Very Computer

First, some background.  I have an old IBM set up as the internet
gateway for my home network.  It is a ZipSlack box with kernel 2.2.16.
IP forwarding and masquerading is configured and works.  Internet is a
ppp connection through a modem.  An ethernet card is installed, and is
plugged into a hub.  Sharing the hub are the two household computers.

This gateway machine also has a Lucent Orinoco Silver card installed,
and we have a laptop equipped with a D-Link wireless card.

My problem is this--all client computers (the two primary machines on
the wired network, and the laptop via the wireless connection) can
access the internet just fine.  They can all ping and telnet into the
gateway machine just fine.  The two primary machines on the wired
network can ping each other and share Samba shares.  But the wired
client machines can't see the laptop, and it can't see them.

Why won't my gateway machine route traffic between the laptop and the
wired boxes?

On the gateway machine, the ethernet card is eth0, and its IP address
is 192.168.1.6.  The wireless card is eth1, its address is 192.168.2.6.
The two wired client boxes are 192.168.1.1 & 192.168.1.2, and the
laptop is 192.168.2.1

here's the executed parts of /etc/rc.d/rc.inet1 on the gateway machine:

-----------------------------------------------------------------------
HOSTNAME=`cat /etc/HOSTNAME`
ifconfig lo 127.0.0.1
route add -net 127.0.0.0 netmask 255.0.0.0 lo
ifconfig eth0 192.168.1.6 broadcast 192.168.1.255 netmask 255.255.255.0
ifconfig eth1 192.168.2.6 broadcast 192.168.2.255 netmask 255.255.255.0
-----------------------------------------------------------------------

Notice there are no "route add" statements in there for the NIC's.  I
have tested operation both before and after manually issuing the
following commands:

-----------------------------------------------------------------------
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
route add -net 192.168.2.0 netmask 255.255.255.0 dev eth1
-----------------------------------------------------------------------

Issuing those commands has no effect on the wireless to wired
communication (or lack thereof).  However, if I don't issue them, doing
"netstat -r" *s a very sluggish response in displaying my routing
table.  Here's what netstat -r tells me after I explicitly issue those
"route add" commands:

-----------------------------------------------------------------------
Kernel IP routing table
Destination    Gateway    Genmask         Flags  MSS Window  irtt Iface
192.168.2.0    *          255.255.255.0   U        0 0          0 eth1
192.168.2.0    *          255.255.255.0   U        0 0          0 eth1
localnet       *          255.255.255.0   U        0 0          0 eth0
localnet       *          255.255.255.0   U        0 0          0 eth0
loopback       *          255.0.0.0       U        0 0          0 lo
-----------------------------------------------------------------------

Any advice anyone has to offer on this would be very much appreciated!

P.S.
I will go ahead and mention my nagging fear.  I am afraid someone will
tell me I have to put the NIC's in the gateway machine into
"promiscuous mode", which will probably turn out to not be possible for
the wireless card-- unless I am somehow able to find a downgrade for
the firmware, since Lucent seems to have disabled promiscuousity in
recent firmware versions.

route add default gw 192.168.2.6

Also, you will have to have either a default route or a route to the
192.168.2.0/24 network on your wired machines pointing to the gateway,
so they will know how to reach machines on another subnet.  IE:
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.6
  or
route add default gw 192.168.1.6

You might also want to check that you aren't running some sort of
firewall rules that block the 192.168.2 network from being forwarded,
or that your masquerading/NAT rules are running for the whole
192.168.0.0/16 network, not just the 192.168.1.0/24 one.

Quote:>I hope that wasn't unwelcome name dropping, but going through posts in
>comp.os.linux.* I have found some by Mr. Hauck that indicate he has
>accomplished exactly what I'm trying to do.  Bluntly put, Mr. Hauck, if
>you're out there, I'd appreciate any pointers you can offer.  Of
>course, if ANYONE *at* *all* can help me through this, you will be
>greatly appreciated.

>First, some background.  I have an old IBM set up as the internet
>gateway for my home network.  It is a ZipSlack box with kernel 2.2.16.
>IP forwarding and masquerading is configured and works.  Internet is a
>ppp connection through a modem.  An ethernet card is installed, and is
>plugged into a hub.  Sharing the hub are the two household computers.

>This gateway machine also has a Lucent Orinoco Silver card installed,
>and we have a laptop equipped with a D-Link wireless card.

>My problem is this--all client computers (the two primary machines on
>the wired network, and the laptop via the wireless connection) can
>access the internet just fine.  They can all ping and telnet into the
>gateway machine just fine.  The two primary machines on the wired
>network can ping each other and share Samba shares.  But the wired
>client machines can't see the laptop, and it can't see them.

>Why won't my gateway machine route traffic between the laptop and the
>wired boxes?

