Very Computer

    On the other hand, not routing past the next machine has not
    been as bad as I had imagined. I can telnet to my desktop, set
    my display variable and do anything I would have done on my
    portable.

    Thanks for the suggestions. They seemed well reasoned and I had
    hopes that they would help. I have studied the man page and the
    appropriate networking HOWTOs already. They, along with deja/google
    helped me to get to the point where I posted. I guess I'll just lurk
    here hoping another query or solution will help me to resolve
    my issues.

    regards,
    hank

--
Hank Barta                            White Oak Software Inc.

                Beautiful Sunny Winfield, Illinois

    I have added a wireless subnet to my home lan and am wrestling
    with routing (and perhaps firewalling) issues.

The LAN looks like:

            eth1
          external
             IP
        11.22.33.44      192.168.100.100      198.168.2.126
             |                |                    |
CABLE>--eth--<firewall>--eth--<desktop>--wireless--<portable>
MODEM                 |               |
                192.168.100.1     192.168.2.1
                     eth0

    Verbally, I have a firewall with a static IP for which I've
    substituted 11.22.33.44 on one Ether NIC (eth1) and a connection
    to a home lan (network address 192.168.100.0) using 192.168.100.1
    on eth0. Another host on the home lan (at 192.168.100.100) has
    a wavelan interface to which I have assigned the IP address
    192.168.2.1 and which I expect to route messages bwtween the
    two network interfaces. I have not compiled in support for
    advanced routing (2.2.18 kernel) but I have turned forwarding
    on with

 "echo 1 > /proc/sys/net/ipv4/ip_forward"

    On my firewall, I have opened up connections to the remote
    subnet with:

ipchains -A input  -i $LOCAL_INTERFACE_1 -s $LOCALNET_2 -j ACCEPT
ipchains -A output -i $LOCAL_INTERFACE_1 -d $LOCALNET_2 -j ACCEPT
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_2 -j MASQ

    where $LOCAL_INTERFACE_1 is eth0, $EXTERNAL_INTERFACE os eth1
    and $LOCALNET_2 is 192.168.2.1/24. (The original script was
    generated using Robert Ziegler's tool at
    http://www.linux-firewall-tools.com/linux/firewall/index.html

    When the wireless card is inserted, the routing table on the
    desktop looks like:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 eth0

    At this point, I can ping, ftp (600+ kB/sec!!!) between the
    desktop and portable with only one minor problem. When I telnet
    from desktop to portable, something has to time out because it
    takes several minutes to get the password prompt. Ping times
    are good at 1.9 ms. The problem I am encountering is routing
    or perhaps firewall related beyond the desktop.

    The standard routing configuration on the firewall is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
11.22.33.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         11.22.33.44     0.0.0.0         UG    0      0        0 eth1

    I have tried several routing configurations and so far none
    has worked completely. Using 'watch ifconfig' on the various
    hosts, I believe I have been able to tell how far ICMP packets
    from ping travel before getting blocked.

    The command

route add -net 192.168.2.0 netmask 255.255.255.0 dev eth0

    gets me:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
11.22.33.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         11.22.33.44     0.0.0.0         UG    0      0        0 eth1

    and using

route add -host 192.168.2.126 dev eth0

    gets

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.126   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
11.22.33.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         11.22.33.44     0.0.0.0         UG    0      0        0 eth1

    For both of these situations, ping from the firewall goes
    through the route to the desktop, but no further.

    Using

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.100.100

    gets

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
11.22.33.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     192.168.100.100 255.255.255.0   UG    0      0        0 eth0
0.0.0.0         11.22.33.44     0.0.0.0         UG    0      0        0 eth1

    and

route add -host 192.168.2.126  gw 192.168.100.100

    gets

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.126   192.168.100.100 255.255.255.255 UGH   0      0        0 eth0
11.22.33.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         11.22.33.44     0.0.0.0         UG    0      0        0 eth1

    In both of these configurations, the counters increment for
    both TX and RX on the route between the firewall and desktop
    *and* the route between the desktop and portable. However, ping
    still indicates 100% packet loss. It seems like either of these
    configurations is *real* close, but something is still amiss,
    perhaps on the desktop.

    Another bit of information. I have other machines on the same
    internal ethernet segment (192.168.100.0) that also cannot ping
    the portable.  (This is a Win2000 box and I cannot figure out
    how to add a route to the portable interface.)

    I would appreciate any suggestions anyone has that might help
    me to resolve this issue.

    Thanks,
    hank

--
Hank Barta                            White Oak Software Inc.

                Beautiful Sunny Winfield, Illinois

The remaining problem could lie in the wireless client's routing table. It should
have routes
    dest 192.168.2.0/24 (no gateway) and
    dest 0.0.0.0 (gateway 192.168.2.1)
on the wireless interface. Is the last one missing?

Sven

Does that match your description? This corresponds to settings in
/etc/pcmcia/network.opts of

    IPADDR="192.168.2.126"
    NETMASK="255.255.255.0"
    NETWORK="192.168.2.0"
    BROADCAST="192.168.2.255"
    # Gateway address for static routing
    GATEWAY="192.168.2.1"

    thanks,
    hank

--
Hank Barta                              White Oak Software Inc.

                Beautiful Sunny Winfield, Illinois

I would try

# route del default gw 192.168.2.1 eth0
# route add default gw 192.168.2.1 eth0

and see if Metric=0 after that (IIRC metric is an option to the route command that defaults to 0). If the above throws errors or doesn't work, "man route" might help you to figure out.

Sven