Simple Routing problem on Suse Linux 7.3

[sophie24]

Hello
I have a Linux Computer (PC A) and 2 NT Computers (PC B+C).
Additionally i have a 56k modem installed and configured Samba on Linux and all Computers are connected well in the network.

PC A: IP 192.168.0.3 Subnetmask 255.255.255.0 (Routing PC)
(IP-Forwarding = Yes)
PC B: IP 192.168.0.5 Subnetmask 255.255.255.0
PC C: IP 192.168.0.6 Subnetmask 255.255.255.0
Now i want use PC A as router and configured 'route.conf' as:
192.168.0.5 192.168.0.3 255.255.255.255 eth0
192.168.0.6 192.168.0.3 255.255.255.255 eth0
default 192.168.0.3 255.255.255.255 eth0

Connections from PC A to Internet could be estabilished but from B and C not, what do i wrong in this config file ?

 

[sophie24]

I have forget to add that
1. 'rcroute restart' runs without errors
2. on booting up the system i get one message like:
Starting lpd2002-19-01 ... 'Get_Local_Host' Iocalhost IP adress not availible!
... but Starting Routing and httpd is ok and i can view the local webserver from the other computers .. ?!?

 

[sophie24]

i have also forget to thank for every help
regards
sophie

 

[ifincham]

Hi,







Simple routing will not work because of the local LAN addresses, i.e. they are not known 'out there' on the internet as they belong to the rfc1918 private address ranges -->

http://www.rfc.net/rfc1918.html

.







What you have to do is to use IP masquerading to perform source nat (network address translation) such that everything from the LAN goes to the internet with the IP address of the gateway. If you are using ipchains then you'd need something like this :







echo 1 >/proc/sys/net/ipv4/ip_forward



/sbin/modprobe ipchains



/sbin/ipchains -P forward DENY



/sbin/ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ







(assuming your modem is ppp0)







If you have iptables with kernel 2.4.x its similar :






echo 1 >/proc/sys/net/ipv4/ip_forward



/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp



/sbin/modprobe ip_conntrack ip_conntrack_ftp



/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0/24 -j MASQUERADE






You'd put those commands in a startup script like /etc/rc.d/rc.local .







Also, you should need any routing entries for any machines with address in your same 192.168.0.x subnet. You only need routes for addresses outside the local subnet, including a default route to use where there is no specific path known to the destination, i.e. a gateway box like your suse.







Hope this helps

 

[sophie24]

Hello ifincham,
thank you for your great help about network classes .. but it doesnt work fine ..

i have done everything what you wrote but i am not sure about my settings:
(Gateway entries of the NT machines)
IP 192.168.0.5 Subnetmask 255.255.255.0
(Gateway 192.168.0.3)
IP 192.168.0.6 Subnetmask 255.255.255.0
(Gateway 192.168.0.3)
is this correctly ?
(Gateway entry on the Linux machine)
and what should be the default gateway on my linux machine, this of my modem (127.0.0.1) or no entry?

Many thanks and regards
Sophie

 

[marsd]

What are you using to connect to the internet from your gateway? wvdial, kppp, what?
You should try wvdial, as it isreliable and
very rarely dies or screws up the default route when
configured properly.

If you have to manually configure routing for some reason:
You could partially automate the process with an upscript:
(Assuming one modem interface)

addr=$(ifconfig | awk ' {
line = 0
if ($0 ~ /^ppp.*/) {
line = NR
e_line = NR + 6
}
if (NR >= line && NR <= e_line) {
all = $0
}
if (all ~ /inet/) {
l = all
split(l,arr,&quot; &quot
for (x in arr) {
if (arr[x] ~ /addr.*/) {
print arr[x]
}
}
}
}' | sed 's/addr://')

and a `route add default gw $addr`

 

[ifincham]

Hi,

Yes, the gateways of the NT machines would all be set to 192.168.0.3 . The Linux box itself would normally have its default route set as the internet interface so that if you did a '/sbin/route' command to display the routing table the default route should show as going via that interface. If you need to set it manually you can do (as root) :

/sbin/route add default dev ppp0

If you specify the default as a device rather than an IP address its easier because usually your IP address for the modem interface will vary every time you connect.

Basically, if you can use the internet OK on the linux box then the only things to setup are (i) the masquerading and (ii) the client machines config so that they find the default gateway on the linux box. You might also need to check that the client machines are not configured to use a proxy - that would only be necessary if you using the squid cache proxy on the linux machine.

if it still doesn't work, what output do you get from a '/sbin/ifconfig' command ?

