Q: Problem forwading ICMP packets thru eth0 to ppp0

Q: Problem forwading ICMP packets thru eth0 to ppp0

Post by Ge » Sat, 09 Mar 2002 05:26:15



Hi there,

This is a modified message I post earlier. I have a LAN like this
                        _    ___      
                   hub (_)--[___]<==  ... ==> Internet
                        | DSL modem
         +--------------+-------------+
         |              |             |  one NIC
       +---+          +---+         +---+
       |pcN|    ...   |pc1|         |pc0|
       +---+          +---+         +---+
      Windows        Windows        Linux (kernel 2.2.14-6.1.1)

Each host on the LAN can see each other and can access the Internet
directly through a pppoe client program. Now I'm trying to configure
to have pc1 to pcN access the Internet through the Linux host pc0.
I followed IP masquerading HOWTO, but failed to get things to work.
The following is what I get

On host pc0 (192.168.0.3)
- pc0 can ping itself
- pc0 can ping pc1 - pcN
- pc0 can ping a host on the Internet
On a Windows host (192.168.0.4 named "duck")
- it can ping others
- it can ping pc0
- it can *NOT* ping any host on the Internet

To watch the traffics, on a Windows host ("duck"), I pinged the
metalab.unc.edu with numeric IP address -- no response. On the
Linux host, I ran tcpdump and had the following.


Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
22:55:14.160076 < duck.mydomain > metalab.unc.edu: icmp: echo request
22:55:18.603412 < duck.mydomain > metalab.unc.edu: icmp: echo request
22:55:22.624261 < duck.mydomain > metalab.unc.edu: icmp: echo request
22:55:26.655224 < duck.mydomain > metalab.unc.edu: icmp: echo request

Then I repeated but ran tcpdump -i ppp0 icmp to see if there are
any traffics on ppp0. Nothing happened.

I figured I must have a IP masquerading routing/forwarding problem,
packets from the Windows host did not get out. Do I have to have a
second ethernet interface on the Linux host in order to get the IP
masq work?

For those who might be able to give me more hints, I attached the
output of network configuration and routing tables below.
-----------------------------------------------------------------
IP Masquerading
^^^^^^^^^^^^^^^
/etc/rc.d/rc.firewall executed manually with no error message,
modules loaded properly.
/proc/net/ip_masquerade exists.
/proc/sys/net/ipv4/ip_forward has value 1.

Network Interfacs
^^^^^^^^^^^^^^^^^
On the Linux host pc0, ifconfig shows
eth0      Link encap:Ethernet  HWaddr 00:80:C8:1E:7B:8D
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15452 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:9 Base address:0x300

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:642 errors:0 dropped:0 overruns:0 frame:0
          TX packets:642 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

ppp0      Link encap:Point-to-Point Protocol
          inet addr:65.93.8.213  P-t-P:65.93.8.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2903 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

On Windows, ipconfig shows
Windows 98 IP Configuration

0 Ethernet adapter :

 IP Address. . . . . . . . . : 0.0.0.0
 Subnet Mask . . . . . . . . : 0.0.0.0
 Default Gateway . . . . . . :

1 Ethernet adapter :

 IP Address. . . . . . . . . : 192.168.0.4
 Subnet Mask . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . : 192.168.0.3

Routing Tables
^^^^^^^^^^^^^^
On Linux host: netstat -rn shows
Kernel IP routing table
Destination    Gateway       Nenmask         Flags   MSS Window  irtt Iface
192.168.0.3    0.0.0.0       255.255.255.255 UH        0 0          0 eth0
65.93.8.1      0.0.0.0       255.255.255.255 UH        0 0          0 ppp0
192.168.0.0    0.0.0.0       255.255.255.0   U         0 0          0 eth0
127.0.0.0      0.0.0.0       255.0.0.0       U         0 0          0 lo
0.0.0.0        65.93.8.1     0.0.0.0         UG        0 0          0 ppp0

On Windows: C:\WINDOWS\>ipconfig shows
Active Routes:

  Network Address          Netmask  Gateway Address        Interface    Metric
          0.0.0.0          0.0.0.0      192.168.0.3        192.168.0.4       1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1         1
      192.168.0.0    255.255.255.0      192.168.0.4        192.168.0.4       1
      192.168.0.4  255.255.255.255        127.0.0.1        127.0.0.1         1
    192.168.0.255  255.255.255.255      192.168.0.4        192.168.0.4       1
        224.0.0.0        224.0.0.0      192.168.0.4        192.168.0.4       1
  255.255.255.255  255.255.255.255      192.168.0.4        0.0.0.0           1

 
 
 

Q: Problem forwading ICMP packets thru eth0 to ppp0

Post by Geb » Sat, 09 Mar 2002 15:34:40


Well, I haven't received any response, but I've spotted the problem
myself. I wish my experience would benefit those like me, especially
those in Canada and using Sympatico ADSL services (through PPPoE).

Summary
1. The setup as shown in the figure below is fine. In general,
   there is NO need to have two physical NICs on the Linux box
   that does IP masquerading/firewalling.
2. The solution to the problem I posted is to use the following
   command AFTER I start PPPoE process which creates an interface
   ppp0:


   This adds a rule to the forward chain that says any packets on
   interface ppp0 originating from subnet 192.168.0.0 that are
   destined for anywhere (0.0.0.0/0) shall be masqueraded.

   Now each host on the network can access the Internet.
4. It works for any virtual hosts (with VMWare) on that network as
   well.
5. The setup may be a cheap solution, but is NOT recommended.

Hope this information helps.
Ge B


> Hi there,

> This is a modified message I post earlier. I have a LAN like this
>                         _    ___
>                    hub (_)--[___]<==  ... ==> Internet
>                         | DSL modem
>          +--------------+-------------+
>          |              |             |  one NIC
>        +---+          +---+         +---+
>        |pcN|    ...   |pc1|         |pc0|
>        +---+          +---+         +---+
>       Windows        Windows        Linux (kernel 2.2.14-6.1.1)

> Each host on the LAN can see each other and can access the Internet
> directly through a pppoe client program. Now I'm trying to configure
> to have pc1 to pcN access the Internet through the Linux host pc0.
> I followed IP masquerading HOWTO, but failed to get things to work.
> The following is what I get

> On host pc0 (192.168.0.3)
> - pc0 can ping itself
> - pc0 can ping pc1 - pcN
> - pc0 can ping a host on the Internet
> On a Windows host (192.168.0.4 named "duck")
> - it can ping others
> - it can ping pc0
> - it can *NOT* ping any host on the Internet

> To watch the traffics, on a Windows host ("duck"), I pinged the
> metalab.unc.edu with numeric IP address -- no response. On the
> Linux host, I ran tcpdump and had the following.


> Kernel filter, protocol ALL, datagram packet socket
> tcpdump: listening on eth0
> 22:55:14.160076 < duck.mydomain > metalab.unc.edu: icmp: echo request
> 22:55:18.603412 < duck.mydomain > metalab.unc.edu: icmp: echo request
> 22:55:22.624261 < duck.mydomain > metalab.unc.edu: icmp: echo request
> 22:55:26.655224 < duck.mydomain > metalab.unc.edu: icmp: echo request

> Then I repeated but ran tcpdump -i ppp0 icmp to see if there are
> any traffics on ppp0. Nothing happened.

> I figured I must have a IP masquerading routing/forwarding problem,
> packets from the Windows host did not get out. Do I have to have a
> second ethernet interface on the Linux host in order to get the IP
> masq work?

> For those who might be able to give me more hints, I attached the
> output of network configuration and routing tables below.