Re: Routing Problem

["J. Dow" <jdow earthlink net>]

From: "Ric Tibbetts" <ric@chadera.net>

> 1) Delayed login times. This is affecting my E-Mail delivery among other
> things (may be related to item #2 below). If I telnet to the box, it
> hangs on  
> 
> [root@darkstar /root]# telnet server.mydomain.net
... 
> And it hangs there for 10-30 seconds or so. Then it finally gives a
> login prompt, and all is well after that.

There is a name server lookup that is timing out.

> 2) The server is having trouble seeing the rest of the internal network.
> 
> I'm running it with 2 NICs, and firewalling. If I telnet to the server
> from (say) box1, then while on the server (in that window), I try to
> ping the local host (box1), it cannot, it returns the following:

Ping how? By IP address or name?
Regardless...

> serial1-0-0.gw1.sea4.alter.net (157.130.176.61): Destination Host
> Unreachable
> (I have no idea that that machine is, presumably a router on my ISPs
> network(?).

Run "ifconfig". It should show you what addresses ports your machines have
and some other interesting factoids, such as the other end of point to point
links such as PPPOE links.

> Which indicates (to me) that it's trying to resolve the route via the
> external web, rather than coming back through the interal nic. So how do
> I get it to route "external" traffic through one NIC, and internal
> through the other?

That is the impression. That suggests that you have your routing sorta
screwed up.

First look at how the network is being setup and work one step at a time.
Make sure you know which NIC is which while you are at it. My tendancy
would be to bring up the local net automatically and bring up the remote
net on command and then leave it up til next reboot. That gives me better
control over some relative timing issues and I make sure which card does
what.

First make sure the local network is working and that it's routing is
happy. Suppose your local network was 192.168.225.xx for grins. (Nobody
seems to use those upper addresses in examples. I thought I'd be different.)
Make sure that there is a routing in a netstat -nr return to the network.
Make sure you can telnet and ping back and forth happily.

Then bring up the second interface. (You don't say how the interface is setup
or what routing it sets up.) Then if you are running a point to point protocol
such as ppp to your ISP a run of ifconfig should show a ppp0 entry something
like this:
ppp0      Link encap:Point-to-Point Protocol
          inet addr:4.254.253.252  P-t-P:4.254.127.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:623337 errors:0 dropped:0 overruns:0 frame:0
          TX packets:567301 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
(with numbers changed of course.)

If that network started up properly it should show something akin to:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
4.254.127.1     0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
192.168.225.1   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.225.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         4.254.127.1     0.0.0.0         UG        0 0          0 ppp0

"192.168.225.1" is the dual NIC machine under discussion and as noted in the
ifconfig report above 4.254.127.1 is the other end of the ppp connection.

It should be possible to automate getting all that setup. Then you need to get
the firewall connected and get IPV4 forwarding turned on. There are some
excellent HOWTOs in this regard.

{^_^}