Re: Linux 2.0.35 as a router (and even as a bridge)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Henrik Olsen: "Re: Linux 2.0.35 as a router (and even as a bridge) OOPS:("
• Previous message: Alan Cox: "Re: Large TCP initial windows"
• In reply to: Jeff Schmidt: "Large TCP initial windows"
• Next in thread: Henrik Olsen: "Re: Linux 2.0.35 as a router (and even as a bridge) OOPS:("

RedHat disables ip forwarding by default.
Change the FORWARD_IPV4=false line in /etc/sysconfig/network to true and
reboot.

HTH Henrik

On Fri, 30 Oct 1998, root wrote:

> Hi,
> I've got a serious problem with linux 2.0.35 (redhat 5.1 fully updated)
> trying to get it work as a router. This picture describes my net config:
>
>
>
>
> internet router educ.disi.unige.it rubino.educ.... (router) private net
> 130.251.152.254 ---------- 130.251.152.0 ------------- ...234 192.168.1.234 --- 192.168.1.235
> netmask 255.255.255.0 eth0 eth1 eth0
> mithrandir.gondor.net sauron.gondor.net
>
> The two hosts ping each other on 192.168.1.0 network and I can ping rubino 130.251.152.234 from
> sauron.
>
> But I can't get to any host on educ network from sauron (no ping, no traceroute)
>
> I've tried with stock redhat kernel and then with a custom kernel with bridging
> enabled. I've followed the guidelines in Firewall+Bridge HOWTO.
> Nothing to do.
>
> I hope I've stated my problem clearly. If not, forgive me because I'm in a hurry
> and I must leave department right now
>
> Am I missing something? Can you help me to get rubino to work properly as a router?
> I'm in desperate need of your help.
> Thank you very much.
>
> Following is the relevant config and tcpdump output
>
>
> Francesco Faenzi (1993s000@educ.disi.unige.it and root@rubino.educ.disi.unige.it)
>
>
>
> ================================================================================================
>
>
>
> dmesg
>
> Ethernet Bridge 002 for NET3.035 (Linux 2.0)
>
> 3c59x.c:v0.99E 5/12/98 Donald Becker http://cesdis.gsfc.nasa.gov/linux/drivers/vortex.html
> eth0: 3Com 3c905 Boomerang 100baseTx at 0x6100, 00:60:97:b1:ca:db, IRQ 10
> 8K word-wide RAM 3:5 Rx:Tx split, NWay Autonegotiation interface.
> MII transceiver found at address 24, status 7869.
> Enabling bus-master transmits and whole-frame receives.
> ne.c: PCI BIOS reports NE 2000 clone at i/o 0x6000, irq 11.
> ne.c:v1.10 9/23/94 Donald Becker (becker@cesdis.gsfc.nasa.gov)
> NE*000 ethercard probe at 0x6000: 00 20 18 2c 11 a9
> eth1: NE2000 found at 0x6000, using IRQ 11.
>
> -------------------------------------------------------------------------------------------
>
> cp /etc/nologin.system_time /etc/nologin
>
> stop_services
>
> Name Server Stopped
> holelogd.named stopped
> Shutting down httpd: httpd
> Shutting down NFS services: rpc.mountd rpc.nfsd
> Shutting down sendmail: sendmail
> Shuting down NIS services: ypbind
> Shutting down SMB services: smbd nmbd
> Shutting down lpd: lpd
> Unmounting remote filesystems.
>
> -------------------------------------------------------------------------------------------
>
> cat /etc/sysconfig/network
> NETWORKING=yes
> FORWARD_IPV4=true
> HOSTNAME="rubino.educ.disi.unige.it"
> DOMAINNAME=educ.disi.unige.it
> GATEWAY=130.251.152.254
> GATEWAYDEV=eth0
> # >>> ADDED
> NISDOMAIN=educ.disi.unige.it
> # <<<
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth0
> DEVICE="eth0"
> IPADDR="130.251.152.234"
> NETMASK="255.255.255.0"
> NETWORK=130.251.152.0
> BROADCAST=130.251.152.255
> ONBOOT="yes"
> BOOTPROTO="none"
> IPXNETNUM_802_2=""
> IPXPRIMARY_802_2="no"
> IPXACTIVE_802_2="no"
> IPXNETNUM_802_3=""
> IPXPRIMARY_802_3="no"
> IPXACTIVE_802_3="no"
> IPXNETNUM_ETHERII=""
> IPXPRIMARY_ETHERII="no"
> IPXACTIVE_ETHERII="no"
> IPXNETNUM_SNAP=""
> IPXPRIMARY_SNAP="no"
> IPXACTIVE_SNAP="no"
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth1
> DEVICE="eth1"
> IPADDR="192.168.1.234"
> NETMASK="255.255.255.0"
> ONBOOT="yes"
> BOOTPROTO="none"
> IPXNETNUM_802_2=""
> IPXPRIMARY_802_2="no"
> IPXACTIVE_802_2="no"
> IPXNETNUM_802_3=""
> IPXPRIMARY_802_3="no"
> IPXACTIVE_802_3="no"
> IPXNETNUM_ETHERII=""
> IPXPRIMARY_ETHERII="no"
> IPXACTIVE_ETHERII="no"
> IPXNETNUM_SNAP=""
> IPXPRIMARY_SNAP="no"
> IPXACTIVE_SNAP="no"
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth1 (2nd try - doesn't work)
> DEVICE="eth1"
> IPADDR="192.168.1.234"
> NETMASK="255.255.255.0"
> NETWORK="192.168.1.0"
> BROADCAST="192.168.1.255"
> GATEWAY="130.251.152.234"
> ONBOOT="yes"
> BOOTPROTO="none"
> IPXNETNUM_802_2=""
> IPXPRIMARY_802_2="no"
> IPXACTIVE_802_2="no"
> IPXNETNUM_802_3=""
> IPXPRIMARY_802_3="no"
> IPXACTIVE_802_3="no"
> IPXNETNUM_ETHERII=""
> IPXPRIMARY_ETHERII="no"
> IPXACTIVE_ETHERII="no"
> IPXNETNUM_SNAP=""
> IPXPRIMARY_SNAP="no"
> IPXACTIVE_SNAP="no"
>
> (I get the following:
> ne.c: PCI BIOS reports NE 2000 clone at i/o 0x6000, irq 11.
> ne.c:v1.10 9/23/94 Donald Becker (becker@cesdis.gsfc.nasa.gov)
> NE*000 ethercard probe at 0x6000: 00 20 18 2c 11 a9
> eth1: NE2000 found at 0x6000, using IRQ 11.
> SIOCADDRT: Invalid argument
> )
>
>
> -------------------------------------------------------------------------------------------
>
> ifconfig
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
> UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
> RX packets:152 errors:0 dropped:0 overruns:0
> TX packets:152 errors:0 dropped:0 overruns:0
>
> eth0 Link encap:Ethernet HWaddr 00:60:97:B1:CA:DB
> inet addr:130.251.152.234 Bcast:130.251.152.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:650 errors:0 dropped:0 overruns:0
> TX packets:727 errors:0 dropped:0 overruns:0
> Interrupt:10 Base address:0x6100
>
> eth1 Link encap:Ethernet HWaddr 00:20:18:2C:11:A9
> inet addr:192.168.1.234 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:11 errors:0 dropped:0 overruns:0
> TX packets:66 errors:0 dropped:0 overruns:0
> Interrupt:11 Base address:0x6000
>
>
> -------------------------------------------------------------------------------------------
>
> route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 130.251.152.0 0.0.0.0 255.255.255.0 U 0 0 5 eth0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 2 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 1 lo
> 0.0.0.0 130.251.152.254 0.0.0.0 UG 0 0 1 eth0
>
> -------------------------------------------------------------------------------------------
>
> (as suggested in Bridge+Firewall HOWTO)
>
> ifconfig eth0 promisc
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
>
> ifconfig eth1 promisc
>
> ifconfig eth0 arp
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
>
> ifconfig eth1 arp
>
> brcfg -enable
> bridging is ENABLED debugging is DISABLED
> bridge id 0x0001 00:60:97:b1:ca:db
> designated root 0x0001 00:60:97:b1:ca:db
> bridge max age 20 max age 20
> bridge hello time 2 hello time 2
> bridge forward delay 15 forward delay 15
> root path cost 0 root port 0
> flags NONE
> --- port stats ---
> port 1 port id 0x0001 port state FORWARDING (0x3)
> designated root 0x0001 00:60:97:b1:ca:db
> designated bridge 0x0001 00:60:97:b1:ca:db
> path cost 100 designated cost 0
> designated port 1 flags NONE
> port 2 port id 0x0002 port state FORWARDING (0x3)
> designated root 0x0001 00:60:97:b1:ca:db
> designated bridge 0x0001 00:60:97:b1:ca:db
> path cost 100 designated cost 0
> designated port 128 flags NONE
>
> -------------------------------------------------------------------------------------------
>
> cat /proc/sys/net/ipv4/ip_forward
> 1
>
> -------------------------------------------------------------------------------------------
>
> FROM 192.168.1.235
> ------------------
>
> ping 192.168.1.234
> OK
>
> ping 130.251.152.234
> OK
>
> ping 130.251.152.1
> NO
>
> THE BRIDGE
> ----------
>
> WHILE PINGING FROM INTERNAL HOST 192.168.1.235
>
> tcpdump -i eth1
> tcpdump: listening on eth1
> 09:29:47.053696 sauron.gondor.net > selene: icmp: echo request
>
> tcpdump -i eth0
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
> tcpdump: listening on eth0
> 09:30:40.043696 sauron.gondor.net > selene: icmp: echo request
>
> tcpdump -i eth0 -e host 192.168.1.235
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
> tcpdump: listening on eth0
> 09:31:28.033696 0:60:97:b1:ca:db 8:0:20:77:bb:66 ip 98: sauron.gondor.net > selene: icmp: echo request
>
> tcpdump -i eth0 src host sauron
>
> WHILE TRACEROUTEING FROM BRIDGE : traceroute -s 192.168.1.234 130.251.152.1
>
> tcpdump -i eth0 src host 192.168.1.234
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
> tcpdump: listening on eth0
> 09:32:50.353696 mithrandir.gondor.net.33613 > selene.33435: udp 12 [ttl 1]
> 09:33:10.393696 mithrandir.gondor.net.33613 > selene.33439: udp 12
>
> tcpdump -i eth0 -e host 192.168.1.234
> eth0: Setting promiscuous mode.
> eth0: Setting promiscuous mode.
> tcpdump: listening on eth0
> 09:33:45.593696 0:60:97:b1:ca:db 8:0:20:77:bb:66 ip 54: mithrandir.gondor.net.33614 > selene.33436: udp 12 [ttl 1]
>
> (eth0: hw address 00:60:97:B1:CA:DB)
>
> (eth1:hw address 00:20:18:2C:11:A9)
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@vger.rutgers.edu
>

-- 
Henrik Olsen,   CNA, working on CNE.
URL=http://www.iaeste.dk/~henrik/
Get the rest there.

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: Henrik Olsen: "Re: Linux 2.0.35 as a router (and even as a bridge) OOPS:("
• Previous message: Alan Cox: "Re: Large TCP initial windows"
• In reply to: Jeff Schmidt: "Large TCP initial windows"
• Next in thread: Henrik Olsen: "Re: Linux 2.0.35 as a router (and even as a bridge) OOPS:("