| View previous topic :: View next topic |
| Author |
Message |
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
 Posted: Mon Apr 18, 2005 9:18 am Post subject: Simple NAT solution |
 |
|
Hello,
I'll admit it immediatly: I'm a networking newbie. I can do a lot of stuff other people can't, but when it comes to fixing networking solutiont, I am totally lost. It's a very simple set-up I need your help with.  It's like this:
| Code: | (WAN) -- [router] -- [switch] -- [My Gentoo Desktop] -- [My brother's PC]
^ crossed cable
|
The WAN is connected to a router with subnet 10.0.0.* (I don't know how to specify it, but the router is 10.0.0.138). My PC has two NIC's. One is 10.0.0.151 and connected to the router via the switch. Via that same switch is the whole network happening.
Between my brother's PC and mine is a crossed cable. It's really too much hassle to put that PC into the switch too, so I'm searching for a solution to make that PC part of the rest of the network. I know you can do this with iptables or route or something.... I read the man pages, Googled a bit, but it's all too complicated for me... didn't got it to work yet.
The NIC in my PC connected to the WAN is eth1, and the NIC connected to my brother's PC is eth0. The gateway set on my PC is eth1/10.0.0.138. I noticed that if I change the ip of eth0 from 10.0.0.168 to 10.0.1.151 or even 192.168.0.1, for some reason my internet doesn't work on my PC.
I hope you can help me fix this.
Greetings
Last edited by thomasvk on Mon Apr 07, 2014 9:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 9:50 am Post subject: |
|
|
t0maz,
If your router already does NAT, for you, you only need set up IP addresses statically on both ends of your crossed cable and turn on forwarding on your PC. You can only do this is you have two more IP addresses in the same subnet as your PC/Router.
If the 10.0.0.* is allocated by your ISP, you are out of luck and you need IPTables.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Mon Apr 18, 2005 10:10 am Post subject: |
|
|
Thanks for the reply 
| NeddySeagoon wrote: |
If your router already does NAT, for you, you only need set up IP addresses statically on both ends of your crossed cable and turn on forwarding on your PC. You can only do this is you have two more IP addresses in the same subnet as your PC/Router.
If the 10.0.0.* is allocated by your ISP, you are out of luck and you need IPTables. |
I don't really understand what you mean with the two more IP addresses in the same subnet, sorry. The 10.0.0.* is set on the modem. If I RTFM I could perhaps change it, but as I don't really understand what you imply, I don't know why I should. 
Do you mean I should just put a 10.0.0.x ip address on my brother's PC and enabled forwarding on my PC? If so, how would I do that? 
Last edited by thomasvk on Mon Apr 07, 2014 9:54 pm; edited 1 time in total |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 12:31 pm Post subject: |
|
|
t0maz,
10.0.0.* is not routable. Its a private range of addresses that organisations are free to use.
Some ISPs allocate this range to their subscribers.
If the allocation of 10.0.0.* was done by your ISP you are not free to use more IP addresses in that range since they will be allocated by your ISP to other users. However, if your router is already doing Network Address Translation (NAT) The 10.0.0.* IP address range is yours and you may allocate other IPs almost as you see fit.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Mon Apr 18, 2005 1:17 pm Post subject: |
|
|
It's not done by my ISP, that's what I know for sure. My ISP gave me an USB modem, which sucked, so I set this one up about a year ago, and it defaulted to having 10.0.0.138 as IP address.
I'm not sure what you mean with that it's not routable, forgive me.
Can you (or someone else) please tell me what I sort of would need to do to get my brother's PC on the internet? Does it need to be in another range than 10.0.0.*, or in the same range?
I'm confused  |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 4:14 pm Post subject: |
|
|
t0maz,
Not routable means that nobody on the internet can send packets to it because the internet does not know how to reach it.
Packets on the internet with an address of 10.x.x.x are just dropped.
Your router is 10.0.0.138
Your PC has its eth1 as 10.0.0.151
To get your brothers PC on the net do the following.
Set your eth0 to 10.0.0.99
Set your brothers #IP to 10.0.0.101
Set your brothers gateway to 10.0.0.138, the same as yours
In your /etc/conf.d/local.start add in the lines
| Code: | # For Routing (IP forwarding Actually)
echo "1" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/conf/eth0/proxy_arp
echo "1" >/proc/sys/net/ipv4/conf/eth1/proxy_arp |
Also manually execute the echo commands to save a reboot.
