RE: aliasing/routing trouble
Got it!
Someone had suggested that I needed to use ipchains to forward from one
alias to another, to which I replied I need to be able to send out/receive
on both interfaces before I can forward. However it was in that thought
that I realized I have a masquerading/portfw system right now. Meaning I'm
using ipchains to forward certain packets, and not others. I don't want
external ip's (0.0.0.0 except 10.0.0.0) to use my internal interface, et
al.
Get it? So when I add another ip address to my internal nic. It is my
ipchains rules that disallow packets from being sent out this interface.
Turn off my ipchains rules and it works just fine!
Back to the ipchains drawing board....
Thanks to all,
Cory
-----Original Message-----
From: Shawn Kelley [mailto:spinnkidd@hotmail.com]
Sent: Tuesday, January 23, 2001 8:37 AM
To: vlm@norlight.com
Cc: coryp@petersen-arne.com; debian-firewall@lists.debian.org;
eug-lug@efn.org
Subject: Re: aliasing/routing trouble
True, the Kernel did recognize eth1, but wouldn't it be wise rule out all
variables by appending /etc/lilo.conf & then run 'ifconfig' & 'route' again
to verify?
-shawn
>From: "Vince Mulhollon" To: "Shawn Kelley" CC: coryp@petersen-arne.com,
>debian-firewall@lists.debian.org, eug-lug@efn.org Subject: Re:
>aliasing/routing trouble Date: Tue, 23 Jan 2001 10:04:49 -0600
>
>
>Kernel found the cards, see the ifconfig, thats not the problem.
>
>I must say the ifconfig for eth1 is very... interesting.
>
>Take a closer look at the routing.
>
>I think 192.168.1.0 needs to route out eth0:1 not eth0
>
>Would be interesting to see the actual /sbin/route command you execute to
>route 192.168.1.0
>
>Try a config without ip aliasing, which in the (distant) past was a pretty
>nasty hack, or even plug in yet another ethernet card for the 192 network.
>IP alias can be an excellent way to shoot oneself in their foot in hard to
>debug ways.
>
>
>
>
>"Shawn Kelley" To: coryp@petersen-arne.com,
>debian-firewall@lists.debian.org, > tmail.com> cc: (bcc: Vince
>Mulhollon/Brookfield/Norlight) Fax to: 01/23/2001 Subject: Re:
>aliasing/routing trouble 09:48 AM
>
>
>
>
>
>
>Greetings Cory,
>
>
>Did you append lilo.conf to recognize the 2 NIC's??
>
>
>#you will need to add a line similar to this to /etc/lilo.conf & then run
>'lilo'
>
>
>append="ether=IRQ, I/O,eth0 ether=IRQ,I/O,eth1"
>
>
>Regards,
>
>
>Shawn Kelley
>
>
> >From: Cory Petkovsek
>
>
> >To: debian-firewall@lists.debian.org, euglug >Subject: aliasing/routing
>trouble >Date: Mon, 22 Jan 2001 16:57:53 -0800 > >Hello all, > >I'm having
>trouble getting ip aliasing to work. I have tried a few different kernels,
>2.2.18-1 and 2.2.17pre6-1. > >On my firewall, I have two nics, eth0 -
>private lan, eth1 - internet. I want to setup two private networks on eth0.
>Once it's setup the way I think it should be, I can ping the outside world,
>I can ping my privat lan #1, but I cannot ping lan #2. Ping reports
>'operation not permitted'. > >On my laptop (running 2.4) this works just
>fine. I add in the alias, don't even mess with the routing table, and can
>ping either lan. > >The two private lans are on the same physical network.
