[gentoo-user] Question about /etc/conf.d/net entry

[gentoo-user] Question about /etc/conf.d/net entry

[Shawn Singh]

[-- Attachment #1: Type: text/plain, Size: 2385 bytes --]

Hello list,

I've got my /etc/conf.d/net setup as follows:

# Interface Handler
modules=( "ifconfig" )

# eth0 (WAN) config
config_eth0=( "dhcp" )

# eth1 (LAN) config
config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )
routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the idea here is that I wish
to have all traffic intended for hosts on 192.168.1.0 pass through
192.168.1.1.

Here's the output from ifconfig eth1:

eth1      Link encap:Ethernet  HWaddr 00:10:B5:0E:D6:E9
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:10 Base address:0x6c00

This is my routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
c-71-203-144-0. *               255.255.252.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         c-71-203-144-1. 0.0.0.0         UG    0      0        0 eth0

One odd thing is, if I run mii-tool eth1, I get:
eth1: no link

eth1 is connected to my client machine via crossover cable (the wire scheme
A end is plugged into eth1, and the wire scheme b end is plugged into the
client machine)

I'm experiencing difficulty where my client can't get to the Internet (the
pages just time out), and I can't ping the gateway (192.168.1.1) from the
client. Also, from the firewall, I can't ping the client machine (
192.168.1.2).

Pings from the firewall to the client result in Destination Unreachable, and
if I remember correctly, pings from the client to the firewall just time
out.

I'm running shorewall (v 3.0.8), so I've tried shutting it down (shorewall
clear) to eliminate that as an option, but still not getting anywhere.

.config has the following entries in it, please let me know if there are
others that you need to see.

CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_NETFILTER=y
CONFIG_IP_NF_NAT=y

Thanks,

Shawn

"Doing linear scans over an associative array is like trying to club someone
to death with a loaded Uzi."
--Larry Wall

[-- Attachment #2: Type: text/html, Size: 4409 bytes --]

Re: [gentoo-user] Question about /etc/conf.d/net entry

[Michal 'vorner' Vaner]

[-- Attachment #1: Type: text/plain, Size: 991 bytes --]

Hello,

On Fri, Feb 02, 2007 at 12:07:59PM -0500, Shawn Singh wrote:
> I've got my /etc/conf.d/net setup as follows:
> 
> # eth1 (LAN) config
> config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )
> routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the idea here is that I wish

Er, shouldn't this work by default? It is the netmask thing, right?

Because what I think you are trying to do is:
Whatever goes to 192.168.1.*, send it to the machine at 192.168.1.1, it
will know. But the problem IMO is, this machine is local, so it again
runs the packet trough the table and sends it to itself…

Did you try removing the routing rule? I guess it should work by itself
and you needed it only if there was a machine somewhere, like 10.0.0.1
that would be reachable trough 192.168.1.15…

But I'm not sure, I hope I do not talk complete jebrish.

-- 
The cost of living is going up, and the chance of living is going down.

Michal 'vorner' Vaner

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Question about /etc/conf.d/net entry

[Shawn Singh]

[-- Attachment #1: Type: text/plain, Size: 5161 bytes --]

Dan,

Thanks for the reply. The client is a laptop running Windows XP Home
EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.

The client is setup as follows:
IP address: 192.168.1.2
Netmask:    255.255.255.0
Gateway:    192.168.1.1
DNS:          192.168.1.1

I've changed my /etc/conf.d/net to:

# Interface Handler
modules=( "ifconfig" )

# eth0 (WAN) config
config_eth0=( "dhcp" )

# eth1 (LAN) config
config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )

Amongst many other things, shorewall dump shows:

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Not available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Not available
   Connmark Match: Available
   Raw Table: Available
   CLASSIFY Target: Available
   FORWARD Mangle Chain: Available

So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll
be home in a bit, and I'll get on the Windows computer and run ipconfig and
route to find out what the IP info and routing table looks like on the
client and post that.

Thanks again for your help.

