This thread is for people who are having problems working through Butt-Ugly's Linux Server howto (see 'Anything Goes' forum).

Cheers,

Allan

Problem #1 carried over from the howto thread -

Which side of your server is 'playpen' connected to (eth0 or 1)?

eth0 (internal interface). Every other machine is connected via eth1 (external interface).

Cheers,

Allan

Your server is located behind your modem/router, so we can loosen its restrictions a little to test..
service iptables stop
echo 1 > /proc/sys/net/ip_forward
You should now be able to route through the server between your 2 private networks.

Can you post the results of "route -n".. want to check your default gateways on server and playpen.

Miles.

Stopping iptables allows playpen (client) to ping ukpc (server) and vice-versa. Can't seem to ping anything else from playpen though...

Here's the route table. I noticed the gateway item had disappeared so added it again. Is there something I need to do to lock that in?

Thanks,

Allan

EDIT - I can also ssh in to ukpc from playpen. Also, I presume you meant to add sub-directory ipv4 into that forward command?

I presume you meant to add sub-directory ipv4 into that forward command
Yes that helps too.. :p

You can edit your network file (/etc/sysconfig/network), and add: "GATEWAY=192.168.1.1"

Save and restart network (service network restart).

If you still have probs, you can cheat by using the GUI apps "system-config-network &". It will probably be easier in this case because of the earlier issue.

There's nothing wrong with using the GUI apps for everything, but playing with the code gives you a better understanding. So GUI it if need be.

Told you double NAT was a little harder to debug :D

Miles.

No luck dude.

No gui here either. I tried the command line system-config-network but it seems fixated on eth0.

Allan

EDIT - system-config-network-tui not system-config-network-cmd

You can do..
rm /etc/sysconfig/network-scripts/ifcfg-eth*
service network restart
This will delete the configuration files for both of your ethernet cards, then you can recreate them.

It may help to do them one at a time, ie.. eth0 internal, then when thats working ok do eth1 external.

Miles.

Tried that but no luck. I had to run system-config-network-tui twice. Each time it would create an entry for the respective interface in /etc/sysconfig/networking/devices/ which I would then need to copy to /etc/sysconfig/network-scripts/.

I don't think the problem is my network setup. I think I have two problems -

- firewall rules (hence why ping and ssh started working when I disabled it)
- squid setup (see below)

My browser on the client pc was prompting for userid and password to access the proxy. Once I gave it it would then churn for ages then say connection refused. I also noticed the following message in the squid access log -

TCP_DENIED/407 1704 GET http://my.yahoo.com/index.html

That is not the full message but the rest looked like timestamps and other less meaningful muck.

Cheers,

Allan

EDIT - quick question - when you say 'route through', do you mean the client (playpen) behind the new server (UKPC) should be able to ping my other machines not behind it? I tried adding a new route on the server to 192.168.1.0/255.255.255.0 via eth1 but it didn't help.

Hmm....

So I'm seeing:

eth0 eth1
+--------+
192.168.2.1 | Linux | 192.168.1.1
---------------------| |-----------------
+--------+

ukpc is connected on the eth0 side?
whilst playpen is on the eth1 side?

This is what I hade from a routing side:


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth1

What I can see is that you had DHCP on eth1 that failed to pickup an address (thus the 169.254.0.0 network... also the bottom line is 'interesting'.

I would recommend removing all entries in:
/etc/sysconfig/networking/devices/*eth*
/etc/sysconfig/networking-scripts/ifcfg-eth?

Reboot... you should be able to then configure eth0 on reboot.
Manually configure eth1 by changing to /etc/sysconfig/networking-scripts
and copying ifcfg-eth0 to ifcfg-eth1. Then edit the newly created file.

You should then be able to issue a service network restart

Interestingly you don't have a default route... this could be part of your problem.

Whilst you have a route for the 192.168.1.0 network, you don't for 192.168.2.0.

ARgg.. not infront of a Linux box to play a little... so you might need to test this out a little.

Look at the squid/firewalling next, get the basic network routing working first. ;)

Hope that helps.

Cheers,

Matt.

Matt,

Sorry - I left a vital piece of info in the original thread.

My network setup -

- NB1300 Modem Router (router mode, ext xxx.xxx.xxx.xxx, int 192.168.1.1, dhcp range 192.168.1.100-149)
- - fivestar (linux web/mail/file server, static 192.168.1.3)
- - armada (windows laptop, static 192.168.1.6)
- - queenvic (windows desktop, static 192.168.1.7)
- - library (linux file server, static 192.168.1.8)
- - ukpc (server test rig, ext 192.168.1.11, int 192.168.1.9, dhcp range 192.168.1.150-199)
- - - playpen (linux desktop, dhcp)


ukpc is the server I am trying to setup and playpen is the solitary desktop on the internal side while the rest of my home network is on the external side.

Since the above I changed the internal interface (eth0) to 192.168.2.1 and the internal network to 192.168.2.0/24. Playpen is set to dhcp and is allocated 192.168.2.199 by ukpc.

I already recreated eth0 and eth1 in network-scripts several times. I will give it one more go and then post the route table again tonight.

Thanks,

Allan

Okay... just to confirm now...

ukpc (server test rig, ext 192.168.1.11, int 192.168.2.1, dhcp range 192.168.2.100-199) <-- notice that 2.1 isn't in the range!
playpen (linux desktop, dhcp = assigned 192.168.2.199) .

Okay from what I can see...

Playpen needs:

It's default gateway to read: 192.168.2.1

UKPC needs:

default gateway to 192.168.1.1

Here is your ifcfg-eth0 setup
DEVICE="eth0"
BROADCAST=192.168.2.255
IPADDR="192.168.2.1"
NETMASK="255.255.255.0"
NETWORK=192.168.2.0
ONBOOT="yes"
BOOTPROTO="none"


Here is your ifcfg-eth1 setup
DEVICE="eth1"
BROADCAST=192.168.1.255
IPADDR="192.168.1.11"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
NETWORK=192.168.1.0
ONBOOT="yes"
BOOTPROTO="none"

Hope that helps...

Tip: You don't need a route to the 192.168.2.x network.. as it's clients are on the same network as the eth0 interface... so it knows to use eth0. :-)
You need a default route to 192.168.1.1 as anything it doesn't know... will be forwarded 'out'.

Ok. Rebuilt the configs for eth0 and eth1. No change.

Here is the route -n :

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1

I see 169.254.0.0 is still with us despite the fact that both interfaces are static.

Allan

Did you do the following:

service iptables stop
echo 1 > /proc/sys/net/ip_forward

You'll need that prior before you should be able to ping to both ends. ;)

Did you do the following:

service iptables stop
echo 1 > /proc/sys/net/ip_forward

You'll need that prior before you should be able to ping to both ends. ;)

Already done all that umpteen times. :(

When you say 'ping to both ends', what do you mean? Does it mean that playpen can ping other machines on my network on the other side of ukpc? Not working. Ping www.google.com? Not working. :(

I tried playpen in dhcp mode and with a static IP and hard coded gateway. No luck. I'm this close to wiping FC3 and giving TinySofa a go.

Allan

See my PM Allan.