From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
by nuthatch.gentoo.org with esmtp (Exim 4.62)
(envelope-from <gentoo-user+bounces-59441-garchives=archives.gentoo.org@gentoo.org>)
id 1HD6Sp-0007Xp-0b
for garchives@archives.gentoo.org; Fri, 02 Feb 2007 22:00:59 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l12LxCE0024736;
Fri, 2 Feb 2007 21:59:12 GMT
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224])
by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l12Lpcli015353
for <gentoo-user@lists.gentoo.org>; Fri, 2 Feb 2007 21:51:38 GMT
Received: by wr-out-0506.google.com with SMTP id i28so878407wra
for <gentoo-user@lists.gentoo.org>; Fri, 02 Feb 2007 13:51:38 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;
h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
b=b2JBPPrHSySVHV5Rfk6durJFVPtsHOFlVR1Hm/ojFs38H5H4tt/zjZBMBl40w7HFpAtd4gsALlp6OmO4YoY9HVXc7ABR0tq5MqEBb3cYGa+OICU/sfngdPUFHcZU644B+sBYJXWrCEpECL7H6VagWRrTh+rexEwTS6QEmiZWDC0=
Received: by 10.90.90.16 with SMTP id n16mr1875217agb.1170453097595;
Fri, 02 Feb 2007 13:51:37 -0800 (PST)
Received: by 10.90.100.19 with HTTP; Fri, 2 Feb 2007 13:51:37 -0800 (PST)
Message-ID: <7225537e0702021351g32cb65edy78761640bf4d9f42@mail.gmail.com>
Date: Fri, 2 Feb 2007 16:51:37 -0500
From: "Shawn Singh" <callmeshawn@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Question about /etc/conf.d/net entry
In-Reply-To: <20070202150401.4bc336ce@pascal.spore.ath.cx>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_28704_17204853.1170453097563"
References: <7225537e0702020907w1598350erf823adc50fe56fc9@mail.gmail.com>
<20070202150401.4bc336ce@pascal.spore.ath.cx>
X-Archives-Salt: a32b653c-fcef-48bc-b17d-d05456ba3983
X-Archives-Hash: ee3e62e20ace4a6d58b677ab75ef4231
------=_Part_28704_17204853.1170453097563
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Dan,
Thanks for the reply. The client is a laptop running Windows XP Home
EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.
The client is setup as follows:
IP address: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1
I've changed my /etc/conf.d/net to:
# Interface Handler
modules=( "ifconfig" )
# eth0 (WAN) config
config_eth0=( "dhcp" )
# eth1 (LAN) config
config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )
Amongst many other things, shorewall dump shows:
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Not available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Available
Raw Table: Available
CLASSIFY Target: Available
FORWARD Mangle Chain: Available
So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll
be home in a bit, and I'll get on the Windows computer and run ipconfig and
route to find out what the IP info and routing table looks like on the
client and post that.
Thanks again for your help.
Shawn
On 2/2/07, Dan Farrell <dan@spore.ath.cx> wrote:
>
> On Fri, 2 Feb 2007 12:07:59 -0500
> "Shawn Singh" <callmeshawn@gmail.com> wrote:
>
> > Hello list,
> >
> > I've got my /etc/conf.d/net setup as follows:
> >
> > # Interface Handler
> > modules=( "ifconfig" )
> >
> > # eth0 (WAN) config
> > config_eth0=( "dhcp" )
> >
> > # eth1 (LAN) config
> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast
> > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the
> > idea here is that I wish to have all traffic intended for hosts on
> > 192.168.1.0 pass through 192.168.1.1.
>
> all on the 'server' right? The 'server' doesn't need a route to
> 192.168.1.0 through 192.168.1.1. That's going to be automatic on the
> server's end because of the line
> > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> in route. A route through eth1 to the subnet eth1 is on will
> automatically be added. But does the 'client' computer have such a
> default route through 192.168.1.1? The command to set up such a route
> (again, on the client) would be
>
> route add default gw 192.168.1.1;
>
> > Here's the output from ifconfig eth1:
> looks fine.
>
> > This is my routing table:
> looks fine, as long as it's from the server and not the client.
>
> > One odd thing is, if I run mii-tool eth1, I get:
> > eth1: no link
> > eth1 is connected to my client machine via crossover cable (the wire
> > scheme A end is plugged into eth1, and the wire scheme b end is
> > plugged into the client machine)
> You clearly know the difference between a patch and a crossover, but i
> don't see why the interfaces arent' registering a conection.