Shawn

On 2/2/07, Dan Farrell <dan@spore.ath.cx> wrote:
>
> On Fri, 2 Feb 2007 12:07:59 -0500
> "Shawn Singh" <callmeshawn@gmail.com> wrote:
>
> > Hello list,
> >
> > I've got my /etc/conf.d/net setup as follows:
> >
> > # Interface Handler
> > modules=( "ifconfig" )
> >
> > # eth0 (WAN) config
> > config_eth0=( "dhcp" )
> >
> > # eth1 (LAN) config
> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast
> > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the
> > idea here is that I wish to have all traffic intended for hosts on
> > 192.168.1.0 pass through 192.168.1.1.
>
> all on the 'server' right?  The 'server' doesn't need a route to
> 192.168.1.0 through 192.168.1.1.  That's going to be automatic on the
> server's end because of the line
> > 192.168.1.0     *        255.255.255.0   U     0    0  0 eth1
> in route.  A route through eth1 to the subnet eth1 is on will
> automatically be added.  But does the 'client' computer have such a
> default route through 192.168.1.1?  The command to set up such a route
> (again, on the client) would be
>
>   route add default gw 192.168.1.1;
>
> > Here's the output from ifconfig eth1:
> looks fine.
>
> > This is my routing table:
> looks fine, as long as it's from the server and not the client.
>
> > One odd thing is, if I run mii-tool eth1, I get:
> > eth1: no link
> > eth1 is connected to my client machine via crossover cable (the wire
> > scheme A end is plugged into eth1, and the wire scheme b end is
> > plugged into the client machine)
> You clearly know the difference between a patch and a crossover, but i
> don't see why the interfaces arent' registering a conection.
> > I'm experiencing difficulty where my client can't get to the Internet
> > (the pages just time out)
> you need ip forwarding enabled to pull that off.
> > I can't ping the gateway (192.168.1.1)
> > from the client. Also, from the firewall, I can't ping the client
> > machine ( 192.168.1.2).
> This should be working right now, though.  Can you post the ipconfig
> and route output from the 'client' ?
>
> > Pings from the firewall to the client result in Destination
> > Unreachable, and if I remember correctly, pings from the client to
> > the firewall just time out.
> sounds like the client is not actually 'connected'.  Although, clearly
> the physical connection is there.
>
> > I'm running shorewall (v 3.0.8), so I've tried shutting it down
> > (shorewall clear) to eliminate that as an option, but still not
> > getting anywhere.
> oh oh.  shorewall can really confuse things.  Stop shorewall and have
> it save your iptables output, then I would suggest flushing
> > .config has the following entries in it, please let me know if there
> > are others that you need to see.
> >
> > CONFIG_IP_ADVANCED_ROUTER=y
> you don't need this.
> > CONFIG_NETFILTER=y
> > CONFIG_IP_NF_NAT=y
> you will need this.  But only oce you get connected to 192.168.1.1 !
> remember, the client needs a default route set.  The server _isn't_
> going to need a route to 192.168.1/24 explicitly set in conf.d/net
>
> > Thanks,
> >
> > Shawn
> I'm on comcast too:
>
> 20:  c-71-xxx-144-1.hsd1.fl.comcast.net
> (71.203.144.1)    asymm 21 167.516ms reached Resume: pmtu 1500 hops 20
> back 21
>
> only 1 country's width and 20/21 hops away from you!  I mangled your ip
> address even though you provide it yourself, to allow you to be the one
> invading your privacy and not me .
>
> ps, if you have a switch around, i bet it would work if you plugged in
> both to switch (/ hub) via patch cable.  I bet your crossover is bad.
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
"Doing linear scans over an associative array is like trying to club someone
to death with a loaded Uzi."
Larry Wall

[-- Attachment #2: Type: text/html, Size: 7558 bytes --]

Re: [gentoo-user] Question about /etc/conf.d/net entry

[Dan Farrell]

On Fri, 2 Feb 2007 16:51:37 -0500
"Shawn Singh" <callmeshawn@gmail.com> wrote:

> Dan,
> 
> Thanks for the reply. The client is a laptop running Windows XP Home
> EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.
> 
> The client is setup as follows:
> IP address: 192.168.1.2
> Netmask:    255.255.255.0
> Gateway:    192.168.1.1
> DNS:          192.168.1.1
> 
> I've changed my /etc/conf.d/net to:
> 
> # Interface Handler
> modules=( "ifconfig" )
> 
> # eth0 (WAN) config
> config_eth0=( "dhcp" )
> 
> # eth1 (LAN) config
> config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast
> 192.168.1.255" )
for what it's worth, netmask and broadcast will also default to those
settings in ifconfig if you set the ip to 192.168.1.x 

>  I have all that I need compiled into my kernel
> (2.6.19-r1). 

