| View previous topic :: View next topic |
| Author |
Message |
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
 Posted: Fri Sep 19, 2008 8:56 pm Post subject: [SOLVED] gentoo router & hardware router |
 |
|
This is what I'd like my setup to be.
Internet > Gentoo Router > Hardware Router > rest of computers in my network.
I am following this: http://gentoo-wiki.com/HOWTO_setup_a_home-server
First thing I did was turn off DHCP on my Hardware Router (Don't have access to a switch).
Going from the Gentoo Router to the Hardware Router I plugged it into the Uplink port. With this configuration I was unable to ping any of the computers on my network, along with the router. If I plugged the Gentoo router into a normal port on the hardware router I was able to ping the other computers but they did not have internet, while the gentoo router did have internet access.
The IPs of the gentoo router and hardware router were not the same throughout this process. What is going on here? Why can't I get that gentoo router to spit out internet to my network?
Last edited by treefinger on Fri Sep 26, 2008 7:56 pm; edited 1 time in total |
|
| Back to top |
|
 |
frostschutz
Veteran
Joined: 22 Feb 2005
Posts: 1913
Location: Germany
|
| Posted: Sat Sep 20, 2008 3:30 am Post subject: |
|
|
| What's the hardware router for? |
|
| Back to top |
|
|
Think4UrS11
Administrator
Joined: 25 Jun 2003
Posts: 6119
Location: Murphy is my neighbor
|
| Posted: Sat Sep 20, 2008 9:08 am Post subject: Re: gentoo router & hardware router |
|
|
| treefinger wrote: | | Going from the Gentoo Router to the Hardware Router I plugged it into the Uplink port. With this configuration I was unable to ping any of the computers on my network, along with the router. If I plugged the Gentoo router into a normal port on the hardware router I was able to ping the other computers but they did not have internet, while the gentoo router did have internet access. |
Various of those routers are configured to behave 'stealthy', means they do not respond to ping from outside. Secondly the routers are doing NAT, means from the outside all machines connected to that router are seen 'outside' by the external IP address of the router.
You need to reconfigure your HW router to
a) respond on ping (if you need that)
b) disable NAT, otherwise you'd need to configure port forwardings for each and everything to every box behind that router; depending on your needs and number of machines this might become an impossible task
The second issue might be as simple as 'the PC's use the HW router as default GW'; correct in that scenario though would be to configure the PCs to use the Gentoo router as default GW.
or ... you forgot to activate ip_forwarding on the Gentoo box.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Sat Sep 20, 2008 2:06 pm Post subject: |
|
|
frostschutz - I don't have a switch right now and I need something for my multiple computers on my LAN to plug into.
Think4UrS11 - Do you think I'd be better off just picking up a switch? I don't see anything on my hardware router configuration to disable NAT |
|
| Back to top |
|
|
Think4UrS11
Administrator
Joined: 25 Jun 2003
Posts: 6119
Location: Murphy is my neighbor
|
| Posted: Sat Sep 20, 2008 2:34 pm Post subject: |
|
|
depends on what you need.
From here it looks as if the router is only there because you need the switch functionality, correct? As long as the router has enough ports no need to replace it with a switch; better save the money and surprise your better half with a nice diner in her most beloved restaurant 
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
frostschutz
Veteran
Joined: 22 Feb 2005
Posts: 1913
Location: Germany
|
| Posted: Sat Sep 20, 2008 6:16 pm Post subject: |
|
|
| Then use the router as switch only (if it has an integrated switch). That means don't let it talk to your machines and don't talk to it by IP/DHCP, just let it's built in switch relay packets. Thusly the router is not a router but a switch. You are much better off with a switch because routing / natting twice causes a load of unnecessary problems. |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Sat Sep 20, 2008 6:35 pm Post subject: |
|
|
| Think4UrS11 wrote: | depends on what you need.
From here it looks as if the router is only there because you need the switch functionality, correct? As long as the router has enough ports no need to replace it with a switch; better save the money and surprise your better half with a nice diner in her most beloved restaurant |
How can I find out if my gentoo router has NAT installed?
I have a DI-604 hardware router.. only things I can change for that under LAN settings are.. IP, subnet
WAN are dynamic, static, etc..
and DHCP just to turn it on or off. |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Fri Sep 26, 2008 4:18 pm Post subject: |
|
|
I went back through and tried to do this again.. still not able to get internet to my other computers on the LAN.
They all get assigned an IP by the gentoo DHCP server.
What could be causing this? I am using the hardened kernel. |
|
| Back to top |
|
|
tutaepaki
Apprentice
Joined: 10 Nov 2003
Posts: 264
Location: New Zealand
|
| Posted: Fri Sep 26, 2008 4:52 pm Post subject: |
|
|
You might want to use this guide instead....
http://www.gentoo.org/doc/en/home-router-howto.xml
When connecting your gentoo router to the switch ports on the hw router, sounds like the gentoo router was missing either NAT, or IP forwarding was not enabled. The above guide will cover all that.
If you use the uplink port on the router, you'll probably have trouble with getting dhcp from the gentoo router to your workstations. You'd have to use dhcp on the home router, and have a different ip network on the link between the 2 routers. If you've got the ports on the inbuilt switch to spare, just use those. |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Fri Sep 26, 2008 5:00 pm Post subject: |
|
|
| tutaepaki wrote: | You might want to use this guide instead....
http://www.gentoo.org/doc/en/home-router-howto.xml
When connecting your gentoo router to the switch ports on the hw router, sounds like the gentoo router was missing either NAT, or IP forwarding was not enabled. The above guide will cover all that.
If you use the uplink port on the router, you'll probably have trouble with getting dhcp from the gentoo router to your workstations. You'd have to use dhcp on the home router, and have a different ip network on the link between the 2 routers. If you've got the ports on the inbuilt switch to spare, just use those. |
Thank you for the reply. I just used that guide a few minutes ago, still running into same problem. I was not using the uplink because when I did, my work stations were not even getting an IP assigned to them.
Is a kernel problem out of the picture?
I did the NAT setup on my gentoo box. |
|
| Back to top |
|
|
tutaepaki
Apprentice
Joined: 10 Nov 2003
Posts: 264
Location: New Zealand
|
| Posted: Fri Sep 26, 2008 5:45 pm Post subject: |
|
|
so what you have now, is that your workstations all get an IP from the gentoo router, and they can ping it, and the gentoo router is able to access the internet?
Some more questions for you...
Is your internet connection on the gentoo router a dynamic IP, or fixed
From the gentoo router, can you ping by name, and by IP
Try pinging the external interface of the gentoo router from a workstation
Does pinging internet from the workstation work by IP (try your default gateway, or dns server)
Run <iptables -t nat -L -n -v> on the gentoo router, and post the output
Run <iptables -L -n -v> on th egentoo router, and post the output
Run <cat /proc/sys/net/ipv4/ip_forward> on the gentoo router, and post the output
And finally  run an <ipconfig /all> or netstat -nr on one of the workstations (windows, or linux respectively)
 |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Fri Sep 26, 2008 7:23 pm Post subject: |
|
|
Well, for somereason ip_forward 1 is not sticking...
Is your internet connection on the gentoo router a dynamic IP, or fixed
1) dynamic, DHCP
From the gentoo router, can you ping by name, and by IP
2) I can ping by LAN ip, what do you mean by name? I don't have a domain name for any of my desktops that I know of.
Try pinging the external interface of the gentoo router from a workstation
3) Tried pinging the IP that my WAN ethernet device has been assigned by my ISP, timed out.
Does pinging internet from the workstation work by IP (try your default gateway, or dns server)
4) I can ping my gentoo server which is my gateway. I can log-in to it through SSH also
Run <iptables -t nat -L -n -v> on the gentoo router, and post the output
5)
| Code: | # iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 2475 packets, 767K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 30 packets, 3340 bytes)
pkts bytes target prot opt in out source destination
64 4588 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 94 packets, 7928 bytes)
pkts bytes target prot opt in out source destination
|
Run <iptables -L -n -v> on th egentoo router, and post the output
6)
| Code: | # iptables -L -n -v
Chain INPUT (policy ACCEPT 157 packets, 49242 bytes)
pkts bytes target prot opt in out source destination
34 3538 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1234 127K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 reject-with icmp-port-unreachable
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 DROP tcp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023
930 345K DROP udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023
Chain FORWARD (policy DROP 28 packets, 1344 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth1 * 0.0.0.0/0 192.168.0.0/ 16
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 192.168.0.0/ 16
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 192.168.0.0/ 16
Chain OUTPUT (policy ACCEPT 1385 packets, 154K bytes)
pkts bytes target prot opt in out source destination
|
Run <cat /proc/sys/net/ipv4/ip_forward> on the gentoo router, and post the output
7) # cat /proc/sys/net/ipv4/ip_forward
0
And finally run an <ipconfig /all> or netstat -nr on one of the workstations (windows, or linux respectively)
 didn't get this because I believe problem has to do with the ip_forward
/etc/sysct1.conf contains the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_dynaddr = 1 |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Fri Sep 26, 2008 7:40 pm Post subject: |
|
|
argh.. I thought the 'L' in /etc/sysctl.conf was a '1'. Solved the problem of 1 not sticking to /proc/sys/net/ipv4/ip_forward.
going to go and try to see if I can get some internet to my work stations now. |
|
| Back to top |
|
|
treefinger
n00b
Joined: 24 Aug 2008
Posts: 17
|
| Posted: Fri Sep 26, 2008 7:56 pm Post subject: |
|
|
hooray, finally, it is working.
thank you so much for all the help |
|
| Back to top |
|
|
|
Networking & Security
