Very Computer

Hi:

My Linux box is connected to the local network.  It has its own IP
address on that network.  My Linux box is also connected to the rest
of the internet via a PPP connection.  It has its own IP address for
that PPP connection too (dynamically assigned).

My Linux box has kernel support for forwarding/routing packets.
My Linux box has kernel support for having two IP addresses for just
this sort of occasion (CONFIG_DUMMY is set).

On the local network I tell a Win95 machine (it doesn't have to be
Win95, but in this case it is) that my Linux box is the gateway for
that Win95 machine.

There exists a route from my Linux box to the Win95 machine.

Let's call the eth0 IP address of my Linux box ETHIP.
Let's call the ppp0 IP address of my Linux box PPPIP.

Now let's test:

From my Linux box, I can ping the Win95 machine.
From my Linux box, I can ping my ppp peer (and the rest of the
  Internet).

From the Win95 machine, I can ping ETHIP.
From the Win95 machine, I can also ping PPPIP.

I cannot, however, ping even one machine beyond my Linux box from the
Win95 machine.  This is the crux of the problem, and I'm not quite
sure what to configure (or how to configure it) on my Linux box in
order to successfully route the packets from the Win95 machine to
my ppp peer.

I've looked briefly at gated, but I couldn't find source code nor
man pages nor sample config files at sunsite, so I didn't know if
that was the right package to use or not.  I'm also unfamiliar with
routed.  The NET-2-HOWTO didn't offer detailed help either.

Any and all help would be appreciated.  Please send ideas to my

posting.

Many thanks in advance,
  jim

Your problem shouldn't be any big deal, because WWW, Realaudio, ftp,
telnet, etc, etc, should all work fine...  You can live without a measly
little "ping" command, can't you?

Jeff Halverson
Ess Architects

    I would appreciate help on a similar problem, except we are talking of a
Linux box on the local segment that has unrestricted access to the Internet
and PPP between it and a client machine, that can run Linux or Win95.  The
client machine only sees and can only get to the Linux box (its gateway).   IP
Forwarding is also enabled in the kernel.

    No special route was created, since I don't know how to visualise the
passage from one device to another (ppp0 <--> eth0).  Assistance with this
might help me understand the same situation between our masquerading host,
routers, and internal machines.

Thanks,

                        Patrick

--

|> My Linux box is connected to the local network.  It has its own IP
|> address on that network.  My Linux box is also connected to the rest
|> of the internet via a PPP connection.  It has its own IP address for
|> that PPP connection too (dynamically assigned).
....
|> I cannot, however, ping even one machine beyond my Linux box from the
|> Win95 machine.  This is the crux of the problem, and I'm not quite
|> sure what to configure (or how to configure it) on my Linux box in
|> order to successfully route the packets from the Win95 machine to
|> my ppp peer.

I guess you just cannot do that with a single IP address from your
provider ! You need a subnet and a provider who does routing into
it.
Or what about ip-masqerading, so many people are talking about it,
this could work !

================================================================
   Arndt Brenschede, Dipl.-Phys.
   II. Physikalisches Institut der Uni Giessen
   Heinrich-Buff-Ring 16, 35392 Giessen (Germany)
   Tel: 0641-702-2786
   Fax: 0641-74390

================================================================

1. Add a default route to the internet provider at you linux box:
     route add default ppp0
     (ppp0 - ppp device)

   You can test if this works by pinging any address beyond the
   IP address of the remote router you're connected to.

   There are two scripts you can use to add and delete this
   default route: /etc/ppp/ipup and /etc/ppp/ipdown.

   e.g. ipup:
      #!/bin/sh
      route add default ppp0

2. You may have to configure your Windows 95 box to gateway
   packages it doesn't know where to route through your linux box.
   (default gateway in the TCP/IP setup?). I don't know exactly
   about that.

BUT...

Wouldn't you rather want to use a firewall with a proxy server?
You're open to the net the way you're connecting now.

Best regards,

Hans

I hope this eventually gets out.  My ISP is down right now. :-(

=My Linux box is connected to the local network.  It has its own IP
=address on that network.  My Linux box is also connected to the rest
=of the internet via a PPP connection.  It has its own IP address for
=that PPP connection too (dynamically assigned).

Dynamically assigned, huh?  I suspect your problem is related to this.

=My Linux box has kernel support for forwarding/routing packets.
=My Linux box has kernel support for having two IP addresses for just
=this sort of occasion (CONFIG_DUMMY is set).

=On the local network I tell a Win95 machine (it doesn't have to be
=Win95, but in this case it is) that my Linux box is the gateway for
=that Win95 machine.

=There exists a route from my Linux box to the Win95 machine.

=Let's call the eth0 IP address of my Linux box ETHIP.
=Let's call the ppp0 IP address of my Linux box PPPIP.

=Now let's test:
=
=From my Linux box, I can ping the Win95 machine.
=From my Linux box, I can ping my ppp peer (and the rest of the
=  Internet).
=
=From the Win95 machine, I can ping ETHIP.
=From the Win95 machine, I can also ping PPPIP.
=
=I cannot, however, ping even one machine beyond my Linux box from the
=Win95 machine.  This is the crux of the problem, and I'm not quite
=sure what to configure (or how to configure it) on my Linux box in
=order to successfully route the packets from the Win95 machine to
=my ppp peer.

