bizarre gateway box routing behavior; what's wrong with my configs?
I've posted parts of this problem before, and thanks to the folks who
have made suggestions. However, I'm still stuck.
I'm a relative newbie with Linux trying to set up a gateway box with
three NICs so I can masquerade the ip addresses of a DMZ and Internal
network similar to the description in the IPCHAINS HOWTO.
At this point, I've just set up three networks with reserved addresses
around the gateway box while I work out the routing. But for reasons I
cannot work out, two of the NICs (eth1 and eth2) in the gateway box are
behaving bizarrely. I can ping them from "inside" the gateway box, and I
can also ping them from the network attached to eth0. However, I cannot
ping them from the networks attached directly to the NICs.
It seems to me that there must be some Truly Stoooopid error I've made
in a simple configuration, but I can't find it and would *greatly*
appreciate any help. This is driving me nuts.
Here's my network topology:
External Network (BAD)
|
Test Client box 192.168.1.2
|
||HUB||
|
eth1| (will be the external address eventually)
---------------
| 192.168.1.1|
| |
|GATEWAY BOX |eth0
-----------------------------------
| |192.168.2.1 | (DMZ)
| | |
|192.168.3.1 | |
--------------- |
| eth2 |
| |
||HUB|| ||HUB||
| |
| |
Internal Network (GOOD) |
| |
------------- -------------
laptop |WWW/ mail server |
------------- -------------
192.168.3.2 192.168.2.2
I'm running Debian (potato) on a scavenged P75 box. I've got an Intel
EtherExpress Pro 10/100 PCI NIC at eth0, and two Intel EntherExpress
Pro/10+ ISA NICs at eth1 and eth2. I believe I've successfully
configured the ISA NICs via isapnptools; the PCI NIC was found
automagically during the Debian installation. Here's the ifconfig
output:
eth0 Link encap:Ethernet HWaddr 00:A0:C9:E6:97:49
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:6 carrier:0
collisions:0 txqueuelen:100
Interrupt:9 Base address:0xfcc0
eth1 Link encap:Ethernet HWaddr 00:AA:00:BD:AE:A1
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0x200
eth2 Link encap:Ethernet HWaddr 00:AA:00:BD:B0:90
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x220
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:38 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
The NICs' LEDs indicate that they're connected and responding to traffic
on their networks, and when I stuck the ISA NICs into a Windoze box,
they worked fine. So I believe the NICs are OK except for some idiotic
configuration error.
Here's what happens:
- 192.168.2.2 can ping 192.168.1.1 and 192.168.3.1
- 192.168.1.2 can't ping 192.168.1.1
- 192.168.3.2 can't ping 192.168.3.1
- 192.168.2.2 can't ping 192.168.1.2 or 192.168.3.2
Here's my routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.3.0 192.168.3.1 255.255.255.0 UG 0 0 0 eth2
192.168.2.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
IPforwarding is on.
The only clue I have is that eth1 and eth2 both report an error
"multicast setup failed" during boot (presumably when they're
ifconfig'd) as well as when I ifconfig 'em from the command line. Here's
the relevant part of dmesg:
eth0: Intel EtherExpress Pro 10/100 at 0xfcc0, 00:A0:C9:E6:97:49, IRQ 9.
Board assembly 689661-003, Physical connectors present: RJ45
Primary interface chip i82555 PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x24c9f043).
Receiver lock-up workaround activated.
id: 0x24 io: 0x200 eth1: Intel EtherExpress Pro/10 ISA at 0x200,
00:aa:00:bd:ae:a1, IRQ 5, 10BaseT.
eth1: multicast setup failed.
eth1: multicast setup failed.
eth1: multicast setup failed.
eth1: multicast setup failed.
id: 0xa4 io: 0x220 eth2: Intel EtherExpress Pro/10 ISA at 0x220,
00:aa:00:bd:b0:90, IRQ 10, 10BaseT.
eth2: multicast setup failed.
eth2: multicast setup failed.
eth2: multicast setup failed.
eth2: multicast setup failed.
Is there something else I need to do in /etc/isapnp.conf? Here's mine
(which is just what pnpdump recommended):
# $Id: pnpdump.c,v 1.21 1999/12/09 22:28:33 fox Exp $
# Release isapnptools-1.21 (library isapnptools-1.21)
#
# This is free software, see the sources for details.
# This software has NO WARRANTY, use at your OWN RISK
#
# For details of the output file format, see isapnp.conf(5)
#
# For latest information and FAQ on isapnp and pnpdump see:
# http://www.roestock.demon.co.uk/isapnptools/
#
# Compiler flags: -DREALTIME -DNEEDSETSCHEDULER -DABORT_ONRESERR
# (for library: -DREALTIME # -DNEEDSETSCHEDULER -DABORT_ONRESERR)
#
# Trying port address 0273
# Board 1 has serial identifier 0f 00 bd ae a1 30 10 d4 25
# Board 2 has serial identifier 65 00 bd b0 90 30 10 d4 25
# (DEBUG)
#(READPORT 0x0273)
(ISOLATE PRESERVE)
(IDENTIFY *)
(VERBOSITY 3)
(CONFLICT (IO FATAL)(IRQ FATAL)(DMA FATAL)(MEM FATAL)) # or WARNING
# Card 1: (serial identifier 0f 00 bd ae a1 30 10 d4 25)
# Vendor Id INT1030, Serial Number 12431009, checksum 0x0F.
# Version 1.0, Vendor version 0.0
# ANSI string -->Intel EtherExpress(TM) PRO Adapter <--
#
# Logical device id INT1030
# Device capable of taking part in boot process
# Device supports I/O range check register
# Device supports vendor reserved register @ 0x3b
# Device supports vendor reserved register @ 0x3c
# Device supports vendor reserved register @ 0x3d
# Device supports vendor reserved register @ 0x3f
#
# Edit the entries below to uncomment out the configuration required.
# Note that only the first value of any range is given, this may be
changed if required
# Don't forget to uncomment the activate (ACT Y) when happy
(CONFIGURE INT1030/12431009 (LD 0
# Logical device decodes 10 bit IO address lines
# Minimum IO base address 0x0200
# Maximum IO base address 0x0390
# IO base alignment 16 bytes
# Number of IO addresses required: 16
(ACT N)
(IO 0 (SIZE 16) (BASE 0x0200) (CHECK))
# IRQ 3, 5, 9, 10 or 11.
# High true, edge sensitive interrupt (by default)
(INT 0 (IRQ 5 (MODE +E)))
(NAME "INT1030/12431009[0]{Intel EtherExpress(TM) PRO Adapter }")
(ACT Y)
))
# End tag... Checksum 0x00 (OK)
# Card 2: (serial identifier 65 00 bd b0 90 30 10 d4 25)
# Vendor Id INT1030, Serial Number 12431504, checksum 0x65.
# Version 1.0, Vendor version 0.0
# ANSI string -->Intel EtherExpress(TM) PRO Adapter <--
#
# Logical device id INT1030
# Device capable of taking part in boot process
# Device supports I/O range check register
# Device supports vendor reserved register @ 0x3b
# Device supports vendor reserved register @ 0x3c
# Device supports vendor reserved register @ 0x3d
# Device supports vendor reserved register @ 0x3f
#
# Edit the entries below to uncomment out the configuration required.
# Note that only the first value of any range is given, this may be
changed if required
# Don't forget to uncomment the activate (ACT Y) when happy
(CONFIGURE INT1030/12431504 (LD 0
# Logical device decodes 10 bit IO address lines
# Minimum IO base address 0x0200
# Maximum IO base address 0x0390
# IO base alignment 16 bytes
# Number of IO addresses required: 16
(ACT N)
(IO 0 (SIZE 16) (BASE 0x0220) (CHECK))
# IRQ 3, 5, 9, 10 or 11.
# High true, edge sensitive interrupt (by default)
(INT 0 (IRQ 10 (MODE +E)))
(NAME "INT1030/12431504[0]{Intel EtherExpress(TM) PRO Adapter }")
(ACT Y)
))
# End tag... Checksum 0x00 (OK)
(VERIFYLD)
# Returns all cards to the "Wait for Key" state
(WAITFORKEY)
Does anyone see what the problem is here? Arrgh!!
TIA!!
Stan
Reply to: