I've been trying to move from one home network server to another (because of hard disk problems with the first).
I've found from this that I don't really understand how networking works, and I'm writing now to ask for some help with this.
Basically, I have this setup: ADSL modem/router <-> server <-> Linksys WiFi router. I'm running dhcp and shorewall on the server. The ADSL modem has address 192.168.1.254 . The computers, printers, etc on the LAN have addresses 192.168.2.* , eg the laptop I'm using has address 192.168.2.7 , and has default gateway 192.168.2.2 , which is the server. The default gateway on the server is 192.168.1.254 . (I am running CentOS on the servers, and Fedora-16 on everything else.)
Now this is my question: Suppose I want to access the internet, say www.google.com . Presumably my packets go first to the Linksys router, then to server, and then on to the ADSL modem/router.
I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server, with #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians loc eth1 192.168.2.255 vpn tun0 192.168.6.255 in /etc/shorewall/interfaces .
Am I right in thinking that the masq entry causes packets arriving at the server along the eth1 (192.168.2.*) LAN to be re-directed along the eth0 (192.168.1.*) interface, and thence to the ADSL modem?
What has been happening in practice is that when I change server (with the new server at 192.168.2.5), alter all the relevant addresses restart shorewall and dhcpd on the new server, and check "route -n" on all the computers involved I'm not able to access the internet from my laptop. In fact I cannot access anything on the eth0 (192.168.1.*) network.
At this point I have a cup of tea, then re-start everything, re-boot my laptop, etc, and after some time it all starts working.
What I'd really like is to trace packets as they go through the system, and see how they change. Or alternatively, read some document which will explain to me exactly how all the parts of the system fit together.
I really would be most grateful for any advice or suggestions on this.
Am 09.05.2012 15:52, schrieb Timothy Murphy:
I've been trying to move from one home network server to another (because of hard disk problems with the first).
I've found from this that I don't really understand how networking works, and I'm writing now to ask for some help with this.
Basically, I have this setup: ADSL modem/router <-> server <-> Linksys WiFi router. I'm running dhcp and shorewall on the server. The ADSL modem has address 192.168.1.254 . The computers, printers, etc on the LAN have addresses 192.168.2.* , eg the laptop I'm using has address 192.168.2.7 , and has default gateway 192.168.2.2 , which is the server. The default gateway on the server is 192.168.1.254 . (I am running CentOS on the servers, and Fedora-16 on everything else.)
google for POSTROUTING / MASQUERADE (iptables)
Reindl Harald wrote:
I've found from this that I don't really understand how networking works, and I'm writing now to ask for some help with this.
google for POSTROUTING / MASQUERADE (iptables)
Thanks for your response; but I think I do understand what IP masquerading is.
Just to repeat the gist of my question (slightly re-worded): ------------------------------- I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server. ------------------------------- My question is: what exactly is the effect of this? Does IP masquerading by default only apply to the firewall server to modem interface (eth0 in my case)? And does the above line mean that it will also be applied to packets reaching the firewall server on the eth1 LAN?
I couldn't find a clear account of the effect of the line anywhere in the shorewall documentation.
On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
I couldn't find a clear account of the effect of the line anywhere in the shorewall documentation.
Add it, apply the changes and run the following as root: iptables -t nat -L -n
That'll tell you what it does.
Olav Vitters wrote:
On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
I couldn't find a clear account of the effect of the line anywhere in the shorewall documentation.
Add it, apply the changes and run the following as root: iptables -t nat -L -n
That'll tell you what it does.
I did do that: ---------------------------------- [tim@grover two-interfaces]$ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth0_masq all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain dnat (1 references) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain eth0_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0 ----------------------------------
I don't find this very clear. I take it that it supports what I said, namely ================================== ------------------------------- I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server. ------------------------------- My question is: what exactly is the effect of this? Does IP masquerading by default only apply to the firewall server to modem interface (eth0 in my case)? And does the above line mean that it will also be applied to packets reaching the firewall server on the eth1 LAN? ==================================
If I was right, wouldn't it have been simpler just to say, "Yes, you are right"?
I think what you have is dhcp on your router but the interface ip on the router does not change when you change the ip... So when you try to reach it after the change you can't. I would suggest you do Netstat -nr Which should show the ip and default gateway ... Try this then change the server again .. Traceroute would also show you what the next hop is ...
Oluwagbenga Shobowale
-----Original Message----- From: Timothy Murphy gayleard@eircom.net Sender: users-bounces@lists.fedoraproject.org Date: Fri, 11 May 2012 16:25:12 To: users@lists.fedoraproject.org Reply-To: gayleard@eircom.net, Community support for Fedora users users@lists.fedoraproject.org Subject: Re: Network problems
Olav Vitters wrote:
On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
I couldn't find a clear account of the effect of the line anywhere in the shorewall documentation.
Add it, apply the changes and run the following as root: iptables -t nat -L -n
That'll tell you what it does.
I did do that: ---------------------------------- [tim@grover two-interfaces]$ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth0_masq all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain dnat (1 references) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain eth0_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0 ----------------------------------
I don't find this very clear. I take it that it supports what I said, namely ================================== ------------------------------- I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server. ------------------------------- My question is: what exactly is the effect of this? Does IP masquerading by default only apply to the firewall server to modem interface (eth0 in my case)? And does the above line mean that it will also be applied to packets reaching the firewall server on the eth1 LAN? ==================================
If I was right, wouldn't it have been simpler just to say, "Yes, you are right"?
try with traceroute destination.host traceroute6 destination.host
suomi
On 05/09/2012 03:52 PM, Timothy Murphy wrote:
I've been trying to move from one home network server to another (because of hard disk problems with the first).
I've found from this that I don't really understand how networking works, and I'm writing now to ask for some help with this.
Basically, I have this setup: ADSL modem/router<-> server<-> Linksys WiFi router. I'm running dhcp and shorewall on the server. The ADSL modem has address 192.168.1.254 . The computers, printers, etc on the LAN have addresses 192.168.2.* , eg the laptop I'm using has address 192.168.2.7 , and has default gateway 192.168.2.2 , which is the server. The default gateway on the server is 192.168.1.254 . (I am running CentOS on the servers, and Fedora-16 on everything else.)
Now this is my question: Suppose I want to access the internet, say www.google.com . Presumably my packets go first to the Linksys router, then to server, and then on to the ADSL modem/router.
I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server, with #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians loc eth1 192.168.2.255 vpn tun0 192.168.6.255 in /etc/shorewall/interfaces .
Am I right in thinking that the masq entry causes packets arriving at the server along the eth1 (192.168.2.*) LAN to be re-directed along the eth0 (192.168.1.*) interface, and thence to the ADSL modem?
What has been happening in practice is that when I change server (with the new server at 192.168.2.5), alter all the relevant addresses restart shorewall and dhcpd on the new server, and check "route -n" on all the computers involved I'm not able to access the internet from my laptop. In fact I cannot access anything on the eth0 (192.168.1.*) network.
At this point I have a cup of tea, then re-start everything, re-boot my laptop, etc, and after some time it all starts working.
What I'd really like is to trace packets as they go through the system, and see how they change. Or alternatively, read some document which will explain to me exactly how all the parts of the system fit together.
I really would be most grateful for any advice or suggestions on this.