Re: [gentoo-user] Question about /etc/conf.d/net entry - gentoo-user

From:	Shawn Singh <callmeshawn@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Question about /etc/conf.d/net entry
Date:	Fri, 02 Feb 2007 22:00:59
Message-Id:	`7225537e0702021351g32cb65edy78761640bf4d9f42@mail.gmail.com`

1

Dan,

2

3

Thanks for the reply. The client is a laptop running Windows XP Home

4

EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.

5

6

The client is setup as follows:

7

IP address: 192.168.1.2

8

Netmask:    255.255.255.0

9

Gateway:    192.168.1.1

10

DNS:          192.168.1.1

11

12

I've changed my /etc/conf.d/net to:

13

14

# Interface Handler

15

modules=( "ifconfig" )

16

17

# eth0 (WAN) config

18

config_eth0=( "dhcp" )

19

20

# eth1 (LAN) config

21

config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )

22

23

Amongst many other things, shorewall dump shows:

24

25

Shorewall has detected the following iptables/netfilter capabilities:

26

   NAT: Available

27

   Packet Mangling: Available

28

   Multi-port Match: Available

29

   Extended Multi-port Match: Available

30

   Connection Tracking Match: Available

31

   Packet Type Match: Available

32

   Policy Match: Available

33

   Physdev Match: Not available

34

   IP range Match: Available

35

   Recent Match: Available

36

   Owner Match: Available

37

   Ipset Match: Not available

38

   CONNMARK Target: Not available

39

   Connmark Match: Available

40

   Raw Table: Available

41

   CLASSIFY Target: Available

42

   FORWARD Mangle Chain: Available

43

44

So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll

45

be home in a bit, and I'll get on the Windows computer and run ipconfig and

46

route to find out what the IP info and routing table looks like on the

47

client and post that.

48

49

Thanks again for your help.

50

51

Shawn

52

53

On 2/2/07, Dan Farrell <dan@×××××××××.cx> wrote:

54

>

55

> On Fri, 2 Feb 2007 12:07:59 -0500

56

> "Shawn Singh" <callmeshawn@×××××.com> wrote:

57

>

58

> > Hello list,

59

> >

60

> > I've got my /etc/conf.d/net setup as follows:

61

> >

62

> > # Interface Handler

63

> > modules=( "ifconfig" )

64

> >

65

> > # eth0 (WAN) config

66

> > config_eth0=( "dhcp" )

67

> >

68

> > # eth1 (LAN) config

69

> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast

70

> > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the

71

> > idea here is that I wish to have all traffic intended for hosts on

72

> > 192.168.1.0 pass through 192.168.1.1.

73

>

74

> all on the 'server' right?  The 'server' doesn't need a route to

75

> 192.168.1.0 through 192.168.1.1.  That's going to be automatic on the

76

> server's end because of the line

77

> > 192.168.1.0     *        255.255.255.0   U     0    0  0 eth1

78

> in route.  A route through eth1 to the subnet eth1 is on will

79

> automatically be added.  But does the 'client' computer have such a

80

> default route through 192.168.1.1?  The command to set up such a route

81

> (again, on the client) would be

82

>

83

>   route add default gw 192.168.1.1;

84

>

85

> > Here's the output from ifconfig eth1:

86

> looks fine.

87

>

88

> > This is my routing table:

89

> looks fine, as long as it's from the server and not the client.

90

>

91

> > One odd thing is, if I run mii-tool eth1, I get:

92

> > eth1: no link

93

> > eth1 is connected to my client machine via crossover cable (the wire

94

> > scheme A end is plugged into eth1, and the wire scheme b end is

95

> > plugged into the client machine)

96

> You clearly know the difference between a patch and a crossover, but i

97

> don't see why the interfaces arent' registering a conection.

98

> > I'm experiencing difficulty where my client can't get to the Internet

99

> > (the pages just time out)

100

> you need ip forwarding enabled to pull that off.