If your kernel has forwarding enabled, it should all work.
Check your settings with and on both PCs. If there is a problem, post the output of both commands from both PCs.
From the kernel help
| Quote: | Note that your box can only act as a router if you enable IP
forwarding in your kernel; you can do that by saying Y to "/proc
file system support" and "Sysctl support" below and executing the
line
echo "1" > /proc/sys/net/ipv4/ip_forward |
I didn't tell you how before because your ISP will cut you off if you try to use IP addresses that are allocated to another user.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Mon Apr 18, 2005 5:44 pm Post subject: |
|
|
Thanks for all the explanation!
I followed your directions correctly, I think, but it didn't quite work.
I first changed the ip-address of eth0 by putting this in /etc/conf.d/net. That might be a big mistake though... I did it only in the installation with net-setup, so I don't really know how to do it.
| Code: | | iface_eth0="10.0.0.99 broadcast 10.0.0.255 netmask 255.255.255.0" |
Then, to apply it, I did:
| Code: | # /etc/init.d/net.eth0 restart
# /etc/init.d/net.eth1 restart |
After that I edited /etc/conf.d/local.start, to have it look like this now:
| Code: | # /etc/conf.d/local.start:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/local.start,v 1.4 2002/11/18 19:39:22 azarah Exp $
# This is a good place to load any misc.
# programs on startup ( 1>&2 )
# For Routing (IP forwarding Actually)
echo "1" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/conf/eth0/proxy_arp
echo "1" >/proc/sys/net/ipv4/conf/eth1/proxy_arp |
After that I also executed the three commands. I cat'ed them all, and they all say 1.
Here's the ifconfig on my PC. It's quite long because of VMWare, but maybe it has important information for the troubleshooting:
| Code: | # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:6E:D0:9F:71
inet addr:10.0.0.99 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:117820 errors:0 dropped:0 overruns:0 frame:0
TX packets:102389 errors:34 dropped:0 overruns:0 carrier:33
collisions:0 txqueuelen:1000
RX bytes:39002637 (37.1 Mb) TX bytes:36257738 (34.5 Mb)
Interrupt:22 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:50:FC:F5:90:78
inet addr:10.0.0.151 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:745 errors:0 dropped:0 overruns:0 frame:0
TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:105972 (103.4 Kb) TX bytes:11220 (10.9 Kb)
Interrupt:17 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:263 errors:0 dropped:0 overruns:0 frame:0
TX packets:263 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25663 (25.0 Kb) TX bytes:25663 (25.0 Kb)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:192.168.79.1 Bcast:192.168.79.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet addr:192.168.162.1 Bcast:192.168.162.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
route on my PC:
| Code: | # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.162.0 * 255.255.255.0 U 0 0 0 vmnet8
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.79.0 * 255.255.255.0 U 0 0 0 vmnet1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default SpeedTouch.lan 0.0.0.0 UG 0 0 0 eth0 |
The same on my brother's PC. Might be a few typo's, because I don't have a way to get it on my computer (floppy drives, what are those?  ).
| Code: | # ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:FC:85:CB:94
inet addr:10.0.0.101 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:723 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1440 (1.4 Kb) TX bytes:71814 (70.1 Kb)
Interrupt:21 Base address:0x8f00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 Kb) TX bytes:0 (0.0 Kb)
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback livecd.gentoo 255.0.0.0 UG 0 0 0 lo
default 10.0.0.138 0.0.0.0 UG 1 0 0 eth0 |
Oh, and I just though it might be usefull to tell how I tested it. Well, basically I tried pinging 10.0.0.99, 10.0.0.138 and www.google.com from by brother's PC, tried pinging 10.0.0.101 from my own PC, and did an nmap. All negative results.
I hope with all this information here you can help me.
PS. I hope I don't expose any security risks of my network here. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 7:37 pm Post subject: |
|
|
t0maz,
Thats vey helpful. you have not exposed any pubic IPs.
VMWare is a complication I had not expected. I don't know how it drives the network for guest operating systesms. Anyway, here is a problem.
You said:-
route on my PC:
| Code: | Code:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.162.0 * 255.255.255.0 U 0 0 0 vmnet8
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.79.0 * 255.255.255.0 U 0 0 0 vmnet1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default SpeedTouch.lan 0.0.0.0 UG 0 0 0 eth0
|
You have two routes to 10.0.0.0, one via eth0 the other via eth1.
You need to delete the one that is incorrect with | Code: | | route del -net 10.0.0.0 eth0 |
You probably want to add that to /etc/conf.d/local.start too
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Mon Apr 18, 2005 8:05 pm Post subject: |
|
|
I'm very thankful for all this!
The command you posted didn't work...
| Code: | # route del -net 10.0.0.0 eth0
SIOCDELRT: Invalid argument |
...but with a little help from google this worked:
| Code: | | route del -net 10.0.0.0 netmask 255.255.255.0 eth0 |
My route now lists:
| Code: | # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.162.0 * 255.255.255.0 U 0 0 0 vmnet8
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.79.0 * 255.255.255.0 U 0 0 0 vmnet1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 10.0.0.138 0.0.0.0 UG 0 0 0 eth0 |
If I now ping 10.0.0.99 from my brother's computer, it works, and vice versa. That's already a very nice result!
But, if I try to ping others I get:
| Code: | # ping www.google.com
ping: unkown host www.google.com
# ping 10.0.0.138
PING 10.0.0.138 (10.0.0.138) 56(84) bytes of data.
From 10.0.0.101 icmp_seq=2 Destination Host Unreachable
From 10.0.0.101 icmp_seq=3 Destination Host Unreachable
From 10.0.0.101 icmp_seq=4 Destination Host Unreachable
... |
I checked, of course, if my router is pingable, but it is. I also tried to set 10.0.0.151 as the gateway on my brother's PC (you can't blame me for trying). But all with no result.
I hope you have more ideas.
But first, I go sleep. Again, thanks for all the help so far! |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 9:31 pm Post subject: |
|
|
t0maz,
Full marks for helping yourself. Some more tests are in order.
From your brothers computer,
ping the following IPs and report the first one that doesnt work,
| Code: | ping 10.0.0.101 Thats its own network card so that should be OK
ping 10.0.0.99 Thats the other end of the wire in your PC, that should be OK too
ping 10.0.0.151 Thats your other NIC. If this fails I suspect your kernel does not have forwarding.
ping 10.0.0.138 Thats your router VMware may make a mess of this
ping 216.239.57.99 Thats google |
I forgot about setting up a nameserver on your brothers PC.
Copy your /etc/resolv.conf to your brothers PC or he will not be able to browse the web using names.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Johnyp
Guru
Joined: 23 Mar 2005
Posts: 301
|
| Posted: Mon Apr 18, 2005 9:42 pm Post subject: |
|
|
Hold on guys - if the net looks the way it's described
Internet======[public-IP---ROUTER---private-IP]====[switch]===[gentoo box]
______________________________________________^=====[brother's pc]
then all he needs to do it take his brothers cable (not a cross over) and plug into a free port on the switch. Then configure brother's pc with the same DNS (resolve.conf), gateway, and IP from the same range.
If your ip is 10.0.0.151 make your brother's ip 10.0.0.152 and you should be golden.
_________________
Gentoo Unanswered Questions- Give it a try! |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Mon Apr 18, 2005 9:46 pm Post subject: |
|
|
Johnyp,
He doesn't want to
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Tue Apr 19, 2005 9:53 am Post subject: |
|
|
NeddySeagoon, thanks, I'll try it when I come home from work.
Johnyp, because of my parents, the network in my house is a bit strange and alternative. See, when I want to be on the network, I need to grab a cable, put it in the switch downstairs, go all the way upstairs, and plug it in in my PC. I have to get rid of the cable again in the afternoon.
I could just do the same with my brother's PC, but this is more 'easy' when it's fixed. Also, I like to know how I do these things, for later.
I also could just buy another switch and place it upstairs, but a switch is about 30 euro and a cable (which I already have) about 5 euro.
Thanks for your suggestion anyway. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Tue Apr 19, 2005 8:06 pm Post subject: |
|
|
Hi, here I am again!
