How to get beyond Linux dial-in server

How to get beyond Linux dial-in server

Post by Georg E. Paulusberge » Fri, 06 Dec 2002 02:28:28



Hi,

I'm dialing from my Windows-box at the headquarter
into our Linux dialin-server at the subsidiary. Dialing in and
telnetting to the dialin-server is just perfect.
However, when I try to ping a PC behind the dialin-server
I get no response, i.e. a time out.
The other way round it's the same. When I ping my
Windows box from the Linux-server (after telnetting to it)
using the IP-address of my Windows box it has in the headquarter I get a
time out.

Headquarter has IP network address 192.168.1.x
My Windows-box has the local IP address 192.168.1.13.

Susidiary has IP network address 192.168.3.x
Linux-server has IP address 192.168.3.1
In /etc/ppp/options.ippp2 it says:
    # The IP addresses: <local>:<remote>
    192.168.3.200:192.168.3.201
    # The netmask it should be 255.255.255.255
    netmask 255.255.255.255
    proxyarp

And although I get the following output from
cat /etc/route.conf :
#Local susidiary route
192.168.3.0     0.0.0.0         255.255.255.0   eth0
192.168.3.200   0.0.0.0         255.255.255.255 ippp2
default         192.168.3.200

I keep getting the following lines from 'route -n'
(even after restarting routing with 'rcroute stop' and 'rcroute start')
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.3.201   0.0.0.0         255.255.255.255 UH    0      0        0
ippp2
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.3.201   0.0.0.0         UG    0      0        0
ippp2

My understanding is that the default gateway should bei 192.168.3.200
and the first line of 'route -n' should have 192.168.3.200 and NOT
192.168.3.201!?

Any help would be appreciated!

--
Georg E. Paulusberger
System- and Networkadmin.

 
 
 

How to get beyond Linux dial-in server

Post by The Tibetan Travelle » Fri, 06 Dec 2002 04:30:52



> I'm dialing from my Windows-box at the headquarter
> into our Linux dialin-server at the subsidiary. Dialing in and
> telnetting to the dialin-server is just perfect.
> However, when I try to ping a PC behind the dialin-server
> I get no response, i.e. a time out.
> The other way round it's the same. When I ping my
> Windows box from the Linux-server (after telnetting to it)
> using the IP-address of my Windows box it has in the headquarter I get a
> time out.

Let me rephrase it to make sure I usnderstand it.  You have several window
boxs and a linux dialup server on a LAN.  You can sit down at a window box,
telent into the server; but, can't ping the windows box you are sitting at?

If that is correct, it is a firewall, not a routing issue.  The two can
obviously see each other since you can telnet from one to the other.  It is
the pings that are dying.  This means your firewall is filtering the ping
packets but letting the telnet packets through.

--
And I feel like picking a fight, with everyone who thinks they are right.
All the preacher men, the politicians, all the critics, ant the things
they write.  -Rainmakers-

 
 
 

How to get beyond Linux dial-in server

Post by James Knot » Fri, 06 Dec 2002 09:18:45



> Headquarter has IP network address 192.168.1.x
> My Windows-box has the local IP address 192.168.1.13.

The local computer thinks the destination is on the same subnet, and
therefore does not try to use the router to send the packets.  Change the
network address of one of  the networks.

--

Fundamentalism is fundamentally wrong.


james.knott.

 
 
 

How to get beyond Linux dial-in server

Post by David Efflan » Fri, 06 Dec 2002 09:43:44




>> Headquarter has IP network address 192.168.1.x
>> My Windows-box has the local IP address 192.168.1.13.

> The local computer thinks the destination is on the same subnet, and
> therefore does not try to use the router to send the packets.  Change the
> network address of one of  the networks.

Or use eth IP for local ippp IP and proxyarp option on server, so eth will
answer arp requests for ippp IPs.

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 

How to get beyond Linux dial-in server

Post by Raqueeb Hass » Fri, 06 Dec 2002 11:53:44


what i get, i'm afraid thats an routing issue. did you try "proxyarp"
in /etc/ppp/options or options.server file?

just try that and let me know!

raqueeb hasssan
augusta, ga

 
 
 

How to get beyond Linux dial-in server

Post by James Knot » Fri, 06 Dec 2002 20:56:58



>> The local computer thinks the destination is on the same subnet, and
>> therefore does not try to use the router to send the packets.  Change the
>> network address of one of  the networks.

> Or use eth IP for local ippp IP and proxyarp option on server, so eth will
> answer arp requests for ippp IPs.

If both networks are 192.168.10 (assuming netmask is 255.255.255.0), how
does that work?  A host will compare the destination address, with the
local network address and netmask, to decide whether to use the router.  
While you can set up a proxy for the remote computer, wouldn't you have to
do that for all that you wanted to connect to?  What about the reverse
direction?  Or if the same host address is used on both networks?  Better
to avoid those hassles and go with different network addresses.

--

Fundamentalism is fundamentally wrong.


james.knott.

 
 
 

How to get beyond Linux dial-in server

Post by Clifford Kit » Sat, 07 Dec 2002 06:32:00



Quote:> I'm dialing from my Windows-box at the headquarter into our Linux
> dialin-server at the subsidiary. Dialing in and telnetting to the
> dialin-server is just perfect.  However, when I try to ping a PC
> behind the dialin-server
> I get no response, i.e. a time out.  The other way round it's
> the same. When I ping my Windows box from the Linux-server (after
> telnetting to it) using the IP-address of my Windows box it has in
> the headquarter I get a time out.
> Headquarter has IP network address 192.168.1.x
> My Windows-box has the local IP address 192.168.1.13.
> Susidiary has IP network address 192.168.3.x
> Linux-server has IP address 192.168.3.1
> In /etc/ppp/options.ippp2 it says:
>     # The IP addresses: <local>:<remote>
>     192.168.3.200:192.168.3.201
>     # The netmask it should be 255.255.255.255
>     netmask 255.255.255.255
>     proxyarp
> And although I get the following output from
> cat /etc/route.conf :
> #Local susidiary route
> 192.168.3.0     0.0.0.0         255.255.255.0   eth0
> 192.168.3.200   0.0.0.0         255.255.255.255 ippp2
> default         192.168.3.200

This is a distribution-specific configuration file and I don't really know
what it means since I don't know how it is created or for what purpose.

Quote:> I keep getting the following lines from 'route -n'
> (even after restarting routing with 'rcroute stop' and 'rcroute start')
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.3.201   0.0.0.0         255.255.255.255 UH    0      0        0
> ippp2
> 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 0.0.0.0         192.168.3.201   0.0.0.0         UG    0      0        0
> ippp2
> My understanding is that the default gateway should bei 192.168.3.200
> and the first line of 'route -n' should have 192.168.3.200 and NOT
> 192.168.3.201!?

No, it is exactly what it should be for what you requested: the local IP
address of the remote PPP interface.  The PPP IP addresses you requested
will allow Windows-to-server host communications, but not communication
between the Windows host and any other host on the server's LAN.

Quote:> Any help would be appreciated!

Remove the pppd defaultroute option, use the server's LAN IP address,
192.168.3.1, as the local (server) PPP IP address and an (unused) IP
address on the server's LAN as the remote (Windows) PPP IP address in
the pppd local:remote option, and add the pppd proxyarp option.

Also make sure the server is doing IP forwarding.

--

PPP-Q&A links, downloads:    http://users3.ev1.net/~ckite/public_html/
/* 97.3% of all statistics are made up. */

 
 
 

How to get beyond Linux dial-in server

Post by James Knot » Sat, 07 Dec 2002 08:13:06



> If both networks are 192.168.10

That should have been 192.168.1.0.

--

Fundamentalism is fundamentally wrong.


james.knott.

 
 
 

How to get beyond Linux dial-in server

Post by David Efflan » Sat, 07 Dec 2002 13:36:42




>>> The local computer thinks the destination is on the same subnet, and
>>> therefore does not try to use the router to send the packets.  Change the
>>> network address of one of  the networks.

>> Or use eth IP for local ippp IP and proxyarp option on server, so eth will
>> answer arp requests for ippp IPs.