101

> > I can't ping the gateway (192.168.1.1)

102

> > from the client. Also, from the firewall, I can't ping the client

103

> > machine ( 192.168.1.2).

104

> This should be working right now, though.  Can you post the ipconfig

105

> and route output from the 'client' ?

106

>

107

> > Pings from the firewall to the client result in Destination

108

> > Unreachable, and if I remember correctly, pings from the client to

109

> > the firewall just time out.

110

> sounds like the client is not actually 'connected'.  Although, clearly

111

> the physical connection is there.

112

>

113

> > I'm running shorewall (v 3.0.8), so I've tried shutting it down

114

> > (shorewall clear) to eliminate that as an option, but still not

115

> > getting anywhere.

116

> oh oh.  shorewall can really confuse things.  Stop shorewall and have

117

> it save your iptables output, then I would suggest flushing

118

> > .config has the following entries in it, please let me know if there

119

> > are others that you need to see.

120

> >

121

> > CONFIG_IP_ADVANCED_ROUTER=y

122

> you don't need this.

123

> > CONFIG_NETFILTER=y

124

> > CONFIG_IP_NF_NAT=y

125

> you will need this.  But only oce you get connected to 192.168.1.1 !

126

> remember, the client needs a default route set.  The server _isn't_

127

> going to need a route to 192.168.1/24 explicitly set in conf.d/net

128

>

129

> > Thanks,

130

> >

131

> > Shawn

132

> I'm on comcast too:

133

>

134

> 20:  c-71-xxx-144-1.hsd1.fl.comcast.net

135

> (71.203.144.1)    asymm 21 167.516ms reached Resume: pmtu 1500 hops 20

136

> back 21

137

>

138

> only 1 country's width and 20/21 hops away from you!  I mangled your ip

139

> address even though you provide it yourself, to allow you to be the one

140

> invading your privacy and not me .

141

>

142

> ps, if you have a switch around, i bet it would work if you plugged in

143

> both to switch (/ hub) via patch cable.  I bet your crossover is bad.

144

> --

145

> gentoo-user@g.o mailing list

146

>

147

>

148

149

150

--

151

"Doing linear scans over an associative array is like trying to club someone

152

to death with a loaded Uzi."

