Cannot ping internal network via eth1

Cannot ping internal network via eth1

Post by dmedh.. » Fri, 10 Nov 2006 20:52:20



Hi, Sorry I posted this in perhaps the wrong group.
Hope this is the correct one:)

 I have a strange problem with my home network.
It all used to work before but I disconnected everything and
reconnected
them again and  now everything is ok with the exception that I
cannot ping my internal network.

Setup:
I have a PC running linux with 2 interfaces.
Eth0 = external interface (dhcp) ip=whatever.
Eth1 = internal interface (static) ip=192.168.1.2
iptables setup unchanged - I run an iptables firewall on my PC
I used firestarter to setup the firewall which works fine for
forwarding
ports.

Eth1 connects to a linksys WRK54G home wireless router, via a cable.
The home router is 192.168.1.1 and I recently set it to factory
defaults.
I have set its default gateway to be 192.168.1.2 ( Eth1 on PC )

2 laptops (running windows XP) access the wireless router to connect
to the internet, ofcourse via my linux PC gateway.

Now, when I start a dhcp server on the linksys router and use dhcp
clients
on the laptops, I get connectivity. I also get connectivity if I dont
use a
dhcp server on the linksys and set up static ip on laptops using
default
gateway 192.168.1.1

But in either cases I have to set up a route to 192.168.1.2 via
192.168.1.1
on the laptops.
!!AND!!
The linux PC cannot ping nor ssh into the laptops (cygwin sshd). Though
this
used to work before!

I tried to setup a static route from the linux pc to the laptop to no
avail.
I get no route to host when I use ssh and host unreachable when i use
ping. ALL THIS even if iptables is turned OFF.
Plus I've noticed a strange 169.254.0.0 or something like that in the
routing table.

Can anyone help with any suggestions on how to
1) Not have to manually add a static route to 192.168.1.2 on the
laptops
2) How to make my PC ping and talk to my laptops

Thanks a big bunch.
D

 
 
 

Cannot ping internal network via eth1

Post by Moe Tr » Sat, 11 Nov 2006 04:58:06


On 9 Nov 2006, in the Usenet newsgroup comp.os.linux.misc, in article

Usenet newsgroup comp.os.linux.networking, in article


[Please don't post the same article in two or more newsgroups. If you
must post to multiple newsgroups, put them in a comma separated list as
I have done here, and set the Followup-to: header appropriately.  In this
case, if the article is on topic for comp.os.linux.networking (and it is),
then it doesn't belong in comp.os.linux.misc (which is for posts that
don't "fit" in other comp.os.linux.* groups).]

Quote:> I have a strange problem with my home network.
>It all used to work before but I disconnected everything and reconnected
>them again and  now everything is ok with the exception that I cannot
>ping my internal network.

Is it just ping, or all networking?   "What did you change?"

Quote:>Eth1 = internal interface (static) ip=192.168.1.2
>iptables setup unchanged - I run an iptables firewall on my PC
>I used firestarter to setup the firewall which works fine for forwarding
>ports.

OK

Quote:>Eth1 connects to a linksys WRK54G home wireless router, via a cable.
>The home router is 192.168.1.1 and I recently set it to factory defaults.
>I have set its default gateway to be 192.168.1.2 ( Eth1 on PC )

OK

Quote:>2 laptops (running windows XP) access the wireless router to connect
>to the internet, ofcourse via my linux PC gateway.

The router would have to be in transparent bridge mode for that to work.
What are the addresses of the two laptops?

Quote:>Now, when I start a dhcp server on the linksys router and use dhcp
>clients on the laptops, I get connectivity. I also get connectivity if
>I dont use a dhcp server on the linksys and set up static ip on laptops
>using default gateway 192.168.1.1

>But in either cases I have to set up a route to 192.168.1.2 via 192.168.1.1
>on the laptops.

Smells like the problem.

Quote:>!!AND!!
>The linux PC cannot ping nor ssh into the laptops (cygwin sshd). Though
>this used to work before!

What did you change?   I suspect the laptops are using the same 192.168.1.x
network range, but the router is not acting as a transparent bridge. The
result is that the laptops and the linux box think that because the network
number and network mask are the same, they can each talk _DIRECTLY_ to the
other, and don't have to use the router.  If you use a packet sniffer, you'd
likely see the Linux box sending ARP requests to the laptops ("where are you
little lap-doggy?"), and the router is not Proxy-arping ("I'm here"), or not
forwarding the ARP packets to the laptops and vice versa.

Quote:>I tried to setup a static route from the linux pc to the laptop to no
>avail.

How? Did you also try this the same time you told the laptop to send
everything for the Linux box via the router?

Quote:>I get no route to host when I use ssh and host unreachable when i use
>ping. ALL THIS even if iptables is turned OFF.

Routing issue, not firewall.

Quote:>Plus I've noticed a strange 169.254.0.0 or something like that in the
>routing table.

169.254.0.0/16 is the network used for "ZeroConf" - originated by Apple as
the "Rendezvous", renamed as "Bonjour", and adopted by microsoft as a means
to get networking running when the MCSE has so screwed up the configuration
of the DHCP server that even windoze can't run. Some Linux distributions
have added a route for that network so that packets with that range as a
source are not logged as "Martians".  If you see packets from that network,
some box is configured to get addresses from DHCP, but can't find a DHCP
server. As we use static addresses, we alarm if one of those addresses is
seen, as that means we have an intruder on our wires.

Quote:>Can anyone help with any suggestions on how to
>1) Not have to manually add a static route to 192.168.1.2 on the
>laptops
>2) How to make my PC ping and talk to my laptops

Two choices - change one or the other network address, so that the Linux box
and lap-doggies know they are on different networks, and have to send packets
to the router for onward transmission,   OR configure the WRK54G to bridge
the packets.  Adding host routes via the gateway would also work, but is
extra work.

        Old guy