Re: Buggered up my router somehow.

To: debian-user@lists.debian.org
Subject: Re: Buggered up my router somehow.
From: John Pearson <huiac@camtech.net.au>
Date: Sat, 5 Aug 2000 12:07:27 +0930
Message-id: <20000805120727.D9446@huiac.localnet>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <E13Kjoj-0000zt-00@hypermall.com>; from scriven@hypermall.com on Fri, Aug 04, 2000 at 09:55:25AM -0600
References: <E13Kjoj-0000zt-00@hypermall.com>

On Fri, Aug 04, 2000 at 09:55:25AM -0600, Adam Scriven - Lore wrote
> Ok, by some great and wonderful streak of stupidity, I seem to have somehow
> completely fscked up my router.
> 
> It's hooked up to an ADSL modem, running PPPoE (Roaring Penguin), and that part
> looks like it's working great.
> I've got 2 other network cards, both 3Com 905B.  I have the 3c59x module
> loading with modprobe, and I've checked ifconfig, and both cards look to be
> setup correctly.
> eth0 is 192.168.0.1, and eth1 is 192.168.1.1
> (Incedentally, eth2 is an NE2k-pci card, for the PPPoE client).
> 
> I can see the world just fine from the router (I'm telnetting to an ISP
> where my maail is hosted to send out this message, and I'm on the router now),
> but I can't ping anything on my 192.168.0.0 network (192.168.1.0 isn't used
> yet).
> The route command returns:
> Kernel IP routing table
> Destination	Gateway		Genmask		Flags Metric Ref   Use Iface
> ADSL-NAME	*		255.255.255.255	UH    0      0     0   ppp0
> 192.168.1.0	*		255.255.255.0	U     0      0     0   eth1
> 192.168.0.0	*		255.255.255.0	U     0      0     0   eth0
> default		ADSL-NAME	0.0.0.0		UG    0      0     0   ppp0
> 
> (I had to tyype this in by hand, so any formatting problems are mine.)
> 
> This all looks OK to me, but pinging just gives 100% packet loss, and traceroute
> to 192.168.0.2 from the router gives:
> traceroute: sendto: Operation not permitted
>  1 traceroute: wrote 192.168.0.2 38 chars, ret=-1

Assuming your router is a Linux box:

This means that your kernel is dropping the packets, probably due
to an IPChains rule or because forwarding is disabled.

Check 
# ipchains -L input
# ipchains -L output
# ipchains -L forward

and 
# cat /proc/sys/net/ipv4/ip_forward
(should be "1")

and
# cat /proc/sys/net/ipv4/conf/eth0/forwarding
# cat /proc/sys/net/ipv4/conf/eth1/forwarding
(should both be "1").

As a last resort, you can also try
# cat /proc/sys/net/ipv4/conf/eth0/rp_filter
# cat /proc/sys/net/ipv4/conf/eth1/rp_filter

These are both normally "1".  If your router receives
packets for forwarding from an address that doesn't match
the network address of the interface they are received on
and this is set to "1", the kernel drops the packets; this
is intended to prevent spoofing.  You shouldn't normally have
to play with this, but I found that I had to when (e.g.)
I had multiple networks on the same cable.  I've never used
PPPoE and I doubt that's it, but as I say, it's worth
checking as a last resort.

You can change any of these parameters with echo, e.g.:
# echo 1 > /proc/sys/net/ipv4/ip_forward

> OH, I also meant to ask.  I used to use linuxconf on my RH systems.  Is there an
> equiv. for Debian?  Something better, perhaps?

Well, there's always Linuxconf.  Never used it myself, but it 
wouldn't be there if it didn't work at all.


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
http://www.mdt.net.au/~john Debian Linux admin & support:technical services

Reply to:

References:
- Buggered up my router somehow.
  - From: Adam Scriven - Lore <scriven@hypermall.com>

Prev by Date: Re: ip masq with 2.3.x kernels?
Next by Date: Re: Debian in Academic and Public Organisations
Previous by thread: Re: Buggered up my router somehow.
Next by thread: Re: Cool trick: gmc and Debs
Index(es):
- Date
- Thread