Hardware fault or my stupidity? SOLVED

[MrSums]

I'm trying to replace my aging Netwinder server with a Gentoo-based home-build. I'm using a reclaimed mini-itx based machine into which I've added an extra ethernet card. Installed gentoo with very basic defaults and no X server. Included webmin so I can change setting remotely if I can ever get the **** thing to work properly

At present, everything boots up nicely and I have eth0 grabbing the internet connection from my cable modem. eth2 is set up as static 192.168.1.1. For some reason eth1 is not recognised by the system and udev insist on setting it up as eth2. Maybe this is the problem?

On boot up, the server can see internet and firing up lynx allows basic browsing. My desktop I have set up as static 192.168.1.9 and this can access the server via webmin and can ping the addresses of both eth0 and eth2 on the server. However, the desktop cannot ping external addresses (such as my isp's nameservers) or otherwise access the internet at all.

ifconfig of the server:

[jongeek]

You may need to enable ip forwarding. It is not turned on by default. Try

[MrSums]

ip forwarding already enabled:

[jongeek]

You need to have NAT setup in order for your internal machines to access the internet. iptables provides this functionality in addition to packet filtering, etc. Go ahead and emerge iptables if you haven't already. You also need kernel support, enable NAT under "networking|networking options|network packet filtering|IP: netfilter configuration|Full NAT" in the kernel configurator (make menuconfig). There are also a lot of kernel options controlling packet filtering, etc., but the Full NAT is what you need for this issue. If you don't have that stuff built in already, go ahead and do so and reboot to the new kernel. I can provide my kernel config file if you'd like an example, though it has a lot of non-NAT packet filtering stuff enabled as well. Then,

Using the network config you described, this ought to do the trick:

[MrSums]

Brilliant - thanks very much. Tried with your suggestion - which worked - then followed the link and replaced with

[jongeek]

I think you're correct about using MASQUERADE instead of SNAT. I use a static address at work, and a DHCP address at home that only changes a couple of times a year, so I use SNAT, but MASQUERADE is more appropriate for DHCP.

What ethernet cards are in your machines ? Do the desktop and the new gateway have the same speed ethernet cards ? There is certainly some overhead to using netfilter, but I didn't think it would be enough to slow things down that much. Are you giving your speeds in Mbps or MBps ? I max out at ~800 KBps (~6 Mbps ?), and I get the same download speeds whether going through my Gentoo router/gateway, or hooked directly to the cable modem.

You can also add this rule to your iptables rules for troubleshooting. It helps to see if packets that you want are being dropped due to a misconfigured iptables setup.

[MrSums]

Is the order of the rules important? - ie should the

[agent_jdh]

One way to get round the firewalling issue is to use shorewall - excellent documentation and really easy to set up.
_________________
Jingle Jangle Jewellery

[jongeek]

I don't know what the frame: means either.

Can you run the speed test from the gateway itself ? The results would be interesting.

@agent_jdh: shorewall looks interesting. I've been too lazy to look for anything other than straight command-line iptables. Then again, my needs are pretty simple with respect to packet filtering. But I'm going to check it out. Thanks !

[eccerr0r]

A framing error is when a packet gets sent to the machine but the frame decoder got confused about the frame, usually when packet start/stop conditions occur when they aren't expected. A lot of the times it's bad wiring or noise, or possibly the driving end (note: this hardware driving end, not packet origination driving end) is producing incorrect packet start/stop conditions.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[MrSums]

I've just run a speed test on the server with it set up as a standard non-gui machine connected via the old server. It is currently downloading a test file at 250KiB/sec which I think equates to the 1.2Mbps.

So clearly there is a problem with the card - actually the on-board ethernet

[Some while later] Over dinner I thought it might not be the card, so I've just tried it again with another ethernet cable. Speed has at least doubled - this estimate puts it at around 4Mbps.

I will re-configure it all again later as a server, but with new cable and report back
_________________
If you dont ask, you wont get

[Gef]

[ScarletPimpFromHell]

The most common speed related error is actually a mismatched duplex setting on either the NIC (Network Interface Card) or the switch port. Basically a network card can operate in full or half duplex.

When full duplex is being used both machines connected to the cable can transmit and receive simultanously. In half duplex mode one machine transmits and the other one receives. In this mode if both machines transmit at the same time a collision occurs. The NIC will attempt to autonegociate the mode of operation with the other machine attached to the link, but if negociations fail the default mode is 100Mb/s @ half duplex.

I can see by you ifconfig dump neither eth0 or eth2 are clocking up errors, there has also been bugger all traffic on the link, so in all probability there just hasn't been enough traffic to cause a collision. I'm making the assumption that both NICS are operating in 100Mb/s half duplex mode. You should check your cable mode attached to eth0 and the switch port attached to eth2 and make sure that they are both configured for auto-negociate.

[MrSums]

Turns out the cable thing was a red herring and didn't help - speed still the same. Then I remembered that the cable people said if I want more than 10Mbps I need to change my cable modem and linked that with the fact that the old server has a 10BaseT ethernet board on eth0. So I set