You say you're having touble getting from from the Win-95 machine through the
Linux box to the outside world.  I doubt it.  I suspect that it is the ping
*replies* that are being lost.  You can see if packets are getting out by looking
at the Tx and Rx lights on the modem.  (Too bad if you're modem is internal.)
If the lights blink, the packets are being routed.  I suspect you'll see
the transmit light blink but won't see a reply.

If you're connecting to an ISP with dynamic IP address assignment, you've
got a problem.  Your PING packets are probably getting to their destination.
The replies, though, are lost.  Why?  Well, the bottom line is that IP packets
don't have a route but only a destination address.  There's no way for
the ping reply to get to you.  If you picked your LAN addresses at random,
the replies are going to somebody somewhere and being thrown away.

In other words, you've only got one legal Internet address at home.  There's
no way you can put two or more boxes at home and have them all talk on the
Internet, because the Internet can't address them.  Even your ISP's PPP server
won't reply to your ping in the way you expect: it'll bit-bucket the reply
or send it out on the Internet.

What can you do?  Two answers:
1) Get a staticly assigned block of legal Internet addresses.  Maybe you could get
   4 or 8 addresses from your ISP.  Your ISP will have to set up his routing
   tables so that everything to your subnet goes over PPP to your Linux machine.
   You'll have to alter your netmasks accordingly.  You'll be charged more.
or
2) Use IP Masquerading.  I think.  I'm not done this--I don't need to--but you
   can do this on your Linux box.  Masquerading will make the Win-95 box think
   it's on the Internet and the Internet think that only your Linux box is on
   the Internet.  The Internet will see all traffic as coming from the Linux
   box only and will route all replies to that box.  The Linux box does this
   by fudging the port and IP address in packets from the Win-95 box to the
   Internet and vice versa.

   If you do this, make your local LAN a class-C reserved address, i.e., one of the
   addresses that is reserved for private LANs.  Sorry, I don't know offhand what
   that address is.  (If you instead pick an address at random, it will still work
   but you'd never be able to reach the *real* machine at that address.  Anyway,
   it's bad form not to use the "correct" non-forwardable subnet.)

   Beware: ping doesn't work through a masquerading Linux box.
   Try ftp or telnet to the outside.  Even a "connection refused"
   indicates that routing is working.

   I suspect that masquerading is what you want, but I won't pretend that it's
   easy to set up.
--
Len Reed

Holos Software, Inc.
Voice: (770) 496-1358 ext. 16

It's 24 Jul 96  09:41,

discussion of linux box as router between LAN and internet-via-ppp / help requ

 lb> Dynamically assigned, huh?  I suspect your problem is related to this.

I'd be certain of this!  Or more correctly, the assignment of only 1 IP
address.

 lb> There's no way you can put two or more boxes at home and have them all
 lb> talk on the Internet, because the Internet can't address them.  Even
 lb> your ISP's PPP server won't reply to your ping in the way you expect:
 lb> it'll bit-bucket the reply or send it out on the Internet.

Well, the simple fact is that the Internet has no way of knowing how to
correctly route packets for the second machine, since the ISP is
configured on the assumption that only one machine will be connected to
any dialin line at a time.

 lb> What can you do?  Two answers:
 lb> 1) Get a staticly assigned block of legal Internet addresses.  Maybe
 lb> you could get 4 or 8 addresses from your ISP.  Your ISP will have to
 lb> set up his routing tables so that everything to your subnet goes
 lb> over PPP to your Linux machine. You'll have to alter your netmasks
 lb> accordingly.  You'll be charged more. or

This is the solution I chose. :-)  I have a block of 8 IP addresses
here...

 lb> 2) Use IP Masquerading.  I think.  I'm not done this--I don't need
 lb> to--but you can do this on your Linux box.  Masquerading will make
 lb> the Win-95 box think it's on the Internet and the Internet think
 lb> that only your Linux box is on the Internet.  The Internet will see
 lb> all traffic as coming from the Linux box only and will route all
 lb> replies to that box.  The Linux box does this by fudging the port
 lb> and IP address in packets from the Win-95 box to the Internet and
 lb> vice versa.

Never tried this, but I'm also interested in this technique, and how
it's applied for two reasons:

1.  If I ever have to connect the whole network to another ISP for some
strange reason...

2.  If I ever get more than 6 machines (I have 3 currently) I want to
connect to the Internet, the rest would most likely be on a separate
subnet, and using masquerading (e.g. of one of my neighbours wants to
hitch a 'free ride' on the Internet). :-)

 lb> If you do this, make your local LAN a class-C reserved address,
 lb> i.e., one of the addresses that is reserved for private LANs.
 lb> Sorry, I don't know offhand what that address is.  (If you instead

Class c:

Choose a subnet from 192.168.x.y, where x is between 0 and 255, y
represents the IP addresses the machines will have (i.e. 1-254).  These
are the reserved class C addresses...

... Mary had a little lamb. And some white wine and a salad on the side.
--
| Fidonet:  Tony Langdon 3:632/367.2

|
| Freeway Internet Gateway, Melbourne, Australia.  For information about
| our services and conditions of use, e-mail:

Hi.
I've been using Maquerading for months now.  It seems to work fine.
However, I'm interested in how you guys managed to get an ISP to assign
you a subnet and set up the routing tables for you.  I've asked several
providers if they could assign me a handful of address and handle the
routing.  Of the few who seemed to really understand what I was talking
about, none of them said that they could do it.  They always wanted to
fix me up with a class C address.  If anyone can tell me the name of a
provider that can do this sort of thing, please let me know.
Masquerading can't do everything, and like you said, only the box that's
dialed up is visible on the Internet side.

Thanks,
Mark