> > I'm experiencing difficulty where my client can't get to the Internet
> > (the pages just time out)
> you need ip forwarding enabled to pull that off.
> > I can't ping the gateway (192.168.1.1)
> > from the client. Also, from the firewall, I can't ping the client
> > machine ( 192.168.1.2).
> This should be working right now, though. Can you post the ipconfig
> and route output from the 'client' ?
>
> > Pings from the firewall to the client result in Destination
> > Unreachable, and if I remember correctly, pings from the client to
> > the firewall just time out.
> sounds like the client is not actually 'connected'. Although, clearly
> the physical connection is there.
>
> > I'm running shorewall (v 3.0.8), so I've tried shutting it down
> > (shorewall clear) to eliminate that as an option, but still not
> > getting anywhere.
> oh oh. shorewall can really confuse things. Stop shorewall and have
> it save your iptables output, then I would suggest flushing
> > .config has the following entries in it, please let me know if there
> > are others that you need to see.
> >
> > CONFIG_IP_ADVANCED_ROUTER=y
> you don't need this.
> > CONFIG_NETFILTER=y
> > CONFIG_IP_NF_NAT=y
> you will need this. But only oce you get connected to 192.168.1.1 !
> remember, the client needs a default route set. The server _isn't_
> going to need a route to 192.168.1/24 explicitly set in conf.d/net
>
> > Thanks,
> >
> > Shawn
> I'm on comcast too:
>
> 20: c-71-xxx-144-1.hsd1.fl.comcast.net
> (71.203.144.1) asymm 21 167.516ms reached Resume: pmtu 1500 hops 20
> back 21
>
> only 1 country's width and 20/21 hops away from you! I mangled your ip
> address even though you provide it yourself, to allow you to be the one
> invading your privacy and not me .
>
> ps, if you have a switch around, i bet it would work if you plugged in
> both to switch (/ hub) via patch cable. I bet your crossover is bad.
> --
> gentoo-user@gentoo.org mailing list
>
>
--
"Doing linear scans over an associative array is like trying to club someone
to death with a loaded Uzi."
Larry Wall
------=_Part_28704_17204853.1170453097563
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Dan,<br><br>Thanks for the reply. The client is a laptop running Windows XP Home EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.<br><br>The client is setup as follows:<br>IP address: <a href="http://192.168.1.2">
192.168.1.2</a><br>Netmask: <a href="http://255.255.255.0">255.255.255.0</a><br>Gateway: <a href="http://192.168.1.1">192.168.1.1</a><br>DNS: <a href="http://192.168.1.1">192.168.1.1</a><br><br>I've changed my /etc/conf.d/net to:
<br><br># Interface Handler<br>modules=( "ifconfig" )<br><br># eth0 (WAN) config<br>config_eth0=( "dhcp" )<br><br># eth1 (LAN) config<br>config_eth1=( "<a href="http://192.168.1.1">192.168.1.1</a>
netmask <a href="http://255.255.255.0">255.255.255.0</a> broadcast <a href="http://192.168.1.255">192.168.1.255</a>" )<br><br>Amongst many other things, shorewall dump shows:<br><br>Shorewall has detected the following iptables/netfilter capabilities:
<br> NAT: Available<br> Packet Mangling: Available<br> Multi-port Match: Available<br> Extended Multi-port Match: Available<br> Connection Tracking Match: Available<br> Packet Type Match: Available<br> Policy Match: Available
<br> Physdev Match: Not available<br> IP range Match: Available<br> Recent Match: Available<br> Owner Match: Available<br> Ipset Match: Not available<br> CONNMARK Target: Not available<br> Connmark Match: Available
<br> Raw Table: Available<br> CLASSIFY Target: Available<br> FORWARD Mangle Chain: Available<br><br>So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll be home in a bit, and I'll get on the Windows computer and run ipconfig and route to find out what the IP info and routing table looks like on the client and post that.
