Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to ping on 2 different subnets from clients
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 3:40 am    Post subject: How to ping on 2 different subnets from clients Reply with quote

My clients via ethernet-non wireless are on the subnet 192.168.1.x

My wireless....are on 192.168.42.x

I have a router I created with 3 cards (with Gentoo on it)

1x Wan - ethernet - dhcp from ISP
1x Lan - ethernet - 192.168.1.1
1x Wifi Card - 192.168.42.1

How do I ping from PC "A" which is 192.168.1.100 and ping my laptop 192.168.42.2

I am just getting my feet wet with networking - I got wifi working with hostapd ... but I can't ping my laptop from my ethernet connected PC.

Any guides? Google isn't returning much.

Thanks
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Wed Feb 07, 2018 4:31 am    Post subject: Reply with quote

What are your network masks?

It should just 'work' if you have netmasks on your LANs (wl and wired) to 255.255.255.0 and you have forwarding enabled which you should, if NAT is working...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Wed Feb 07, 2018 7:35 am    Post subject: Reply with quote

You need to enable IPv4 forwarding on the router, it's off by default unless some routing daemon turns it on:
/etc/sysctl.d/fwd.conf:
net.ipv4.ip_forward=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1
Back to top
View user's profile Send private message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 10:24 am    Post subject: Reply with quote

eccerr0r wrote:
What are your network masks?

It should just 'work' if you have netmasks on your LANs (wl and wired) to 255.255.255.0 and you have forwarding enabled which you should, if NAT is working...


Both are 255.255.255.0
Back to top
View user's profile Send private message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 10:28 am    Post subject: Reply with quote

Ant P. wrote:
You need to enable IPv4 forwarding on the router, it's off by default unless some routing daemon turns it on:
/etc/sysctl.d/fwd.conf:
net.ipv4.ip_forward=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1


Already added no dice.Still can't ping 192.168.42.2 from 192.168.1.100

I can ping 192.168.42.1 though.
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany

PostPosted: Wed Feb 07, 2018 11:25 am    Post subject: Reply with quote

Hi,

Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.

greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB
Back to top
View user's profile Send private message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 1:00 pm    Post subject: Reply with quote

bbgermany wrote:
Hi,

Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.

greets, bb


Will do when I get home - currently at work.
Back to top
View user's profile Send private message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 8:30 pm    Post subject: Reply with quote

bbgermany wrote:
Hi,

Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.

greets, bb


Code:

traceroute to 192.168.42.2 (192.168.42.2), 30 hops max, 60 byte packets
 1  router (192.168.1.1)  0.132 ms  0.124 ms  0.125 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *



Code:

localhost ~ # iptables -L                                                                                                                   
Chain INPUT (policy ACCEPT)                                                                                                                 
target     prot opt source               destination                                                                                       
ACCEPT     all  --  anywhere             anywhere                                                                                           
ACCEPT     all  --  anywhere             anywhere                                                                                           
ACCEPT     all  --  anywhere             anywhere                                                                                           
REJECT     udp  --  anywhere             anywhere             udp dpt:bootps reject-with icmp-port-unreachable                             
REJECT     udp  --  anywhere             anywhere             udp dpt:domain reject-with icmp-port-unreachable                             
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh                                                                   
DROP       tcp  --  anywhere             anywhere             tcp dpts:0:1023                                                               
DROP       udp  --  anywhere             anywhere             udp dpts:0:1023                                                               
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh                                                                   

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             192.168.0.0/16     
DROP       all  --  anywhere             192.168.0.0/16     
ACCEPT     all  --  192.168.0.0/16       anywhere           
ACCEPT     all  --  anywhere             192.168.0.0/16     
ACCEPT     all  --  192.168.0.0/16       anywhere           
ACCEPT     all  --  anywhere             192.168.0.0/16     

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3104

PostPosted: Wed Feb 07, 2018 8:40 pm    Post subject: Reply with quote

I suppose it's a routing problem on the remote client.
It probably doesn't know it is connected to a router. E.g. no default gw defined.

What does `ip route` say?
What does ip -o a say?

If you can't spot any mistakes there, consider pasting the results from all 3 machines. You can anonymize wan interface, it's irrelevant


Edit: is this iptables dump from your rotuer or from client?
Also, does it work if you disable all firewalls along the way?
Back to top
View user's profile Send private message
voncloft
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2014
Posts: 99

PostPosted: Wed Feb 07, 2018 8:45 pm    Post subject: Reply with quote

szatox wrote:
I suppose it's a routing problem on the remote client.
It probably doesn't know it is connected to a router. E.g. no default gw defined.

What does `ip route` say?
What does ip -o a say?

If you can't spot any mistakes there, consider pasting the results from all 3 machines. You can anonymize wan interface, it's irrelevant


Edit: is this iptables dump from your rotuer or from client?
Also, does it work if you disable all firewalls along the way?


Code:

default via 192.168.1.1 dev bond0 src 192.168.1.100 metric 12       
192.168.1.0/24 dev bond0 proto kernel scope link src 192.168.1.100 metric 12


iptables is not installed on client
I have no firewall software on the moment - this router is in the beginning stages.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3104

PostPosted: Wed Feb 07, 2018 8:56 pm    Post subject: Reply with quote

THis one is your lcoal client, isn't it?
The remote one would be 192.168.42.2, since this is the one that does not respond.

Finally, there is that ultimate weapon for network troubleshooting: wireshark (or tcpdump in text mode though it's not as user friendly). Launch it on the remote client and see if it receives anything and attempts to reply.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Thu Feb 08, 2018 12:17 am    Post subject: Reply with quote

Can you flush all your forward table rules, change it to default ACCEPT, and then see if it works?
You shouldn't need iptables on your non-router machines...

Also what's your route table look like on the router? And what is bond0? You have a more complicated setup than what seems to be implied...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Thu Feb 08, 2018 3:11 am    Post subject: Reply with quote

According to your iptables -L output, failure is expected. Your first two rules are identical (unless iptables is lying to you, which it probably is, which is why I always tell people to use iptables-save -c instead, but no one ever learns) and direct it to drop traffic that you say you want passed.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum