From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HD6Sp-0007Xp-0b for garchives@archives.gentoo.org; Fri, 02 Feb 2007 22:00:59 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l12LxCE0024736; Fri, 2 Feb 2007 21:59:12 GMT Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l12Lpcli015353 for ; Fri, 2 Feb 2007 21:51:38 GMT Received: by wr-out-0506.google.com with SMTP id i28so878407wra for ; Fri, 02 Feb 2007 13:51:38 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=b2JBPPrHSySVHV5Rfk6durJFVPtsHOFlVR1Hm/ojFs38H5H4tt/zjZBMBl40w7HFpAtd4gsALlp6OmO4YoY9HVXc7ABR0tq5MqEBb3cYGa+OICU/sfngdPUFHcZU644B+sBYJXWrCEpECL7H6VagWRrTh+rexEwTS6QEmiZWDC0= Received: by 10.90.90.16 with SMTP id n16mr1875217agb.1170453097595; Fri, 02 Feb 2007 13:51:37 -0800 (PST) Received: by 10.90.100.19 with HTTP; Fri, 2 Feb 2007 13:51:37 -0800 (PST) Message-ID: <7225537e0702021351g32cb65edy78761640bf4d9f42@mail.gmail.com> Date: Fri, 2 Feb 2007 16:51:37 -0500 From: "Shawn Singh" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Question about /etc/conf.d/net entry In-Reply-To: <20070202150401.4bc336ce@pascal.spore.ath.cx> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_28704_17204853.1170453097563" References: <7225537e0702020907w1598350erf823adc50fe56fc9@mail.gmail.com> <20070202150401.4bc336ce@pascal.spore.ath.cx> X-Archives-Salt: a32b653c-fcef-48bc-b17d-d05456ba3983 X-Archives-Hash: ee3e62e20ace4a6d58b677ab75ef4231 ------=_Part_28704_17204853.1170453097563 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dan, Thanks for the reply. The client is a laptop running Windows XP Home EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8. The client is setup as follows: IP address: 192.168.1.2 Netmask: 255.255.255.0 Gateway: 192.168.1.1 DNS: 192.168.1.1 I've changed my /etc/conf.d/net to: # Interface Handler modules=( "ifconfig" ) # eth0 (WAN) config config_eth0=( "dhcp" ) # eth1 (LAN) config config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" ) Amongst many other things, shorewall dump shows: Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Available Physdev Match: Not available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Available Raw Table: Available CLASSIFY Target: Available FORWARD Mangle Chain: Available So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll be home in a bit, and I'll get on the Windows computer and run ipconfig and route to find out what the IP info and routing table looks like on the client and post that. Thanks again for your help. Shawn On 2/2/07, Dan Farrell wrote: > > On Fri, 2 Feb 2007 12:07:59 -0500 > "Shawn Singh" wrote: > > > Hello list, > > > > I've got my /etc/conf.d/net setup as follows: > > > > # Interface Handler > > modules=( "ifconfig" ) > > > > # eth0 (WAN) config > > config_eth0=( "dhcp" ) > > > > # eth1 (LAN) config > > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast > > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the > > idea here is that I wish to have all traffic intended for hosts on > > 192.168.1.0 pass through 192.168.1.1. > > all on the 'server' right? The 'server' doesn't need a route to > 192.168.1.0 through 192.168.1.1. That's going to be automatic on the > server's end because of the line > > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 > in route. A route through eth1 to the subnet eth1 is on will > automatically be added. But does the 'client' computer have such a > default route through 192.168.1.1? The command to set up such a route > (again, on the client) would be > > route add default gw 192.168.1.1; > > > Here's the output from ifconfig eth1: > looks fine. > > > This is my routing table: > looks fine, as long as it's from the server and not the client. > > > One odd thing is, if I run mii-tool eth1, I get: > > eth1: no link > > eth1 is connected to my client machine via crossover cable (the wire > > scheme A end is plugged into eth1, and the wire scheme b end is > > plugged into the client machine) > You clearly know the difference between a patch and a crossover, but i > don't see why the interfaces arent' registering a conection. > > I'm experiencing difficulty where my client can't get to the Internet > > (the pages just time out) > you need ip forwarding enabled to pull that off. > > I can't ping the gateway (192.168.1.1) > > from the client. Also, from the firewall, I can't ping the client > > machine ( 192.168.1.2). > This should be working right now, though. Can you post the ipconfig > and route output from the 'client' ? > > > Pings from the firewall to the client result in Destination > > Unreachable, and if I remember correctly, pings from the client to > > the firewall just time out. > sounds like the client is not actually 'connected'. Although, clearly > the physical connection is there. > > > I'm running shorewall (v 3.0.8), so I've tried shutting it down > > (shorewall clear) to eliminate that as an option, but still not > > getting anywhere. > oh oh. shorewall can really confuse things. Stop shorewall and have > it save your iptables output, then I would suggest flushing > > .config has the following entries in it, please let me know if there > > are others that you need to see. > > > > CONFIG_IP_ADVANCED_ROUTER=y > you don't need this. > > CONFIG_NETFILTER=y > > CONFIG_IP_NF_NAT=y > you will need this. But only oce you get connected to 192.168.1.1 ! > remember, the client needs a default route set. The server _isn't_ > going to need a route to 192.168.1/24 explicitly set in conf.d/net > > > Thanks, > > > > Shawn > I'm on comcast too: > > 20: c-71-xxx-144-1.hsd1.fl.comcast.net > (71.203.144.1) asymm 21 167.516ms reached Resume: pmtu 1500 hops 20 > back 21 > > only 1 country's width and 20/21 hops away from you! I mangled your ip > address even though you provide it yourself, to allow you to be the one > invading your privacy and not me . > > ps, if you have a switch around, i bet it would work if you plugged in > both to switch (/ hub) via patch cable. I bet your crossover is bad. > -- > gentoo-user@gentoo.org mailing list > > -- "Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi." Larry Wall ------=_Part_28704_17204853.1170453097563 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Dan,