>On the gateway machine, the ethernet card is eth0, and its IP address
>is 192.168.1.6.  The wireless card is eth1, its address is 192.168.2.6.
>The two wired client boxes are 192.168.1.1 & 192.168.1.2, and the
>laptop is 192.168.2.1

>here's the executed parts of /etc/rc.d/rc.inet1 on the gateway machine:

>-----------------------------------------------------------------------
>HOSTNAME=`cat /etc/HOSTNAME`
>ifconfig lo 127.0.0.1
>route add -net 127.0.0.0 netmask 255.0.0.0 lo
>ifconfig eth0 192.168.1.6 broadcast 192.168.1.255 netmask 255.255.255.0
>ifconfig eth1 192.168.2.6 broadcast 192.168.2.255 netmask 255.255.255.0
>-----------------------------------------------------------------------

>Notice there are no "route add" statements in there for the NIC's.  I
>have tested operation both before and after manually issuing the
>following commands:

>-----------------------------------------------------------------------
>route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
>route add -net 192.168.2.0 netmask 255.255.255.0 dev eth1
>-----------------------------------------------------------------------

>Issuing those commands has no effect on the wireless to wired
>communication (or lack thereof).  However, if I don't issue them, doing
>"netstat -r" *s a very sluggish response in displaying my routing
>table.  Here's what netstat -r tells me after I explicitly issue those
>"route add" commands:

>-----------------------------------------------------------------------
>Kernel IP routing table
>Destination    Gateway    Genmask         Flags  MSS Window  irtt Iface
>192.168.2.0    *          255.255.255.0   U        0 0          0 eth1
>192.168.2.0    *          255.255.255.0   U        0 0          0 eth1
>localnet       *          255.255.255.0   U        0 0          0 eth0
>localnet       *          255.255.255.0   U        0 0          0 eth0
>loopback       *          255.0.0.0       U        0 0          0 lo
>-----------------------------------------------------------------------

>Any advice anyone has to offer on this would be very much appreciated!

>P.S.
>I will go ahead and mention my nagging fear.  I am afraid someone will
>tell me I have to put the NIC's in the gateway machine into
>"promiscuous mode", which will probably turn out to not be possible for
>the wireless card-- unless I am somehow able to find a downgrade for
>the firmware, since Lucent seems to have disabled promiscuousity in
>recent firmware versions.

Quote:> My problem is this--all client computers (the two primary machines on
> the wired network, and the laptop via the wireless connection) can
> access the internet just fine.  They can all ping and telnet into the
> gateway machine just fine.  The two primary machines on the wired
> network can ping each other and share Samba shares.  But the wired
> client machines can't see the laptop, and it can't see them.

Samba depends on broadcast traffic. Routers do not normally forward
broadcasts. There are solutions to this, but I am no expert. WINS might be
a keyword here.  Ask samba folks, or just read the samba docs.

You could also try bridging software on the linux router, but I have never
tried it and do not know its limitations. The idea is to make the wireless
link be part of the same IP network as your wired network.

Enrique Perez-Terron

--
Replies sent via e-mail to this address will be promptly ignored.

OK, sorry it took so long to get back.  I got it fixed, but along the way
I broke some things, one of which was my internet connection :-)

It was your last paragraph which showed me the light.  I had never really
bothered to learn anything about ipchains rules, I just copied the 3-line
rule set for ip-masq'ing off the ipchains howto.  If you're not familiar
with this, it has two rules-- set default action to deny everything, but
masq traffic through the internet-connected interface.  I appended rules
to forward traffic destined for the private IP addresses (after much
muddling), and things are pretty much working now.

Thanks^3 for pointing me in the right direction on this--I actually had
no idea ipchains affected the routing in my local net.  I think I need to
acclimate myself to the idea that pretty much everything is local in some
respects...

Again thank you, very much.

I worded that badly.  My problem was not Samba, at that point in time--I
hadn't gotten nearly that far.  My laptop and the wired network (except
for the router itself) were not communicating with each other at all.
Pings were not reaching the other side of the gateway machine.  I now
have that fixed, but guess what?  Samba's not working across the router.
Does your last sentence mean I will have to put the laptop on the
192.168.1.* network along with the wired boxes?

Hi!,

Quote:> I worded that badly.  My problem was not Samba, at that point in time--I
> hadn't gotten nearly that far.  My laptop and the wired network (except
> for the router itself) were not communicating with each other at all.
> Pings were not reaching the other side of the gateway machine.  I now
> have that fixed, but guess what?  Samba's not working across the router.
> Does your last sentence mean I will have to put the laptop on the
> 192.168.1.* network along with the wired boxes?

Of course, I presume that the SAMBA daemon is running on the machine which has
the two ethernet cards in it.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+