I agree.  let's see what happens....
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Question about /etc/conf.d/net entry

[Shawn Singh]

[-- Attachment #1: Type: text/plain, Size: 1769 bytes --]

Dan,

The cable checked out. I used it to hookup my work laptop with the other
laptop I was using as my client, and was able to ping each host. The fact
that I had no link made me curious ... and I realized it made user error ...
I was "SURE" that I verified the NIC I was plugging into was eth1, as I've
got 3 NICs in the machine ... the one with no link is really eth2 ... not
eth1 ... I plugged into the correct interface, and (perhaps) needless to
say, my client is now seeing the gateway and the gateway sees the client.

Thanks for the pointers on my config. They helped me ensure that I had my
machine setup properly!

Thanks,

Shawn

On 2/2/07, Dan Farrell <dan@spore.ath.cx> wrote:
>
> On Fri, 2 Feb 2007 16:51:37 -0500
> "Shawn Singh" <callmeshawn@gmail.com> wrote:
>
> > Dan,
> >
> > Thanks for the reply. The client is a laptop running Windows XP Home
> > EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.
> >
> > The client is setup as follows:
> > IP address: 192.168.1.2
> > Netmask:    255.255.255.0
> > Gateway:    192.168.1.1
> > DNS:          192.168.1.1
> >
> > I've changed my /etc/conf.d/net to:
> >
> > # Interface Handler
> > modules=( "ifconfig" )
> >
> > # eth0 (WAN) config
> > config_eth0=( "dhcp" )
> >
> > # eth1 (LAN) config
> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast
> > 192.168.1.255" )
> for what it's worth, netmask and broadcast will also default to those
> settings in ifconfig if you set the ip to 192.168.1.x
>
> >  I have all that I need compiled into my kernel
> > (2.6.19-r1).
>
> I agree.  let's see what happens....
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
"Doing linear scans over an associative array is like trying to club someone
to death with a loaded Uzi."
Larry Wall

[-- Attachment #2: Type: text/html, Size: 2724 bytes --]

Re: [gentoo-user] Question about /etc/conf.d/net entry

[Daniel Barkalow]

On Sat, 3 Feb 2007, Shawn Singh wrote:

> The cable checked out. I used it to hookup my work laptop with the other
> laptop I was using as my client, and was able to ping each host. The fact
> that I had no link made me curious ... and I realized it made user error ...
> I was "SURE" that I verified the NIC I was plugging into was eth1, as I've
> got 3 NICs in the machine ... the one with no link is really eth2 ... not
> eth1 ... I plugged into the correct interface, and (perhaps) needless to
> say, my client is now seeing the gateway and the gateway sees the client.

I'd suggest using udev rules (create or add to 
/etc/udev/rules.d/10-local.rules) like this:

ACTION=="add", SUBSYSTEM=="net", SYSFS{address}=="00:10:b5:0e:d6:e9", NAME="extra"

(note, one = in the last one, two in all of the others) to give intuitive 
names to all of the network cards. Then you replace "eth1" everywhere with 
"extra". This makes it easier to read, so you don't forget which is which, 
and it means that if the kernel device enumeration changes, your rules 
don't break, and if you need to repurpose cards or something, you can just 
change the MAC addresses and the rules will be right.

It's a lot easier to keep "left", "middle", and "right" (or "uplink", 
"downlink", and "extra") straight than "eth0", "eth2", and "eth1".
 
	-Daniel
*This .sig left intentionally blank*
-- 
gentoo-user@gentoo.org mailing list