From: "Vince Mulhollon" To: "Shawn Kelley" CC: coryp@petersen-arne.com,
debian-firewall@lists.debian.org, eug-lug@efn.org Subject: Re:
aliasing/routing trouble Date: Tue, 23 Jan 2001 10:04:49 -0600
Kernel found the cards, see the ifconfig, thats not the problem.
I must say the ifconfig for eth1 is very... interesting.
Take a closer look at the routing.
I think 192.168.1.0 needs to route out eth0:1 not eth0
Would be interesting to see the actual /sbin/route command you execute to
route 192.168.1.0
Try a config without ip aliasing, which in the (distant) past was a pretty
nasty hack, or even plug in yet another ethernet card for the 192 network.
IP alias can be an excellent way to shoot oneself in their foot in hard to
debug ways.
"Shawn Kelley" To: coryp@petersen-arne.com,
debian-firewall@lists.debian.org, > tmail.com> cc: (bcc: Vince
Mulhollon/Brookfield/Norlight) Fax to: 01/23/2001 Subject: Re:
aliasing/routing trouble 09:48 AM
Greetings Cory,
Did you append lilo.conf to recognize the 2 NIC's??
#you will need to add a line similar to this to /etc/lilo.conf & then run
'lilo'
append="ether=IRQ, I/O,eth0 ether=IRQ,I/O,eth1"
Regards,
Shawn Kelley
>From: Cory Petkovsek
>To: debian-firewall@lists.debian.org, euglug >Subject: aliasing/routing
trouble >Date: Mon, 22 Jan 2001 16:57:53 -0800 > >Hello all, > >I'm having
trouble getting ip aliasing to work. I have tried a few different kernels,
2.2.18-1 and 2.2.17pre6-1. > >On my firewall, I have two nics, eth0 -
private lan, eth1 - internet. I want to setup two private networks on eth0.
Once it's setup the way I think it should be, I can ping the outside world,
I can ping my privat lan #1, but I cannot ping lan #2. Ping reports
'operation not permitted'. > >On my laptop (running 2.4) this works just
fine. I add in the alias, don't even mess with the routing table, and can
ping either lan. > >The two private lans are on the same physical network.
> >Anyone have any suggestions or help for me? > >Thanks! >Cory > >
>Starting with a configured masquerading eth0/eth1 system, I type the
following: > ># ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0 >#
ifconfig > >eth0 Link encap:Ethernet HWaddr 00:01:02:72:FB:E4 > inet
addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.255.255.0 > UP BROADCAST
RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4770 errors:0 dropped:0
overruns:1 frame:0 > TX packets:1899 errors:0 dropped:0 overruns:0
carrier:0 > collisions:0 txqueuelen:100 > Interrupt:9 Base address:0xf800 >
>eth0:1 Link encap:Ethernet HWaddr 00:01:02:72:FB:E4 > inet
addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST
RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:9 Base address:0xf800 >
>eth1 Link encap:Ethernet HWaddr 00:50:04:13:33:89 > inet
addr:123.456.789.33 Bcast:208.130.234.35 Mask:255.255.255.252 > UP
BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:211 errors:0
dropped:0 overruns:0 frame:0 > TX packets:230 errors:0 dropped:0 overruns:0
carrier:0 > collisions:0 txqueuelen:100 > Interrupt:10 Base address:0xf880
> >lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP
LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:56 errors:0 dropped:0
overruns:0 frame:0 > TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0 > ># route -n >Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface >123.456.789.32
0.0.0.0 255.255.255.252 U 0 0 0 eth1 >10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0 >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >0.0.0.0
123.456.789.34 0.0.0.0 UG 0 0 0 eth1 > ># ping google.com -c 1 >PING
google.com (64.208.32.100): 56 data bytes >64 bytes from 64.208.32.100:
icmp_seq=0 ttl=50 time=39.2 ms > ># ping 10.0.0.5 -c 1 >PING 10.0.0.5
(10.0.0.5): 56 data bytes >64 bytes from 10.0.0.5: icmp_seq=0 ttl=128
time=0.9 ms > ># ping 192.168.1.6 >PING 192.168.1.6 (192.168.1.6): 56 data
bytes >ping: sendto: Operation not permitted >ping: wrote 192.168.1.6 64
chars, ret=-1 >ping: sendto: Operation not permitted >ping: wrote
192.168.1.6 64 chars, ret=-1 >ping: sendto: Operation not permitted >ping:
wrote 192.168.1.6 64 chars, ret=-1 > >--- 192.168.1.6 ping statistics ---
>3 packets transmitted, 0 packets received, 100% packet loss ># > >-------
On my laptop: ># ifconfig >eth0 Link encap:Ethernet HWaddr
00:D0:59:18:02:C2 > inet addr:10.0.0.20 Bcast:10.255.255.255
Mask:255.255.255.0 > UP BROADCAST RUNNING MTU:1500 Metric:1 > RX
packets:1944522 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1874197
errors:0 dropped:0 overruns:0 carrier:0 > collisions:91 txqueuelen:100 >
Interrupt:5 > >eth0:1 Link encap:Ethernet HWaddr 00:D0:59:18:02:C2 > inet
addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST
RUNNING MTU:1500 Metric:1 > Interrupt:5 > >lo Link encap:Local Loopback >
inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16192 Metric:1
> RX packets:6266 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6266
errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > >#
ping 192.168.1.6 >PING 192.168.1.6 (192.168.1.6): 56 data bytes >64 bytes
from 192.168.1.6: icmp_seq=0 ttl=255 time=1.7 ms >64 bytes from
192.168.1.6: icmp_seq=1 ttl=255 time=0.1 ms >64 bytes from 192.168.1.6:
icmp_seq=2 ttl=255 time=0.1 ms > >--- 192.168.1.6 ping statistics --- >3
packets transmitted, 3 packets received, 0% packet loss >round-trip
min/avg/max = 0.1/0.6/1.7 ms > ># ping 192.168.1.1 >PING 192.168.1.1
(192.168.1.1): 56 data bytes > >--- 192.168.1.1 ping statistics --- >5
packets transmitted, 0 packets received, 100% packet loss > ># ping
10.0.0.1 >PING 10.0.0.1 (10.0.0.1): 56 data bytes >64 bytes from 10.0.0.1:
icmp_seq=0 ttl=255 time=0.4 ms >64 bytes from 10.0.0.1: icmp_seq=1 ttl=255
time=0.3 ms >64 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=0.3 ms >64
bytes from 10.0.0.1: icmp_seq=3 ttl=255 time=0.3 ms > >--- 10.0.0.1 ping
statistics --- >4 packets transmitted, 4 packets received, 0% packet loss
>round-trip min/avg/max = 0.3/0.3/0.4 ms > > > >-- >To UNSUBSCRIBE, email
to debian-firewall-request@lists.debian.org >with a subject of
"unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Get your FREE download of MSN Explorer at http://explorer.msn.com
-- To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org with a
subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org with a
subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org