[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Networking: The Saga, The Sequel



At 11/20/2001 12:24 PM -0800, you wrote:

First up, I_have_done_my_homework.

Clearly... <grin>


I've probably spent a good 60 hours trying to figure this problem out to date. I'm beginning to understand the lingo now. Hopefully, with your help, I can get it right this time.

Fear not, solutions get quicker with time.


Okay, so yeah, still don't have the *(&%$#*% boxes configured.

Suggestion for this and other problems: establish a clear and deliberate sequence of independent steps. Each should build on the last but should be *separate* so you can more easily diagnose; in your saga, you have been trying to build the floor, roof, and walls of your house simultaneously (which is harder).


At the point in which you are now, I suggest:

* Static IP addresses, no DNS, set up MASQ
* Then add DNS
* Then add DHCP internally

I am currently able to ping from the Doze box to the RH box. I cannot resolve anything else on the Doze box. I can surf the Internet, etc. from the RH box.

* Can you ping from the Winbox to the outside if you use an IP address instead of a name?


* Can you see a Web page in your browser on the Winbox if you use an IP address instead of a name?

(Here, obviously, you could have a DNS problem or a masquerading problem; we need to know which one it is before you have a hope in hell of solving it.)

_______ _____ ____________ ____ { ~~~~~~ }
/ Doze98 \-------------------->/ RH71 \----------------->/ DSL *Modem*\------------------>/ ISP \----------------->{ Internet }
\________/ \ _____/ \____________/ \____/ { ~~~~~~}
IP: 192.168.1.2 IP: 192.168.1.1 ??? IP: either dsl.cnw.net; cnw.net; 206.40.133.20; 206.129.112.21
Gate: 192.168.1.1 Gate: 192.168.1.1 ??? ???
Subn: 255.255.255.0 Subn: 255.255.255.0 ??? ???

Output of "route -n" on the Linbox, please.


You note the gateway of your RH71 box as 192.168.1.1, which is not correct. The gateway for each interface is where it should send traffic directed to the rest of the world. So, for the Red Hat server to use one of its interfaces as a gateway is an impossible configuration.

However, I assume that this is *not* your problem since your eth1 (to your ISP) is assigned through DHCP and it will have correctly configured its gateway.

Control Panel >> Networking >> Configuration >> TCP/IP 3Com Ethernet blah-blah (double-click)
IP Address >> Specify an IP address >>
IP Address 192.168.1.2

Good; stick with the static IP for now. We'll do DHCP later, but right now we want things as simple as possible.


        DNS Configuration >> Gateway >> Name Servers >> Add
                192.168.1.1
                206.40.133.20
                206.129.112.21

As James suggested, for the moment I suggest that you remove 192.168.1.1 from the list. Let's do *ONLY* networking first; then DNS, then DHCP.


vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.1
NETMASK=255.255.225.0
NETWORK=192.168.1.0
ONBOOT=yes

If you go to /usr/share/doc/initscripts-????, you'll find two files named sys???. Read them; you'll learn a fair bit about this stuff. Not necessary right now; just think you'll find it interesting.


vi /etc/named.conf

options {
        forwarders {
                206.40.133.20
                206.129.112.21
        };
};

Check this carefully. named.conf is *not* happy using just a newline for separation. You are going to need either commas or semicolons in between those two IP addresses for your forwarders. I'm willing to bet that:


        forwarders {
                206.40.133.20,
                206.129.112.21;
        };

works better. First a comma, then a semicolon. In either case, there is *something* wrong here. (And by the way, when you start up the named service, it probably bitched hard about it and you didn't see it; the logs are your friend when delousing.)

Still, for the moment you shouldn't be using DNS at all until we fix your masquerading.

vi /etc/dhcpd.conf

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1, 206.40.133.20, 206.129.112.21;
}

Again, take James's suggestion to remove 192.168.1.1 from the list of DNS servers. Then take my suggestion and ensure that both the "named" and "dhcpd" servers are STOPPED.


vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=localhost.localdomain
FORWARD_IPV=true

The last line should be "FORWARD_IPV4=yes" (note the "4" at the end and "yes" instead of "true"). Also, this line is now deprecated: from the sysconfig.txt file I mentioned earlier (in initscripts):


/etc/sysconfig/network:

  NETWORKING=yes|no
  HOSTNAME=<fqdn by default, but whatever hostname you want>
  GATEWAY=<gateway IP>
  GATEWAYDEV=<gateway device> (e.g. eth0)
  NISDOMAIN=<nis domain name>
  IPX=yes|no
  IPXAUTOPRIMARY=on|off (note, that MUST be on|off, not yes|no)
  IPXAUTOFRAME=on|off (again, not yes|no)
  IPXINTERNALNETNUM=<netnum>
  IPXINTERNALNODENUM=<nodenum>

All the IPX stuff is optional, and should default to off.

obsoleted values from earlier releases:

    FORWARD_IPV4=yes|no
      This setting has been moved into net.ipv4.ip_forward setting
      in /etc/sysctl.conf. Setting it to 1 there enables IP forwarding,
      setting it to 0 disables it (which is the default for RFC compliance).
    DEFRAG_IPV4=yes|no
      Setting this to yes used to automatically defragment IPv4
      packets. This is a good idea for masquerading, and
      a bad idea otherwise. This setting has been moved into
      net.ipv4.ip_always_defrag setting in /etc/sysctl.conf.

Both net.ipv4.ip_forward and net.ipv4.ip_always_defrag should be set to "1" in /etc/sysctl.conf.

What you *do* need to have in there, which you don't, is: "GATEWAYDEV=eth1"

ipfwadm -F -f
Chains are empty (ie. ipfwadm has not been used on them).
## Is this even a problem? I don't need IPchains AND IPtables AND IPfwadm, just any one of those, correct?

You can only use one of ipfwadm, ipchains, or iptables. You are currently using ipchains; don't mess with either of the others.


modprobe ipt_MASQUERADE

Same story here: leave it alone.


/usr/sbin/ndc start
bash: /usr/sbin/ndc start: No such file or directory
## This, in fact, may be the WHOLE PROBLEM...?

Part of it, anyway. Use "service named start" instead of messing with the whole "ndc" thing, OK? Still, at this stage LEAVE IT OFF! :) We'll do DNS (you guessed it) *after* you can masquerade. For the moment, your ISP's nameservers are good enough.



-- Rodolfo J. Paiz rpaiz indahaus com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]