I hope this eventually gets out. My ISP is down right now. :-(
=My Linux box is connected to the local network. It has its own IP
=address on that network. My Linux box is also connected to the rest
=of the internet via a PPP connection. It has its own IP address for
=that PPP connection too (dynamically assigned).
Dynamically assigned, huh? I suspect your problem is related to this.
=My Linux box has kernel support for forwarding/routing packets.
=My Linux box has kernel support for having two IP addresses for just
=this sort of occasion (CONFIG_DUMMY is set).
=On the local network I tell a Win95 machine (it doesn't have to be
=Win95, but in this case it is) that my Linux box is the gateway for
=that Win95 machine.
=There exists a route from my Linux box to the Win95 machine.
=Let's call the eth0 IP address of my Linux box ETHIP.
=Let's call the ppp0 IP address of my Linux box PPPIP.
=Now let's test:
=From my Linux box, I can ping the Win95 machine.
=From my Linux box, I can ping my ppp peer (and the rest of the
=From the Win95 machine, I can ping ETHIP.
=From the Win95 machine, I can also ping PPPIP.
=I cannot, however, ping even one machine beyond my Linux box from the
=Win95 machine. This is the crux of the problem, and I'm not quite
=sure what to configure (or how to configure it) on my Linux box in
=order to successfully route the packets from the Win95 machine to
=my ppp peer.
You say you're having touble getting from from the Win-95 machine through the
Linux box to the outside world. I doubt it. I suspect that it is the ping
*replies* that are being lost. You can see if packets are getting out by looking
at the Tx and Rx lights on the modem. (Too bad if you're modem is internal.)
If the lights blink, the packets are being routed. I suspect you'll see
the transmit light blink but won't see a reply.
If you're connecting to an ISP with dynamic IP address assignment, you've
got a problem. Your PING packets are probably getting to their destination.
The replies, though, are lost. Why? Well, the bottom line is that IP packets
don't have a route but only a destination address. There's no way for
the ping reply to get to you. If you picked your LAN addresses at random,
the replies are going to somebody somewhere and being thrown away.
In other words, you've only got one legal Internet address at home. There's
no way you can put two or more boxes at home and have them all talk on the
Internet, because the Internet can't address them. Even your ISP's PPP server
won't reply to your ping in the way you expect: it'll bit-bucket the reply
or send it out on the Internet.
What can you do? Two answers:
1) Get a staticly assigned block of legal Internet addresses. Maybe you could get
4 or 8 addresses from your ISP. Your ISP will have to set up his routing
tables so that everything to your subnet goes over PPP to your Linux machine.
You'll have to alter your netmasks accordingly. You'll be charged more.
2) Use IP Masquerading. I think. I'm not done this--I don't need to--but you
can do this on your Linux box. Masquerading will make the Win-95 box think
it's on the Internet and the Internet think that only your Linux box is on
the Internet. The Internet will see all traffic as coming from the Linux
box only and will route all replies to that box. The Linux box does this
by fudging the port and IP address in packets from the Win-95 box to the
Internet and vice versa.
If you do this, make your local LAN a class-C reserved address, i.e., one of the
addresses that is reserved for private LANs. Sorry, I don't know offhand what
that address is. (If you instead pick an address at random, it will still work
but you'd never be able to reach the *real* machine at that address. Anyway,
it's bad form not to use the "correct" non-forwardable subnet.)
Beware: ping doesn't work through a masquerading Linux box.
Try ftp or telnet to the outside. Even a "connection refused"
indicates that routing is working.
I suspect that masquerading is what you want, but I won't pretend that it's
easy to set up.
Holos Software, Inc.
Voice: (770) 496-1358 ext. 16