153

Larry Wall

Gentoo Archives: gentoo-user

Replies

1	Dan,
2
3	Thanks for the reply. The client is a laptop running Windows XP Home
4	EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.
5
6	The client is setup as follows:
7	IP address: 192.168.1.2
8	Netmask: 255.255.255.0
9	Gateway: 192.168.1.1
10	DNS: 192.168.1.1
11
12	I've changed my /etc/conf.d/net to:
13
14	# Interface Handler
15	modules=( "ifconfig" )
16
17	# eth0 (WAN) config
18	config_eth0=( "dhcp" )
19
20	# eth1 (LAN) config
21	config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" )
22
23	Amongst many other things, shorewall dump shows:
24
25	Shorewall has detected the following iptables/netfilter capabilities:
26	NAT: Available
27	Packet Mangling: Available
28	Multi-port Match: Available
29	Extended Multi-port Match: Available
30	Connection Tracking Match: Available
31	Packet Type Match: Available
32	Policy Match: Available
33	Physdev Match: Not available
34	IP range Match: Available
35	Recent Match: Available
36	Owner Match: Available
37	Ipset Match: Not available
38	CONNMARK Target: Not available
39	Connmark Match: Available
40	Raw Table: Available
41	CLASSIFY Target: Available
42	FORWARD Mangle Chain: Available
43
44	So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll
45	be home in a bit, and I'll get on the Windows computer and run ipconfig and
46	route to find out what the IP info and routing table looks like on the
47	client and post that.
48
49	Thanks again for your help.
50
51	Shawn
52
53	On 2/2/07, Dan Farrell <dan@×××××××××.cx> wrote:
54	>
55	> On Fri, 2 Feb 2007 12:07:59 -0500
56	> "Shawn Singh" <callmeshawn@×××××.com> wrote:
57	>
58	> > Hello list,
59	> >
60	> > I've got my /etc/conf.d/net setup as follows:
61	> >
62	> > # Interface Handler
63	> > modules=( "ifconfig" )
64	> >
65	> > # eth0 (WAN) config
66	> > config_eth0=( "dhcp" )
67	> >
68	> > # eth1 (LAN) config
69	> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast
70	> > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the
71	> > idea here is that I wish to have all traffic intended for hosts on
72	> > 192.168.1.0 pass through 192.168.1.1.
73	>
74	> all on the 'server' right? The 'server' doesn't need a route to
75	> 192.168.1.0 through 192.168.1.1. That's going to be automatic on the
76	> server's end because of the line
77	> > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
78	> in route. A route through eth1 to the subnet eth1 is on will
79	> automatically be added. But does the 'client' computer have such a
80	> default route through 192.168.1.1? The command to set up such a route
81	> (again, on the client) would be
82	>
83	> route add default gw 192.168.1.1;
84	>
85	> > Here's the output from ifconfig eth1:
86	> looks fine.
87	>
88	> > This is my routing table:
89	> looks fine, as long as it's from the server and not the client.
90	>
91	> > One odd thing is, if I run mii-tool eth1, I get:
92	> > eth1: no link
93	> > eth1 is connected to my client machine via crossover cable (the wire
94	> > scheme A end is plugged into eth1, and the wire scheme b end is
95	> > plugged into the client machine)
96	> You clearly know the difference between a patch and a crossover, but i
97	> don't see why the interfaces arent' registering a conection.
98	> > I'm experiencing difficulty where my client can't get to the Internet
99	> > (the pages just time out)
100	> you need ip forwarding enabled to pull that off.
101	> > I can't ping the gateway (192.168.1.1)
102	> > from the client. Also, from the firewall, I can't ping the client
103	> > machine ( 192.168.1.2).
104	> This should be working right now, though. Can you post the ipconfig
105	> and route output from the 'client' ?
106	>
107	> > Pings from the firewall to the client result in Destination
108	> > Unreachable, and if I remember correctly, pings from the client to
109	> > the firewall just time out.
110	> sounds like the client is not actually 'connected'. Although, clearly
111	> the physical connection is there.
112	>
113	> > I'm running shorewall (v 3.0.8), so I've tried shutting it down
114	> > (shorewall clear) to eliminate that as an option, but still not
115	> > getting anywhere.
116	> oh oh. shorewall can really confuse things. Stop shorewall and have
117	> it save your iptables output, then I would suggest flushing
118	> > .config has the following entries in it, please let me know if there
119	> > are others that you need to see.
120	> >
121	> > CONFIG_IP_ADVANCED_ROUTER=y
122	> you don't need this.
123	> > CONFIG_NETFILTER=y
124	> > CONFIG_IP_NF_NAT=y
125	> you will need this. But only oce you get connected to 192.168.1.1 !
126	> remember, the client needs a default route set. The server _isn't_
127	> going to need a route to 192.168.1/24 explicitly set in conf.d/net
128	>
129	> > Thanks,
130	> >
131	> > Shawn
132	> I'm on comcast too:
133	>
134	> 20: c-71-xxx-144-1.hsd1.fl.comcast.net
135	> (71.203.144.1) asymm 21 167.516ms reached Resume: pmtu 1500 hops 20
136	> back 21
137	>
138	> only 1 country's width and 20/21 hops away from you! I mangled your ip
139	> address even though you provide it yourself, to allow you to be the one
140	> invading your privacy and not me .
141	>
142	> ps, if you have a switch around, i bet it would work if you plugged in
143	> both to switch (/ hub) via patch cable. I bet your crossover is bad.
144	> --
145	> gentoo-user@g.o mailing list
146	>
147	>
148
149
150	--
151	"Doing linear scans over an associative array is like trying to club someone
152	to death with a loaded Uzi."
153	Larry Wall