Regards

 

[sophie24]

Hello again,
i got this

PC_A:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:B3:A1:52:64
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::200:b1ff:fea1:5464/10 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:1967 errors:0 dropped:0 overruns:0 frame:0
TX packets:770 errors:0 dropped:0 overruns:0 carrier:0
collisions:3 txqueuelen:100
RX bytes:284177 (277.5 Kb) TX bytes:350610 (342.3 Kb)
Interrupt:11 Base address:0xe000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:277 errors:0 dropped:0 overruns:0 frame:0
TX packets:277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24961 (24.3 Kb) TX bytes:24961 (24.3 Kb)

ppp0 Link encapoint-to-Point Protocol
inet addr:195.186.242.115 P-t-P:195.186.241.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:136 errors:0 dropped:0 overruns:0 frame:0
TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:151468 (147.9 Kb) TX bytes:10008 (9.7 Kb)

PC_A:~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
zhb241pub1.blue * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default zhb241pub1.blue 0.0.0.0 UG 0 0 0 ppp0

when i want to go to internet with PC-B only the local 'index.html' apache website is visible, when i write '

http://www.suse.de'

then the local webserver is visible again. i tried many other websites everytime i get only the local website. .. very hard for a person who has startet with
networking for 3 months ..
well, many thanks for the detailed instructions
regards sophie

 

[sophie24]

additionally i have noticed that when i use the IP adress of my provider on the PC-B its going automatically to the localhost on the PC-A.So i think that the meaning of gateway on the PC B+C runs correctly but PC-A doesnt masquerade the IP adresses .. i am not quite sure ..

 

[ifincham]

Hi,

Looks OK so far... What do you get from :

/sbin/iptables -t nat -L

(or ipchains equivelent)

does it show the masquerading ?

Also do you get any success from the clients using a pure IP address. For example this one for

http://www.redhat.com

-->

http://216.148.218.197/

If so, its a dns problem and you need to set the dns config on your windows clients to use the dns servers of your ISP (forgot to mention that before !)

Regards

 

[sophie24]

PC_A:~ # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

 

[sophie24]

yes, i tried from the console(on PC B+C) to ping yahoo.com or lycos.com and other internetsites and get also no response. Entering the above IP adresses from the browser switches automaticaly to the local webadress on PC-A.

 

[marsd]

You're missing:
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24-j MASQUERADE

 

[ifincham]

Hi,

As marsd says, the output from your 'iptables -t nat -L' does not show the masquerade rules so presumably you didn't enter that (see my first reply - the word 'MASQUERADE' should go on the same line after the -j parameter.)

However, I'm still a bit unsure what you mean by your last comment - i.e. the browser going to 'the local webaddress' if you use a IP address in the URL. Do you mean the Apache test page (or your local website content) on the linux box ? Thats seems odd unless you have the browser configured as though the linux box was a proxy server. For IE, this would be in 'internet options' under the 'tools' menu - then Local Area Network settings on the 'Connections' tab. You want a direct connection to be set if you use masquerading.

Regards

 

[sophie24]

hello again
.. yes, its the apache testpage which i get for every dns entry on the client machines. I hope the clients are configured as well (i have put the gateway IP adress without the port number, dont know which one or where to find it, anyway ..)
i coulndt find the file rc.local (could be a newbiee problem but i have put the above commands in a shell, and get the following entries:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 anywhere
MASQUERADE all -- PCB anywhere
MASQUERADE all -- PCC anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

BUT, i couldnt go to internet with the clients .. i have tried the following commands for PC B+C:
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.5
-j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.6
-j MASQUERADE

Also i was gone to linuxfaq.com .. now i am at the end of my knowlegde of possiblilities .. couldnt config the riding masq and need help again (hopefully)

Most thanks for every help and this great side
regards sophie

also i have

 

[sophie24]

yes .. it works now fine .. what a great feeling ..
The clients couldnt find the nameserver because i set the network properties not well!!
After i set the IP adress of my provider into the DNS section of the clients machine, then it was possible to view any page from the clients browser. You have right, this was the reason why it was possible to
'ping IP.adress' but not
'ping

http://www.name.net'

Thanks a Million
Sophie

(With this problem i learned 5 times more than i first would, amazing)

 

[ifincham]

Hi,



Thats good news ... actually I did say to check the dns settings a few posts up the thread. This is one of the ways that masquerading differs from using a proxy. With a proxy you don't need to worry about dns because the proxy server fetches the output for the client so if the proxy server works then you just point the clients at that. Masquerading, however, just involves the masquerade host in performing network address translation to dynamically swap the source address of a packet to that of its own and do the reverse when it gets a related reply. DNS config is totally down to the client box and there is no assistance from masquerading. So, unless you make things easy by using dhcp on the clients, you must manually set their dns servers on each client to be masqueraded. This would generally be the same IP addresses listed in /etc/resolv.conf on the linux box.



Regards

 

[Guest_imported]

can Suse Linux be configureed to run from NT client workstation?

I have both Suse Linux and NT workstation configured on the same machine on on e hard disk and was wondering if there is any way to run linux from NT session.

 

[ifincham]

Hi,

If its on the same box the only way you can do that (especially with NT as the real o/s) is by using VMware Workstation to create a virtual machine running linux. Its perfectly possible but VMware is a commercial product and its not that cheap either ($299). See -->

http://www.vmware.com/products/desktop/screens_ws.html

Hope this helps