<br><br>Thanks again for your help.<br><br>Shawn<br><br><div><span class="gmail_quote">On 2/2/07, <b class="gmail_sendername">Dan Farrell</b> <<a href="mailto:dan@spore.ath.cx">dan@spore.ath.cx</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Fri, 2 Feb 2007 12:07:59 -0500<br>"Shawn Singh" <<a href="mailto:callmeshawn@gmail.com">callmeshawn@gmail.com</a>> wrote:<br><br>> Hello list,<br>><br>> I've got my /etc/conf.d/net setup as follows:
<br>><br>> # Interface Handler<br>> modules=( "ifconfig" )<br>><br>> # eth0 (WAN) config<br>> config_eth0=( "dhcp" )<br>><br>> # eth1 (LAN) config<br>> config_eth1=( "<a href="http://192.168.1.1">
192.168.1.1</a> netmask <a href="http://255.255.255.0">255.255.255.0</a> broadcast<br>> <a href="http://192.168.1.255">192.168.1.255</a>" ) routes_eth1=( "<a href="http://192.168.1.0">192.168.1.0</a> via <a href="http://192.168.1.1">
192.168.1.1</a>" ) # the<br>> idea here is that I wish to have all traffic intended for hosts on<br>> <a href="http://192.168.1.0">192.168.1.0</a> pass through <a href="http://192.168.1.1">192.168.1.1</a>.<br><br>
all on the 'server' right? The 'server' doesn't need a route to<br><a href="http://192.168.1.0">192.168.1.0</a> through <a href="http://192.168.1.1">192.168.1.1</a>. That's going to be automatic on the
<br>server's end because of the line<br>> <a href="http://192.168.1.0">192.168.1.0</a> * <a href="http://255.255.255.0">255.255.255.0</a> U 0 0 0 eth1<br>in route. A route through eth1 to the subnet eth1 is on will
<br>automatically be added. But does the 'client' computer have such a<br>default route through <a href="http://192.168.1.1">192.168.1.1</a>? The command to set up such a route<br>(again, on the client) would be
<br><br> route add default gw <a href="http://192.168.1.1">192.168.1.1</a>;<br><br>> Here's the output from ifconfig eth1:<br>looks fine.<br><br>> This is my routing table:<br>looks fine, as long as it's from the server and not the client.
<br><br>> One odd thing is, if I run mii-tool eth1, I get:<br>> eth1: no link<br>> eth1 is connected to my client machine via crossover cable (the wire<br>> scheme A end is plugged into eth1, and the wire scheme b end is
<br>> plugged into the client machine)<br>You clearly know the difference between a patch and a crossover, but i<br>don't see why the interfaces arent' registering a conection.<br>> I'm experiencing difficulty where my client can't get to the Internet
<br>> (the pages just time out)<br>you need ip forwarding enabled to pull that off.<br>> I can't ping the gateway (<a href="http://192.168.1.1">192.168.1.1</a>)<br>> from the client. Also, from the firewall, I can't ping the client
<br>> machine ( <a href="http://192.168.1.2">192.168.1.2</a>).<br>This should be working right now, though. Can you post the ipconfig<br>and route output from the 'client' ?<br><br>> Pings from the firewall to the client result in Destination
<br>> Unreachable, and if I remember correctly, pings from the client to<br>> the firewall just time out.<br>sounds like the client is not actually 'connected'. Although, clearly<br>the physical connection is there.
<br><br>> I'm running shorewall (v 3.0.8), so I've tried shutting it down<br>> (shorewall clear) to eliminate that as an option, but still not<br>> getting anywhere.<br>oh oh. shorewall can really confuse things. Stop shorewall and have
<br>it save your iptables output, then I would suggest flushing<br>> .config has the following entries in it, please let me know if there<br>> are others that you need to see.<br>><br>> CONFIG_IP_ADVANCED_ROUTER=y
<br>you don't need this.<br>> CONFIG_NETFILTER=y<br>> CONFIG_IP_NF_NAT=y<br>you will need this. But only oce you get connected to <a href="http://192.168.1.1">192.168.1.1</a> !<br>remember, the client needs a default route set. The server _isn't_
<br>going to need a route to 192.168.1/24 explicitly set in conf.d/net<br><br>> Thanks,<br>><br>> Shawn<br>I'm on comcast too:<br><br>20: <a href="http://c-71-xxx-144-1.hsd1.fl.comcast.net">c-71-xxx-144-1.hsd1.fl.comcast.net
</a><br>(<a href="http://71.203.144.1">71.203.144.1</a>) asymm 21 167.516ms reached Resume: pmtu 1500 hops 20<br>back 21<br><br>only 1 country's width and 20/21 hops away from you! I mangled your ip<br>address even though you provide it yourself, to allow you to be the one
<br>invading your privacy and not me .<br><br>ps, if you have a switch around, i bet it would work if you plugged in<br>both to switch (/ hub) via patch cable. I bet your crossover is bad.<br>--<br><a href="mailto:gentoo-user@gentoo.org">
gentoo-user@gentoo.org</a> mailing list<br><br></blockquote></div><br><br clear="all"><br>-- <br>"Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi."<br>Larry Wall
------=_Part_28704_17204853.1170453097563--
--
gentoo-user@gentoo.org mailing list