If I do
| Code: | | route del -net 10.0.0.0 netmask 255.255.255.0 eth0 |
on my brother's PC, I can ping some addresses:
| Code: | 10.0.0.101 Success! :-D
10.0.0.99 Success! :-D
10.0.0.151 Success! :-D
10.0.0.138 Failure! :-(
216.239.57.99 Failure! :-(
66.102.9.104 Failure! :-( |
That last one is the one that showed up when I was trying to ping www.google.com. I thought I might give it a try.
The strange thing is, that if I delete that route thing, all active connections on my PC still work, but I can not ping 10.0.0.138 anymore. I also am not able to do other internet related things. I think that's got to do with name resolution (dns?) then.
I'll be back tomorrow again, thanks for the help. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Tue Apr 19, 2005 11:26 pm Post subject: |
|
|
t0maz,
Lets go back to this post by me:-
Thats vey helpful. you have not exposed any pubic IPs.
VMWare is a complication I had not expected. I don't know how it drives the network for guest operating systesms. Anyway, here is a problem.
You said:-
route on my PC:
Code:
Code:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.162.0 * 255.255.255.0 U 0 0 0 vmnet8
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.79.0 * 255.255.255.0 U 0 0 0 vmnet1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default SpeedTouch.lan 0.0.0.0 UG 0 0 0 eth0
You have two routes to 10.0.0.0, one via eth0 the other via eth1.
You need to delete the one that is incorrect with
Code:
route del -net 10.0.0.0 eth0
You probably want to add that to /etc/conf.d/local.start too
It doesnt quite go far enough. You need to do a route add
| Code: | | route add 10.0.0.101 eth0 |
This sends packets to your brothers PC.
It should automatically get a netmask of 255.255.255.255
Your route rable will then look like
| Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.162.0 * 255.255.255.0 U 0 0 0 vmnet8
10.0.0.101 * 255.255.255.255 U 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.79.0 * 255.255.255.0 U 0 0 0 vmnet1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default SpeedTouch.lan 0.0.0.0 UG 0 0 0 eth0 |
this explains the failure to ping 10.0.0.138 because without the new route, packets be returned from 10.0.0.138 to your brothers PC have no way back. They would be routed using | Code: | | 10.0.0.0 * 255.255.255.0 U 0 0 0 eth1 |
which sends them over the wrong interface. The new route will send packets for 10.0.0.101 over eth0.
Do the same series of tests please.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Wed Apr 20, 2005 1:01 am Post subject: |
|
|
Has anyone mentioned that you have two IPs for the same subnet on two different physical networks? That's why you're getting the double route entry, because you have 10.0.0.x configured on two different network cards (eth0 & eth1). I'm suprised anything works! =)
_________________
http://get.a.clue.de |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Wed Apr 20, 2005 7:21 am Post subject: |
|
|
| splooge wrote: | | Has anyone mentioned that you have two IPs for the same subnet on two different physical networks? That's why you're getting the double route entry, because you have 10.0.0.x configured on two different network cards (eth0 & eth1). I'm suprised anything works! =) |
Lol.  Well can you tell me how to do it so it works then? |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54808
Location: 56N 3W
|
| Posted: Wed Apr 20, 2005 10:36 am Post subject: |
|
|
splooge,
Thats true. and I fixed that in my last post. I actually have a script that sets this up exactly as t0maz requests for Ethernet over USB for my iPaq and it works here the way I'm trying to describe. The script does a lot more than just set up IP addresses and routes though. I suppose I could hack the script but I can't test it here, well not easily.
t0maz,
If fixing the route as I described above doesn't work, I'll hack the iPaq script I have. I will need to reconfigure my network a little, so its like yours to test though.
You can find the raw script in this thread https://forums.gentoo.org/viewtopic-t-306216-highlight-ipaqnet.html
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
thomasvk
Guru
Joined: 19 Mar 2005
Posts: 597
|
| Posted: Sun Apr 24, 2005 6:59 pm Post subject: |
|
|
NeddySeagoon,
I want to thank you for all the help you gave me. I really appreciate it.
It's not needed anymore though, I'm switching back to Windows. Linux didn't really fit my needs I think. Specially the fact that I'm addicted to gaming made me decide to switch back again.
Anyway,.... just wanted to say thanks for all the help. |
|
| Back to top |
|
|
|
Networking & Security
