Very Computer

Hello,

I have been trying to get a Linux box set up as a gateway to forward,
masquerade and route packets from 2 client machines ( Pentium running
Win95
or Linux, and a SUN UltraSparc 1, Solaris 2.6). The local network
machines
can see each other, but cannot see outside the local net. The gateway
linux
box can see both the local net and the outside world.

The gateway machine (gate) is running RedHat 4.2. I recompiled the
kernel
(2.0.30) with support for masquerading, forwarding, firewalls, etc as
documented in the various HOWTOs and FAQs. Here are my IP assignments:

  161.44.128.227 - ppp0 interface on gateway Linux (linked to .206)
  192.168.1.1    - eth0 interface on gateway Linux
  192.168.1.10   - ethernet interface on Pentium Win95/Linux
  192.168.1.144  - ethernet interface le0 on UltraSPARC Solaris 2.6

I've loaded ip_masq_ftp, ip_masq_irc, and ip_masq_raudio modules.

I've configured the forwarding rules as follows:

    /sbin/ipfwadm -F -p deny
    /sbin/ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0

The -I and -O rules are all set up to default accept.

My routing table looks like:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
161.44.128.206  0.0.0.0         255.255.255.255 UH    0      0        0
ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        2
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        5
lo
0.0.0.0         161.44.128.206  0.0.0.0         UG    0      0       27
ppp0

IP forwarding is enabled. I checked /proc/sys/net/ipv4/ip-forward to
make
sure it contained 1.

The gate machine forwards _NO_ packets from the client machines. If I
try to
telnet to an outside address like 128.114.129.26, it will try a while,
and
then return unsuccessful.

I've used tcpdump to try to find out whats going on. If I look for a
packets with a specific host, like tcpdump -i eth0 host 128.114.129.26,
and
telnet to that address from my local net, all I see are some arp
requests on
the local net: arp who-has 128.114.129.26 tell 161.44.128.227. If I look
on
the ppp0 port, I see no packets with host address of 128.114.129.26.

Does anyone out there have a clue as to what might be wrong here? Gate
should be forwarding packets, but isn't.

Any insights would be greatly appreciated. I'll be eagerly watching this
newsgroup.

Thanks

-Jonathan

------------------------------------------------------------------------
Jonathan Crockett
Build Engineer
Global Alliances
Cisco Systems, Inc.
------------------------------------------------------------------------
"Life moves pretty fast. If you don't stop and look around once in a
while
you could miss it."

Uhm... I may have missed this in your post... but did you setup the gateway
on your Win95 and Solaris machine??? Without a gateway these machines will
not be able to see anything other than the local net because they won't have
a default route...

[snip]

Quote:> I've just experience the same problems setting a similar network. I have
> solved my problems and hopefully this will
> work for you too.
> As far as pinging a machine outside your local network, from what i have
> read (anyone with more knowledge can correct this for me if
> i get this wrong) is that ping uses a ICMP -protocol and thus will not
> make it through the masq (see Dial-On-Demand mini-HOWTO).
> As far as your ppp connection, make sure that the MTU on your network is
> the same as the PPP0.
> With my network eth0 has 1500 MTU. When I set the MTU to 1500 for the
> PPP in the /etc/ppp/options file all the problems i had with telnet and
> http were solved.

Thanks
-jc

------------------------------------------------------------------------
Jonathan Crockett
Build Engineer
Global Alliance - Release Engineering
Cisco Systems, Inc.
------------------------------------------------------------------------
"Life moves pretty fast. If you don't stop and look around once in a
while
you could miss it."

When I set up my linux box(RH 5.0), the file I had to edit for ip
forwarding was /etc/sysconfig/network.  I changed forward_ipv4 value
from false to true.

Sean

Quote:> As far as your ppp connection, make sure that the MTU on your network is
> the same as the PPP0.
> With my network eth0 has 1500 MTU. When I set the MTU to 1500 for the
> PPP in the /etc/ppp/options file all the problems i had with telnet and
> http were solved.

I don't know if this has any bearing on the original question.

Quote:> I've used tcpdump to try to find out whats going on. If I look for a
> packets with a specific host, like tcpdump -i eth0 host 128.114.129.26,
> and telnet to that address from my local net, all I see are some arp
> requests on
> the local net: arp who-has 128.114.129.26 tell 161.44.128.227. If I look
> on
> the ppp0 port, I see no packets with host address of 128.114.129.26.

In the example above, aren't you trying to telnet from a machine on your
local net, through the linux box, and out to the wider world? If this is
the case, why are you seeing arp packets?

If the gateways and default routes are configured correctly, the linux
box should just send the packet out over the default route (ppp
interface), shouldn't it?

I'm no expert, but this smacks of routing problems to me.

I know that's no real help, but I thought it worth mentioning. If its
total cobblers, apologies for any confusion it may cause!

Graham

Quote:> In the example above, aren't you trying to telnet from a machine on your
> local net, through the linux box, and out to the wider world? If this is
> the case, why are you seeing arp packets?

My Win95 is now working. I was testing mostly with a UltraSPARC/Solaris
2.6 connected to the gateway. I tried Win95 last night and it worked.

Perhaps my configuration on my Solaris 2.6 box is incorrect. I'm not as
familiar with Solaris as I am with Linux. I have the gateway specified
in the defaultrouter file in /etc. This worked on a different Solaris
box at work. Perhaps there is some other location to specify the gateway
for a Solaris that I'm not aware of?

I'll check my Solaris set up again tonight and try removing the
/etc/defaultrouter file to see what happens.

Thanks for all the suggestions everyone. :) It's appreciated.

Quote:> If the gateways and default routes are configured correctly, the linux
> box should just send the packet out over the default route (ppp
> interface), shouldn't it?

> I'm no expert, but this smacks of routing problems to me.

> I know that's no real help, but I thought it worth mentioning. If its
> total cobblers, apologies for any confusion it may cause!

> Graham

[snip]

Hip hip hooray!!! My home network is now fully functional. I think
setting the MTUs to all match fixed one problem, and allowed my Win95
machine to successfully see the internet. My Solaris 2.6 UltaSPARC was
little more tricky. It still wouldn't work and I finally found out why.
For one, I had the wrong IP selected as the gateway, I had my gateway's
outgoing ppp0 IP instead of the local eth0 specified. That fixed the
incorrect arps I was seeing, however DNS still was failing. I finally
discovered that DNS hadn't been turned on in nsswitch.conf. Duh. So now
I am finally happy. I have a 486 Linux box working as a masquerading
gateway and print server for my Win95/Linux Pentium and my UltraSPARC.
And its all working! Awesome dudes. Thanks to everyone who read my posts
and especially those that replied with suggestions. I love the net ;-)

------------------------------------------------------------------------
 Jonathan Crockett
 Build Engineer
 Global Alliance - Release Engineering
 Cisco Systems, Inc.
------------------------------------------------------------------------
 "Life moves pretty fast. If you don't stop and look around once in a
 while you could miss it."