> > >Anyone have any suggestions or help for me? > >Thanks! >Cory > >
> >Starting with a configured masquerading eth0/eth1 system, I type the
>following: > ># ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0 >#
>ifconfig > >eth0 Link encap:Ethernet HWaddr 00:01:02:72:FB:E4 > inet
>addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.255.255.0 > UP BROADCAST
>RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4770 errors:0 dropped:0
>overruns:1 frame:0 > TX packets:1899 errors:0 dropped:0 overruns:0
>carrier:0 > collisions:0 txqueuelen:100 > Interrupt:9 Base address:0xf800 >
> >eth0:1 Link encap:Ethernet HWaddr 00:01:02:72:FB:E4 > inet
>addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST
>RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:9 Base address:0xf800 >
> >eth1 Link encap:Ethernet HWaddr 00:50:04:13:33:89 > inet
>addr:123.456.789.33 Bcast:208.130.234.35 Mask:255.255.255.252 > UP
>BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:211 errors:0
>dropped:0 overruns:0 frame:0 > TX packets:230 errors:0 dropped:0 overruns:0
>carrier:0 > collisions:0 txqueuelen:100 > Interrupt:10 Base address:0xf880
> > >lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP
>LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:56 errors:0 dropped:0
>overruns:0 frame:0 > TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0 > ># route -n >Kernel IP routing table
> >Destination Gateway Genmask Flags Metric Ref Use Iface >123.456.789.32
>0.0.0.0 255.255.255.252 U 0 0 0 eth1 >10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
>0 eth0 >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >0.0.0.0
>123.456.789.34 0.0.0.0 UG 0 0 0 eth1 > ># ping google.com -c 1 >PING
>google.com (64.208.32.100): 56 data bytes >64 bytes from 64.208.32.100:
>icmp_seq=0 ttl=50 time=39.2 ms > ># ping 10.0.0.5 -c 1 >PING 10.0.0.5
>(10.0.0.5): 56 data bytes >64 bytes from 10.0.0.5: icmp_seq=0 ttl=128
>time=0.9 ms > ># ping 192.168.1.6 >PING 192.168.1.6 (192.168.1.6): 56 data
>bytes >ping: sendto: Operation not permitted >ping: wrote 192.168.1.6 64
>chars, ret=-1 >ping: sendto: Operation not permitted >ping: wrote
>192.168.1.6 64 chars, ret=-1 >ping: sendto: Operation not permitted >ping:
>wrote 192.168.1.6 64 chars, ret=-1 > >--- 192.168.1.6 ping statistics ---
> >3 packets transmitted, 0 packets received, 100% packet loss ># > >-------
>On my laptop: ># ifconfig >eth0 Link encap:Ethernet HWaddr
>00:D0:59:18:02:C2 > inet addr:10.0.0.20 Bcast:10.255.255.255
>Mask:255.255.255.0 > UP BROADCAST RUNNING MTU:1500 Metric:1 > RX
>packets:1944522 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1874197
>errors:0 dropped:0 overruns:0 carrier:0 > collisions:91 txqueuelen:100 >
>Interrupt:5 > >eth0:1 Link encap:Ethernet HWaddr 00:D0:59:18:02:C2 > inet
>addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST
>RUNNING MTU:1500 Metric:1 > Interrupt:5 > >lo Link encap:Local Loopback >
>inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16192 Metric:1
> > RX packets:6266 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6266
>errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > >#
>ping 192.168.1.6 >PING 192.168.1.6 (192.168.1.6): 56 data bytes >64 bytes
>from 192.168.1.6: icmp_seq=0 ttl=255 time=1.7 ms >64 bytes from
>192.168.1.6: icmp_seq=1 ttl=255 time=0.1 ms >64 bytes from 192.168.1.6:
>icmp_seq=2 ttl=255 time=0.1 ms > >--- 192.168.1.6 ping statistics --- >3
>packets transmitted, 3 packets received, 0% packet loss >round-trip
>min/avg/max = 0.1/0.6/1.7 ms > ># ping 192.168.1.1 >PING 192.168.1.1
>(192.168.1.1): 56 data bytes > >--- 192.168.1.1 ping statistics --- >5
>packets transmitted, 0 packets received, 100% packet loss > ># ping
>10.0.0.1 >PING 10.0.0.1 (10.0.0.1): 56 data bytes >64 bytes from 10.0.0.1:
>icmp_seq=0 ttl=255 time=0.4 ms >64 bytes from 10.0.0.1: icmp_seq=1 ttl=255
>time=0.3 ms >64 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=0.3 ms >64
>bytes from 10.0.0.1: icmp_seq=3 ttl=255 time=0.3 ms > >--- 10.0.0.1 ping
>statistics --- >4 packets transmitted, 4 packets received, 0% packet loss
> >round-trip min/avg/max = 0.3/0.3/0.4 ms > > > >-- >To UNSUBSCRIBE, email
>to debian-firewall-request@lists.debian.org >with a subject of
>"unsubscribe". Trouble? Contact listmaster@lists.debian.org >
>
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>-- To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org with a
>subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
>
>
>
>
>
>
>--
>To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org with a
>subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: