1 |
Dan, |
2 |
|
3 |
Thanks for the reply. The client is a laptop running Windows XP Home |
4 |
EditionI'. Server is a tower running Gentoo 2006.1, shorewall 3.0.8. |
5 |
|
6 |
The client is setup as follows: |
7 |
IP address: 192.168.1.2 |
8 |
Netmask: 255.255.255.0 |
9 |
Gateway: 192.168.1.1 |
10 |
DNS: 192.168.1.1 |
11 |
|
12 |
I've changed my /etc/conf.d/net to: |
13 |
|
14 |
# Interface Handler |
15 |
modules=( "ifconfig" ) |
16 |
|
17 |
# eth0 (WAN) config |
18 |
config_eth0=( "dhcp" ) |
19 |
|
20 |
# eth1 (LAN) config |
21 |
config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255" ) |
22 |
|
23 |
Amongst many other things, shorewall dump shows: |
24 |
|
25 |
Shorewall has detected the following iptables/netfilter capabilities: |
26 |
NAT: Available |
27 |
Packet Mangling: Available |
28 |
Multi-port Match: Available |
29 |
Extended Multi-port Match: Available |
30 |
Connection Tracking Match: Available |
31 |
Packet Type Match: Available |
32 |
Policy Match: Available |
33 |
Physdev Match: Not available |
34 |
IP range Match: Available |
35 |
Recent Match: Available |
36 |
Owner Match: Available |
37 |
Ipset Match: Not available |
38 |
CONNMARK Target: Not available |
39 |
Connmark Match: Available |
40 |
Raw Table: Available |
41 |
CLASSIFY Target: Available |
42 |
FORWARD Mangle Chain: Available |
43 |
|
44 |
So, I think I have all that I need compiled into my kernel (2.6.19-r1). I'll |
45 |
be home in a bit, and I'll get on the Windows computer and run ipconfig and |
46 |
route to find out what the IP info and routing table looks like on the |
47 |
client and post that. |
48 |
|
49 |
Thanks again for your help. |
50 |
|
51 |
Shawn |
52 |
|
53 |
On 2/2/07, Dan Farrell <dan@×××××××××.cx> wrote: |
54 |
> |
55 |
> On Fri, 2 Feb 2007 12:07:59 -0500 |
56 |
> "Shawn Singh" <callmeshawn@×××××.com> wrote: |
57 |
> |
58 |
> > Hello list, |
59 |
> > |
60 |
> > I've got my /etc/conf.d/net setup as follows: |
61 |
> > |
62 |
> > # Interface Handler |
63 |
> > modules=( "ifconfig" ) |
64 |
> > |
65 |
> > # eth0 (WAN) config |
66 |
> > config_eth0=( "dhcp" ) |
67 |
> > |
68 |
> > # eth1 (LAN) config |
69 |
> > config_eth1=( "192.168.1.1 netmask 255.255.255.0 broadcast |
70 |
> > 192.168.1.255" ) routes_eth1=( "192.168.1.0 via 192.168.1.1" ) # the |
71 |
> > idea here is that I wish to have all traffic intended for hosts on |
72 |
> > 192.168.1.0 pass through 192.168.1.1. |
73 |
> |
74 |
> all on the 'server' right? The 'server' doesn't need a route to |
75 |
> 192.168.1.0 through 192.168.1.1. That's going to be automatic on the |
76 |
> server's end because of the line |
77 |
> > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 |
78 |
> in route. A route through eth1 to the subnet eth1 is on will |
79 |
> automatically be added. But does the 'client' computer have such a |
80 |
> default route through 192.168.1.1? The command to set up such a route |
81 |
> (again, on the client) would be |
82 |
> |
83 |
> route add default gw 192.168.1.1; |
84 |
> |
85 |
> > Here's the output from ifconfig eth1: |
86 |
> looks fine. |
87 |
> |
88 |
> > This is my routing table: |
89 |
> looks fine, as long as it's from the server and not the client. |
90 |
> |
91 |
> > One odd thing is, if I run mii-tool eth1, I get: |
92 |
> > eth1: no link |
93 |
> > eth1 is connected to my client machine via crossover cable (the wire |
94 |
> > scheme A end is plugged into eth1, and the wire scheme b end is |
95 |
> > plugged into the client machine) |
96 |
> You clearly know the difference between a patch and a crossover, but i |
97 |
> don't see why the interfaces arent' registering a conection. |
98 |
> > I'm experiencing difficulty where my client can't get to the Internet |
99 |
> > (the pages just time out) |
100 |
> you need ip forwarding enabled to pull that off. |
101 |
> > I can't ping the gateway (192.168.1.1) |
102 |
> > from the client. Also, from the firewall, I can't ping the client |
103 |
> > machine ( 192.168.1.2). |
104 |
> This should be working right now, though. Can you post the ipconfig |
105 |
> and route output from the 'client' ? |
106 |
> |
107 |
> > Pings from the firewall to the client result in Destination |
108 |
> > Unreachable, and if I remember correctly, pings from the client to |
109 |
> > the firewall just time out. |
110 |
> sounds like the client is not actually 'connected'. Although, clearly |
111 |
> the physical connection is there. |
112 |
> |
113 |
> > I'm running shorewall (v 3.0.8), so I've tried shutting it down |
114 |
> > (shorewall clear) to eliminate that as an option, but still not |
115 |
> > getting anywhere. |
116 |
> oh oh. shorewall can really confuse things. Stop shorewall and have |
117 |
> it save your iptables output, then I would suggest flushing |
118 |
> > .config has the following entries in it, please let me know if there |
119 |
> > are others that you need to see. |
120 |
> > |
121 |
> > CONFIG_IP_ADVANCED_ROUTER=y |
122 |
> you don't need this. |
123 |
> > CONFIG_NETFILTER=y |
124 |
> > CONFIG_IP_NF_NAT=y |
125 |
> you will need this. But only oce you get connected to 192.168.1.1 ! |
126 |
> remember, the client needs a default route set. The server _isn't_ |
127 |
> going to need a route to 192.168.1/24 explicitly set in conf.d/net |
128 |
> |
129 |
> > Thanks, |
130 |
> > |
131 |
> > Shawn |
132 |
> I'm on comcast too: |
133 |
> |
134 |
> 20: c-71-xxx-144-1.hsd1.fl.comcast.net |
135 |
> (71.203.144.1) asymm 21 167.516ms reached Resume: pmtu 1500 hops 20 |
136 |
> back 21 |
137 |
> |
138 |
> only 1 country's width and 20/21 hops away from you! I mangled your ip |
139 |
> address even though you provide it yourself, to allow you to be the one |
140 |
> invading your privacy and not me . |
141 |
> |
142 |
> ps, if you have a switch around, i bet it would work if you plugged in |
143 |
> both to switch (/ hub) via patch cable. I bet your crossover is bad. |
144 |
> -- |
145 |
> gentoo-user@g.o mailing list |
146 |
> |
147 |
> |
148 |
|
149 |
|
150 |
-- |
151 |
"Doing linear scans over an associative array is like trying to club someone |
152 |
to death with a loaded Uzi." |
153 |
Larry Wall |