> If both networks are 192.168.10 (assuming netmask is 255.255.255.0), how
> does that work?  A host will compare the destination address, with the
> local network address and netmask, to decide whether to use the router.  
> While you can set up a proxy for the remote computer, wouldn't you have to
> do that for all that you wanted to connect to?  What about the reverse
> direction?  Or if the same host address is used on both networks?  Better
> to avoid those hassles and go with different network addresses.

Perhaps you are not familiar with proxy arp.  If in this case eth0 and
local ippp2 IP was 192.168.3.201 and proxyarp ppp option was used for the
ippp connection from the remote 192.168.3.200, then eth0 would handle LAN
arp requests for 192.168.3.200 and pass traffic to it.  For all intents
and purposes (except broadcasting) the remote ippp IP would appear to be
on the LAN.  Note that there is just a host route to remote ippp (which
would be followed for that IP before the net route to eth0).  In this case
I doubt if defaultroute should be used for ippp on the server, but it
should be on the client.

However, since the remote ippp box would only see traffic addressed to its
IP, it would not see LAN broadcast traffic (like smb), so Win file and
printer sharing would not work on the remote without WINS.

I actually proxy arp a 255.255.255.248 wireless subnet on my 255.255.255.0
LAN.  I just have to make sure I do not use the 8 ips in the .248 subnet
for anything else on the main LAN.

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 

How to get beyond Linux dial-in server

Post by James Knot » Sat, 07 Dec 2002 20:53:03



> Perhaps you are not familiar with proxy arp.  If in this case eth0 and
> local ippp2 IP was 192.168.3.201 and proxyarp ppp option was used for the
> ippp connection from the remote 192.168.3.200, then eth0 would handle LAN
> arp requests for 192.168.3.200 and pass traffic to it.

I am familiar with proxy arp, and even use it on my computer.  My point was
that while it's easy to use it for a single computer, he's connecting 2
networks.  How many computers does he want to access?  What happens if some
of those computers have the same IP as one on the local network?  He'd also
have to set up proxy arps on both ends.  Can he do that?

--

Fundamentalism is fundamentally wrong.


james.knott.

 
 
 

How to get beyond Linux dial-in server

Post by Clifford Kit » Sun, 08 Dec 2002 00:20:13




>> Perhaps you are not familiar with proxy arp.  If in this case eth0 and
>> local ippp2 IP was 192.168.3.201 and proxyarp ppp option was used for the
>> ippp connection from the remote 192.168.3.200, then eth0 would handle LAN
>> arp requests for 192.168.3.200 and pass traffic to it.
> I am familiar with proxy arp, and even use it on my computer.  My point was
> that while it's easy to use it for a single computer, he's connecting 2
> networks.  How many computers does he want to access?  What happens if some

I didn't see that he meant to connect two networks, only that he wanted
the Windows host to connect to the server and to be able to talk to
hosts on the server network.  The fact that the Windows host is on a
LAN seemed to me to be irrelevant.

--

PPP-Q&A links, downloads:    http://users3.ev1.net/~ckite/public_html/

 
 
 

1. Problems with dialing out when dial-ins are enabled

I'm having trouble getting dial-outs to work when dial-ins are
enabled.  I can dial out on /dev/cua1 when getty isn't running
on /dev/ttyS1, but when getty is running I get a message that
the port I'm trying to dial-out on (/dev/cua1) is in use.  I
read the FAQs and everything seems to be set up right.  What
am I doing wrong?  

[I'm running SLS 1.02 (0.99pl9).]
--
Eric Dittman                  Texas Instruments - Component Test Facility

Disclaimer:  Not even my opinions.  I found them by the side of the road.

2. DSL. Redhat, BANet Problem

3. Remote unix (RS/6000) servers with dial-ins

4. Talking to the modem via command line?!?!?!

5. Dial-up / Dial-In Linux Server to Windows Network for Mobile Users

6. Device allocation unde Solaris 7

7. Linux and Dial-ins (?)

8. PPP CHAP Fails after Upgrade ???

9. Getting beyond an established firewall?...internet access okay on same box with NT but not linux.

10. PPP problems with multiport dial-in/dial-out server

11. Linux Dial-in FTP server

12. dial ins

13. PPP dial-ins refused, OSR-5 with net100