don't really understand how networking works,
>> and I'm writing now to ask for some help with this.
> google for POSTROUTING / MASQUERADE (iptables)
Thanks for your response;
but I think I do understand what IP masquerading is.
Just to repeat the gist of my question (slightly re-worded):
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
I couldn't find a clear account of the effect of the line
anywhere in the shorewall documentation.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-11-2012, 11:48 AM
Olav Vitters
Network problems
On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
> I couldn't find a clear account of the effect of the line
> anywhere in the shorewall documentation.
Add it, apply the changes and run the following as root:
iptables -t nat -L -n
That'll tell you what it does.
--
Regards,
Olav
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-11-2012, 03:25 PM
Timothy Murphy
Network problems
Olav Vitters wrote:
> On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
>> I couldn't find a clear account of the effect of the line
>> anywhere in the shorewall documentation.
>
> Add it, apply the changes and run the following as root:
> iptables -t nat -L -n
>
> That'll tell you what it does.
I did do that:
----------------------------------
[tim@grover two-interfaces]$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
dnat all -- 0.0.0.0/0 0.0.0.0/0
I don't find this very clear.
I take it that it supports what I said, namely
==================================
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
==================================
If I was right, wouldn't it have been simpler just to say,
"Yes, you are right"?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-12-2012, 01:30 PM
"Oluwagbenga Shobowale"
Network problems
I think what you have is dhcp on your router but the interface ip on the router does not change when you change the ip... So when you try to reach it after the change you can't.
I would suggest you do
Netstat -nr
Which should show the ip and default gateway ...
Try this then change the server again ..
Traceroute would also show you what the next hop is ...
Oluwagbenga Shobowale
-----Original Message-----
From: Timothy Murphy <gayleard@eircom.net>
Sender: users-bounces@lists.fedoraproject.org
Date: Fri, 11 May 2012 16:25:12
To: <users@lists.fedoraproject.org>
Reply-To: gayleard@eircom.net,
Community support for Fedora users <users@lists.fedoraproject.org>
Subject: Re: Network problems
Olav Vitters wrote:
> On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
>> I couldn't find a clear account of the effect of the line
>> anywhere in the shorewall documentation.
>
> Add it, apply the changes and run the following as root:
> iptables -t nat -L -n
>
> That'll tell you what it does.
I did do that:
----------------------------------
[tim@grover two-interfaces]$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
dnat all -- 0.0.0.0/0 0.0.0.0/0
I don't find this very clear.
I take it that it supports what I said, namely
==================================
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
==================================
If I was right, wouldn't it have been simpler just to say,
"Yes, you are right"?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Network problems
