I'm trying to configure a system as a LAN <=> wireless gateway. From
everything I can see, everything's set up right, except that the gateway
isn't gatewaying.
I've set up two networks (introspec: 192.168.0.0, wireless: 192.168.1.0).
I can ping from the gateway to either network, establish connections
to/from the gateway and hosts on either network. I can't connect across
the gateway from the wireless side to the LAN. If I add a route entry
for hosts on the LAN, I can ping the gateway on its wireless network
interface.
I'm rather at a loss to understand what's not right here. Any obvioius
errors or diagnistic tips appreciated.
Topography:
Network consists of:
- jung: internet gateway (via modem) / firewall, OpenBSD box.
192.168.0.1 (introspect)
- navel: desktop and DNS server.
192.168.0.32 (introspect)
- ego: laptop, intended LAN/802.11b gateway.
192.168.0.64 (eth0, introspect)
192.168.1.1 (eth1, wireless)
- id: laptop, 802.11b remote link
192.168.1.2 (eth0, wireless)
For the graphically inclined:
{ Internet } -- jung (oBSD/Gateway)
|
[ hub ] (wireless link)
/ \
navel (DNS) ego (laptop) · · · · · · id (laptop)
Configuration:
Starting with id, we've got:
ifconfig eth0 (only interfaces are eth0 and lo):
eth0 Link encap:Ethernet HWaddr 00:00:8F:A8:17:76
inet addr:192.168.1.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6723 errors:0 dropped:0 overruns:0 frame:0
TX packets:14391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:3
route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
On ego, the intended gateway, things are slightly more complicated.
First, IP Forwarding should be enabled if I understand this right
(2.2.18 kernel):
$ cat /proc/sys/net/ipv4/ip_forward
1
...I've changed /etc/network/options to read:
ip_forward=yes
spoofprotect=yes
syncookies=yes
I've also checked that my kernel build options include /proc (duh)
and
sysctl support.
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:D0:59:18:04:19
inet addr:192.168.0.64 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:519292 errors:0 dropped:0 overruns:0 frame:0
TX packets:465716 errors:0 dropped:0 overruns:0 carrier:0
collisions:125 txqueuelen:100
RX bytes:338625034 (322.9 Mb) TX bytes:37042470 (35.3 Mb)
Interrupt:5 Base address:0x1080
eth1 Link encap:Ethernet HWaddr 00:00:8F:68:92:4A
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12853 errors:0 dropped:0 overruns:0 frame:0
TX packets:5142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1086212 (1.0 Mb) TX bytes:3603158 (3.4 Mb)
Interrupt:9
route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 1 0 0 eth0
...and, covering the firewall angle, I think my default packet filter
ruleset (nil) shouldn't interfere:
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Behavior:
I can ping both ways between any one node and ego. Hell, at the
moment, I've got sessions open on ego to id, navel, jung, and fritz [1].
I added the following route entry on navel and can ping ego's
192.168.1.1 IP from navel:
$ route add 192.168.1.0 gw ego
If I try to traceroute navel's IP from id, I get:
traceroute to 192.168.0.32 (192.168.0.32), 30 hops max, 38 byte packets
1 ego (192.168.1.1) 10.931 ms 9.543 ms 10.054 ms
2 * * *
3 * * *
<...>
...with nothing resolving past ego. [2]
I've also tried shutting down networking, and restarting ego (after
making all changes mentioned above). Had a friend ssh into the
network to poke around and see what's up. Nothing seems to help.
There are no glaringly obvious log entries or messages (syslog,
debug, messages). /var/log/iptraf/ has no files.
----------------------------------------
Notes:
1. Yes, you *are* paying attention, aren't you. I hadn't mentioned
fritz. Another desktop box.
2. Yes, it's alread been suggested that A) my ego's getting in the way
of things, as usual, and B) I seem to have an ego problem. Of
course the good news is that my id is being suppressed by my ego.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgpMXRQzzJCKc.pgp
Description: PGP signature