private lan setup with redhat help

[ezeke1]

Hello All,
I apologize in advance if this is the wrong forum for my question. I have many computers running under redhat 9.0 and I want them on a private lan. Everything is setup and I'm using the class A (10.0.0.0) addresses for them. All of the computers are connected to a 16 port linksys hub , but I am unable to get the computers communicating. Ping just returns packet loss. Can anyone tell me what I might be missing? I'm not using a router (unless it's absolutely needed) and I tried adding static routes between the computers but that doesn't work. Here is an example of two computer setup.

computer 1:
intf: eth0
ip: 10.0.1.1
gateway: 10.0.1.1
mask: 255.0.0.0

computer 2:
intf: eth0
ip: 10.0.1.2
gateway: 10.0.1.2
mask: 255.0.0.0

Thanks, David

 

[marsd]

Your default routing makes no sense.

Try this:

computer 1-:
ifconfig eth0 down
ifconfig eth0 10.0.1.1 netmask 255.0.0.0 up

computer 2-:
ifconfig eth0 down
ifconfig eth0 10.0.1.2 netmask 255.0.0.0 up

You should now be able to ping barring local firewall
issues or kernel level blocks against icmp.

 

[ezeke1]

Thanks for the attention marsd, but that doesn't doesn't appear to help.
Can you explain a little more about your comment on my default routing? My network experience has always been that I'm given a default gateway (via ISP, etc) and that is what I use for the routes. In this case, I am not sure what to use as the default route. The computers are connected via hub so I've tried setting the gateway to 0.0.0.0 to indicate they are directly connected. That didn't work so I switched and set the gateways to the IP of the ethernet interface. That doesn't work either.
Right now I'm going to investigate the netmask and make sure that is correct but I thought 255.0.0.0 is what should be used for the IPs I'm using.

David

 

[marsd]

David.
I'm a little confused. A directly connected interface does not need a routing entry pointing to it's interface address.
Instead your routing table should look like:

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

As you see I added subinterfaces to verify the config:

machine1
eth0:1    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:10.0.1.1  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:3

machine2
eth0:2    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:10.0.1.2  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0x2400

I have no problems and there should be none.
RH is a little flaky with it's routing config however.
I often ignored the global network paramaters file
and specifiecd information per interface in ifcfg-eth0,
etc..when working on RH machines.
Also remember to issue a network script restart after
any changes.

Good Luck.

 

[ezeke1]

Thank you again marsd. Your points on the default gateway make alot of sense. I reconfigured the routing table on each machine to look exactly like you had above. I didn't add subinterfaces because I wasn't sure I needed to since 'eth0' is configured properly and it's up and broadcasting.

That said, the machines are still unable to ping each other. I can get a snapshot of my configs if that helps but I'm wondering if there is something else I'm missing besides just the routes. Is there some routing service that Redhat needs to run?


-David

 

[marsd]

No need for subinterfaces, that was just for my example.

I still suspect a misconfiguration.

1. Make sure that each box can ping it's own assigned
address and loopback address.

2. Issue iptables -L -v -n to make sure you don't have
firewall rules in the way and to see what your default
policies are.

3. Verify that /proc/sys/net/ipv4/icmp_echo_ignore_all
is set to 0.

4.If you have manually reconfigured your routing
there is a good chance that there are problems there.
Conflicting entries are a big problem.
Dump route -n for us to take a look at.

5. Verify that your cabling and switch are good.

 

[ezeke1]

The computers are in a secure lab and the floppy drives are disabled. Unfortunately I will not be able to copy and paste configs to make this troubleshooting easier. Following your advice this is what I did and here is the info I gathered.

1. Both machines can ping their 'eth0' and loopback address

2. the 'iptables -L -v -n' command appears to show that there are some icmp policies that rejects any icmp requests. So I just turned this service off to knock it out of the equation by issuing the command 'service iptables stop'.

3. Verified that proc/sys/net/ipv4/icmp_echo_ignore_all
is set to 0.

4. route -n produces the following routes:
machine 1:
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 lo
machine 2:
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 lo


There isn't a route for the '192.168.1.0' network because I assume this is used by a router but in my setup there isn't one. There is only a hub. I beginning to think I need a router in order for this to work.

5. Equipment is verified and all is good.

p.s. What tag do I use to insert snippets of code?

Thanks again marsd.

-David

 

[marsd]

David,

The iptables thing may be a problem. You want to look at policies for your default chains and make sure they are
sane in a testing sense.

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

I have never trusted Linux rc scripts to do anything for
me. Learn the utility involved and you can do a better job
by yourself 50% of the time.

I was using subinterfaces because my machines already have
primary, and sometimes, secondary interfaces configured for specific addresses. The 192.168.1.0 subnet is a generic
private specific to my network(and probably many others)
and is not an issue.

Code tags are just bracketcodebracketstuffbracket/codebracket

 

[ezeke1]

Firewalling is really not needed on this network so I definitely want to keep iptables disabled. I'm not really experienced with the program so not having to deal with it will save me some time. Unless it is the case that iptables is required for routing then I'll have to invest some time and learn it like you said. Just to give it a shot I'll go ahead and run those iptable commands for testing.

Is it possible that I need a router in this scenario? I've always used a router in the past and I'm led to believe that all is really needed is a hub if you have static routes.

testing code tag.....
[this is code/]