Re: Wan/Lan problem
On Tue, Mar 28, 2017 at 10:14:50PM -0400, Dan Ritter wrote:
> On Tue, Mar 28, 2017 at 04:46:02PM -0700, Mike McClain wrote:
<snip>
> > The situation is this:
> >
> > phone eth0 eth1
> > AT&T-------| |--------| |--------| |-------| |
> > AT&T modem/ Linux my Win2K
> > router box router box
> >
> > When eth0 is up and eth1 down,
> > the Linux box can access the web.
> > 'ping ATTrouter' works.
> > When eth0 is up and eth1 up,
> > the Linux box can not access the web.
> > the Win2K box can access the web.
> > the Linux box can not access the Win2K shares.
> > 'ping ATTrouter' fails.
> > 'ping -Ieth0 ATTrouter' works.
> > When eth0 is down and eth1 up,
> > the Linux box can access the Win2K shares.
> > When eth0 is down and eth1 down,
> > it's quiet.
> >
> > The ATT router is set to 'Pass Through' giving the Linux box the ATT
> > router's IP address.
> > The Linux box is set to use DHCP.
> > This might explain why I loose the LAN connection when eth0 up.
> >
> > Why can the Linux box not see the web while the Win2K box can?
>
> You're going to end up discovering that this is a problem in IP
> assignment, routing, forwarding, or something very similar.
>
> What masquerading are you doing? What IP forwarding? What
> routing entries are present?
>
> -dsr-
Here are the statements from the firewall on the Linux box
that deal with the LAN:
INET=eth0;
LAN=eth1;
S40='192.168.1.3'; # static IP of Win2K box
# for masq allow forwarding
fwd=1;
echo $fwd > /proc/sys/net/ipv4/ip_forward
echo $fwd > /proc/sys/net/ipv4/conf/all/forwarding
echo $fwd > /proc/sys/net/ipv4/conf/default/forwarding
echo $fwd > /proc/sys/net/ipv4/conf/lo/forwarding
echo $fwd > /proc/sys/net/ipv4/conf/eth0/forwarding
echo $fwd > /proc/sys/net/ipv4/conf/eth1/forwarding
iptables -A INPUT -i $LAN -j ACCEPT
iptables -A OUTPUT -f -d $S40 -j DROP
iptables -A FORWARD -i $LAN -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o $INET -j MASQUERADE
eth0 up, eth1 down
root@/deb73:~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 99.188.244.1 0.0.0.0 UG 0 0 0 eth0
99.188.244.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
eth0 up, eth1 up
root@/deb73:~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 99.188.244.1 0.0.0.0 UG 0 0 0 eth0
99.188.244.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
eth0 down, eth1 up
root@/deb73:~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
The Linux box is my main computer, it's just a computer but runs my firewall.
My router is NetGear RP614 and all connections to the router are on the lan
side, nothing in the i'net port. Just the 2 computers and the printer.
The Win2K box is just a computer but has my music and financials.
Each box serves as backup storage for the other.
No Wi-Fi, pods, phones, tablets, game consoles, laptops, etc.
Any other thoughts/suggestions?
Thanks to Dan, David & Tomas for the help.
Mike
--
You buy the votes you need. Political power flows from money,
it always has; the concept of society is about money.
- Nancy Kress in 'Beggers in Spain'
Reply to: