2 internal networks + internet -with- ipchains

2 internal networks + internet -with- ipchains

Post by Sarma Seetamraj » Tue, 12 Sep 2000 15:22:24



Desktop win98 has IP address 10.0.1.2
Wireless notebook has IP address 10.0.2.2
linux has two interfaces 10.0.1.1(ethernet) and 10.0.2.1 (wireless)

ping from desktop win98            -> to -> LINUX works (eth0)
ping from wireless notebook(win98) -> to -> LINUX works (eth2).

each win98 can access the internet independently (masquaraded by linux).
So, nothing wrong with any network  ** BY ITSELF **.

But I cannot ping one win98 from the other, across
networks.  All my knowledge of routing from college
is completely muddled with what ipchains does.

Can someone help me make one win98 ping the other?

ipchains -F
ipchains -A input -j ACCEPT
ipchains -A output -j ACCEPT
ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j MASQ
// No other ipchains commands.

(* Lets not get started on the previous line above.  Can you pl. help me with
the problem? *)

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
x.x.x.x         *               255.255.255.255 UH    0      0        0 ppp0
10.0.1.1        *               255.255.255.255 UH    0      0        0 eth0
10.0.1.0        *               255.255.255.0   U     0      0        0 eth0
10.0.2.1        *               255.255.255.255 UH    0      0        0 eth2
10.0.2.0        *               255.255.255.0   U     0      0        0 eth2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         x.x.x.x         0.0.0.0         UG    0      0        0 ppp0

[End]

 
 
 

2 internal networks + internet -with- ipchains

Post by Steve Co » Tue, 12 Sep 2000 20:10:05


It could be that each win machine does not know how to route to the other
subnet (or do reverse ip lookups).  Make sure the linux box ipchains is
configured to forward between both ethernet NIC interfaces and both win
boxes have the linux box as the default route


Quote:> Desktop win98 has IP address 10.0.1.2
> Wireless notebook has IP address 10.0.2.2
> linux has two interfaces 10.0.1.1(ethernet) and 10.0.2.1 (wireless)

> ping from desktop win98            -> to -> LINUX works (eth0)
> ping from wireless notebook(win98) -> to -> LINUX works (eth2).

> each win98 can access the internet independently (masquaraded by linux).
> So, nothing wrong with any network  ** BY ITSELF **.

> But I cannot ping one win98 from the other, across
> networks.  All my knowledge of routing from college
> is completely muddled with what ipchains does.

> Can someone help me make one win98 ping the other?

> ipchains -F
> ipchains -A input -j ACCEPT
> ipchains -A output -j ACCEPT
> ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j MASQ
> // No other ipchains commands.

> (* Lets not get started on the previous line above.  Can you pl. help me
with
> the problem? *)

> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
> x.x.x.x         *               255.255.255.255 UH    0      0        0
ppp0
> 10.0.1.1        *               255.255.255.255 UH    0      0        0
eth0
> 10.0.1.0        *               255.255.255.0   U     0      0        0
eth0
> 10.0.2.1        *               255.255.255.255 UH    0      0        0
eth2
> 10.0.2.0        *               255.255.255.0   U     0      0        0
eth2
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         x.x.x.x         0.0.0.0         UG    0      0        0
ppp0

> [End]


 
 
 

2 internal networks + internet -with- ipchains

Post by sarmasa.. » Wed, 13 Sep 2000 00:52:55


The wired-win98 has 10.0.1.1 (eth0) as the gateway/router
and the wireless-win98 has the same value too (set by dhcpd)
     though the wireless one, could have used 10.0.2.1 (eth2)
     as the router, but .....
... both *ARE ABLE* to access the internet, meaning both
know that 10.0.1.1(eth0) is the router for everything.

could you pl. precisely write the ipchains command to
do what you write below as "forward between the eth NIC inter...." ?

Nothing gets to me like DNS and IPCHAINS setup.
Thanks in advance.
Sarma



> It could be that each win machine does not know how to route to the
other
> subnet (or do reverse ip lookups).  Make sure the linux box ipchains
is
> configured to forward between both ethernet NIC interfaces and both
win
> boxes have the linux box as the default route



> > Desktop win98 has IP address 10.0.1.2
> > Wireless notebook has IP address 10.0.2.2
> > linux has two interfaces 10.0.1.1(ethernet) and 10.0.2.1 (wireless)

> > ping from desktop win98            -> to -> LINUX works (eth0)
> > ping from wireless notebook(win98) -> to -> LINUX works (eth2).

> > each win98 can access the internet independently (masquaraded by
linux).
> > So, nothing wrong with any network  ** BY ITSELF **.

> > But I cannot ping one win98 from the other, across
> > networks.  All my knowledge of routing from college
> > is completely muddled with what ipchains does.

> > Can someone help me make one win98 ping the other?

> > ipchains -F
> > ipchains -A input -j ACCEPT
> > ipchains -A output -j ACCEPT
> > ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j
MASQ
> > // No other ipchains commands.

> > (* Lets not get started on the previous line above.  Can you pl.
help me
> with
> > the problem? *)

> > # route
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref
Use
> Iface
> > x.x.x.x         *               255.255.255.255 UH    0      0
0
> ppp0
> > 10.0.1.1        *               255.255.255.255 UH    0      0
0
> eth0
> > 10.0.1.0        *               255.255.255.0   U     0      0
0
> eth0
> > 10.0.2.1        *               255.255.255.255 UH    0      0
0
> eth2
> > 10.0.2.0        *               255.255.255.0   U     0      0
0
> eth2
> > 127.0.0.0       *               255.0.0.0       U     0      0
0 lo
> > default         x.x.x.x         0.0.0.0         UG    0      0
0
> ppp0

> > [End]

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

2 internal networks + internet -with- ipchains

Post by Steve Co » Wed, 13 Sep 2000 17:58:52


I know it's working but eth0 (10.0.1.0 subnet) should not be the default
gateway route for the 10.0.2.0 subnet - if al else fails, temporarily try
setting the default route manually to the eth1 interface of the linux box.
Note: an IP address relates to an interface (network card) not a PC.
Therfore a default route of 10.0.1.0 on the 10.0.2.0 subnet refers to the
network card on the other subnet.

When you say the intenet connections work, is that browser only or can you
ping, tracert etc.? I guess you have full access and also have IP
masquarading set up (LAN machines hiding behind the same ppp IP address). If
this is the case, then the normal way to set this up is to set the forward
chain default rule to deny. Unless specific rules are set up for forwarding
internal subnet to internal subnet traffic, this default rule will block it.

For forwarding, make sure forwarding is enabled:
#echo 1 > /proc/sys/net/ipv4/ip_forward

I guess this is set, otherwise you ppp connection would not work.

Set up forwarding for each 'through' route for the win boxes

#ipchains -A forward -s 10.0.1.0/24 -d 10.0.2.0/24 -j ACCEPT
#ipchains -A forward -s 10.0.2.0/24 -d 10.0.1.0/24 -j ACCEPT

{I suppose, theoretically, this can be done in one line:
#ipchains -A forward -s 10.0.0.0/16 -d 10.0.0.0/16 -j ACCEPT}

Note: make sure you do not have any encompassing forward chain rule prior to
the above - except for the default chain: ipchains -P forward DENY

Steve


> The wired-win98 has 10.0.1.1 (eth0) as the gateway/router
> and the wireless-win98 has the same value too (set by dhcpd)
>      though the wireless one, could have used 10.0.2.1 (eth2)
>      as the router, but .....
> ... both *ARE ABLE* to access the internet, meaning both
> know that 10.0.1.1(eth0) is the router for everything.

> could you pl. precisely write the ipchains command to
> do what you write below as "forward between the eth NIC inter...." ?

> Nothing gets to me like DNS and IPCHAINS setup.
> Thanks in advance.
> Sarma



> > It could be that each win machine does not know how to route to the
> other
> > subnet (or do reverse ip lookups).  Make sure the linux box ipchains
> is
> > configured to forward between both ethernet NIC interfaces and both
> win
> > boxes have the linux box as the default route



> > > Desktop win98 has IP address 10.0.1.2
> > > Wireless notebook has IP address 10.0.2.2
> > > linux has two interfaces 10.0.1.1(ethernet) and 10.0.2.1 (wireless)

> > > ping from desktop win98            -> to -> LINUX works (eth0)
> > > ping from wireless notebook(win98) -> to -> LINUX works (eth2).

> > > each win98 can access the internet independently (masquaraded by
> linux).
> > > So, nothing wrong with any network  ** BY ITSELF **.

> > > But I cannot ping one win98 from the other, across
> > > networks.  All my knowledge of routing from college
> > > is completely muddled with what ipchains does.

> > > Can someone help me make one win98 ping the other?

> > > ipchains -F
> > > ipchains -A input -j ACCEPT
> > > ipchains -A output -j ACCEPT
> > > ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j
> MASQ
> > > // No other ipchains commands.

> > > (* Lets not get started on the previous line above.  Can you pl.
> help me
> > with
> > > the problem? *)

> > > # route
> > > Kernel IP routing table
> > > Destination     Gateway         Genmask         Flags Metric Ref
> Use
> > Iface
> > > x.x.x.x         *               255.255.255.255 UH    0      0
> 0
> > ppp0
> > > 10.0.1.1        *               255.255.255.255 UH    0      0
> 0
> > eth0
> > > 10.0.1.0        *               255.255.255.0   U     0      0
> 0
> > eth0
> > > 10.0.2.1        *               255.255.255.255 UH    0      0
> 0
> > eth2
> > > 10.0.2.0        *               255.255.255.0   U     0      0
> 0
> > eth2
> > > 127.0.0.0       *               255.0.0.0       U     0      0
> 0 lo
> > > default         x.x.x.x         0.0.0.0         UG    0      0
> 0
> > ppp0

> > > [End]

> Sent via Deja.com http://www.deja.com/
> Before you buy.

 
 
 

2 internal networks + internet -with- ipchains

Post by sarmasa.. » Thu, 14 Sep 2000 05:37:05


Found what works !!!!!!!!!!!!

I copied the line for masquarading (which is)

ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j MASQ

and turned it into

ipchains -A forward -s "10.0.0.0/16" -d 10.0.0.0/16 -j ACCEPT

BINGO !!!

The hint I was looking for was the comment on adding a forwarding
line :-)

Thanks anyways :-)



> I know it's working but eth0 (10.0.1.0 subnet) should not be the
default
> gateway route for the 10.0.2.0 subnet - if al else fails, temporarily
try
> setting the default route manually to the eth1 interface of the linux
box.
> Note: an IP address relates to an interface (network card) not a PC.
> Therfore a default route of 10.0.1.0 on the 10.0.2.0 subnet refers to
the
> network card on the other subnet.

> When you say the intenet connections work, is that browser only or can
you
> ping, tracert etc.? I guess you have full access and also have IP
> masquarading set up (LAN machines hiding behind the same ppp IP
address). If
> this is the case, then the normal way to set this up is to set the
forward
> chain default rule to deny. Unless specific rules are set up for
forwarding
> internal subnet to internal subnet traffic, this default rule will
block it.

> For forwarding, make sure forwarding is enabled:
> #echo 1 > /proc/sys/net/ipv4/ip_forward

> I guess this is set, otherwise you ppp connection would not work.

> Set up forwarding for each 'through' route for the win boxes

> #ipchains -A forward -s 10.0.1.0/24 -d 10.0.2.0/24 -j ACCEPT
> #ipchains -A forward -s 10.0.2.0/24 -d 10.0.1.0/24 -j ACCEPT

> {I suppose, theoretically, this can be done in one line:
> #ipchains -A forward -s 10.0.0.0/16 -d 10.0.0.0/16 -j ACCEPT}

> Note: make sure you do not have any encompassing forward chain rule
prior to
> the above - except for the default chain: ipchains -P forward DENY

> Steve



> > The wired-win98 has 10.0.1.1 (eth0) as the gateway/router
> > and the wireless-win98 has the same value too (set by dhcpd)
> >      though the wireless one, could have used 10.0.2.1 (eth2)
> >      as the router, but .....
> > ... both *ARE ABLE* to access the internet, meaning both
> > know that 10.0.1.1(eth0) is the router for everything.

> > could you pl. precisely write the ipchains command to
> > do what you write below as "forward between the eth NIC inter...." ?

> > Nothing gets to me like DNS and IPCHAINS setup.
> > Thanks in advance.
> > Sarma



> > > It could be that each win machine does not know how to route to
the
> > other
> > > subnet (or do reverse ip lookups).  Make sure the linux box
ipchains
> > is
> > > configured to forward between both ethernet NIC interfaces and
both
> > win
> > > boxes have the linux box as the default route



> > > > Desktop win98 has IP address 10.0.1.2
> > > > Wireless notebook has IP address 10.0.2.2
> > > > linux has two interfaces 10.0.1.1(ethernet) and 10.0.2.1
(wireless)

> > > > ping from desktop win98            -> to -> LINUX works (eth0)
> > > > ping from wireless notebook(win98) -> to -> LINUX works (eth2).

> > > > each win98 can access the internet independently (masquaraded by
> > linux).
> > > > So, nothing wrong with any network  ** BY ITSELF **.

> > > > But I cannot ping one win98 from the other, across
> > > > networks.  All my knowledge of routing from college
> > > > is completely muddled with what ipchains does.

> > > > Can someone help me make one win98 ping the other?

> > > > ipchains -F
> > > > ipchains -A input -j ACCEPT
> > > > ipchains -A output -j ACCEPT
> > > > ipchains -A forward -i ppp0 -s "10.0.0.0/16" -d ! 10.0.0.0/16 -j
> > MASQ
> > > > // No other ipchains commands.

> > > > (* Lets not get started on the previous line above.  Can you pl.
> > help me
> > > with
> > > > the problem? *)

> > > > # route
> > > > Kernel IP routing table
> > > > Destination     Gateway         Genmask         Flags Metric Ref
> > Use
> > > Iface
> > > > x.x.x.x         *               255.255.255.255 UH    0      0
> > 0
> > > ppp0
> > > > 10.0.1.1        *               255.255.255.255 UH    0      0
> > 0
> > > eth0
> > > > 10.0.1.0        *               255.255.255.0   U     0      0
> > 0
> > > eth0
> > > > 10.0.2.1        *               255.255.255.255 UH    0      0
> > 0
> > > eth2
> > > > 10.0.2.0        *               255.255.255.0   U     0      0
> > 0
> > > eth2
> > > > 127.0.0.0       *               255.0.0.0       U     0      0
> > 0 lo
> > > > default         x.x.x.x         0.0.0.0         UG    0      0
> > 0
> > > ppp0

> > > > [End]

> > Sent via Deja.com http://www.deja.com/
> > Before you buy.

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

1. ipchains redirection to internal network ? ? ?

any one knows how to set up ip redirection using ip chains

here is the whole picture
I have a Linux server running for my home network which is working fine,
firewall and masq is set up fine.
however there is this video conf program I use which sets up a serve at port
8080 (in the internal network) for video streaming. what I want to do is
redirect all port 8080 external connections to the internal computer I use
for video conf.
there is only one pc that I use for video conf, so there is only one IP
address that needs to always get these packets.

Well i guess I don't know much about ipchains and firewall stuff
using RedHat 6.2
kernal 2.2

2. Mounting Drive without root priviledges

3. ANNOYING > ipchains works fine AFTER I log in and ping my internal network!

4. Wanted/Germany: MkLinux CD

5. internal network access from internet

6. Compile problems with 2.5.7

7. NAT and aliased ips for internet web servers on 'internal' network

8. Modeline suggestion for 1800x1440?

9. Setting up internal network connected to internet

10. Ping Internet IP from Internal Network...

11. routing from internet to internal network

12. Accessing internal network from Internet

13. Internal Network can't browse the internal Web Server!!!!