Thanks for the reply. The client is a laptop running Windows XP Home EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.

The client is setup as follows:
IP address: 192.168.1.2
Netmask:    255.255.255.0
Gateway:    192.168.1.1
DNS:          192.168.1.1

I've changed my /etc/conf.d/net to:

# Interface Handler
modules=( "ifconfig" )

# eth0 (WAN) config
config_eth0=( "dhcp" )

# eth1 (LAN) config
config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )

Amongst many other things, shorewall dump shows:

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Not available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Not available
   Connmark Match: Available
   Raw Table: Available
   CLASSIFY Target: Available
   FORWARD Mangle Chain: Available

So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll be home in a bit, and I'll get on the Windows computer and run ipconfig and route to find out what the IP info and routing table looks like on the client and post that.

Thanks again for your help.

Shawn

On 2/2/07, Dan Farrell <dan@spore.ath.cx> wrote:
On Fri, 2 Feb 2007 12:07:59 -0500
"Shawn Singh" <callmeshawn@gmail.com> wrote:

> Hello list,
>
> I've got my /etc/conf.d/net setup as follows:
>
> # Interface Handler
> modules=( "ifconfig" )
>
> # eth0 (WAN) config
> config_eth0=( "dhcp" )
>
> # eth1 (LAN) config
> config_eth1=( " 192.168.1.1 netmask 255.255.255.0 broadcast
> 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the
> idea here is that I wish to have all traffic intended for hosts on
> 192.168.1.0 pass through 192.168.1.1.

all on the 'server' right?  The 'server' doesn't need a route to
192.168.1.0 through 192.168.1.1.  That's going to be automatic on the
server's end because of the line
> 192.168.1.0     *        255.255.255.0   U     0    0  0 eth1
in route.  A route through eth1 to the subnet eth1 is on will
automatically be added.  But does the 'client' computer have such a
default route through 192.168.1.1?  The command to set up such a route
(again, on the client) would be

  route add default gw 192.168.1.1;

> Here's the output from ifconfig eth1:
looks fine.

> This is my routing table:
looks fine, as long as it's from the server and not the client.

> One odd thing is, if I run mii-tool eth1, I get:
> eth1: no link
> eth1 is connected to my client machine via crossover cable (the wire
> scheme A end is plugged into eth1, and the wire scheme b end is
> plugged into the client machine)
You clearly know the difference between a patch and a crossover, but i
don't see why the interfaces arent' registering a conection.
> I'm experiencing difficulty where my client can't get to the Internet
> (the pages just time out)
you need ip forwarding enabled to pull that off.
> I can't ping the gateway (192.168.1.1)
> from the client. Also, from the firewall, I can't ping the client
> machine ( 192.168.1.2).
This should be working right now, though.  Can you post the ipconfig
and route output from the 'client' ?

> Pings from the firewall to the client result in Destination
> Unreachable, and if I remember correctly, pings from the client to
> the firewall just time out.
sounds like the client is not actually 'connected'.  Although, clearly
the physical connection is there.

> I'm running shorewall (v 3.0.8), so I've tried shutting it down
> (shorewall clear) to eliminate that as an option, but still not
> getting anywhere.
oh oh.  shorewall can really confuse things.  Stop shorewall and have
it save your iptables output, then I would suggest flushing
> .config has the following entries in it, please let me know if there
> are others that you need to see.
>
> CONFIG_IP_ADVANCED_ROUTER=y
you don't need this.
> CONFIG_NETFILTER=y
> CONFIG_IP_NF_NAT=y
you will need this.  But only oce you get connected to 192.168.1.1 !
remember, the client needs a default route set.  The server _isn't_
going to need a route to 192.168.1/24 explicitly set in conf.d/net

> Thanks,
>
> Shawn
I'm on comcast too:

20:  c-71-xxx-144-1.hsd1.fl.comcast.net
(71.203.144.1)    asymm 21 167.516ms reached Resume: pmtu 1500 hops 20
back 21

only 1 country's width and 20/21 hops away from you!  I mangled your ip
address even though you provide it yourself, to allow you to be the one
invading your privacy and not me .

ps, if you have a switch around, i bet it would work if you plugged in
both to switch (/ hub) via patch cable.  I bet your crossover is bad.
--
gentoo-user@gentoo.org mailing list




--
"Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi."
Larry Wall ------=_Part_28704_17204853.1170453097563-- -- gentoo-user@gentoo.org mailing list