sinner052397
asked on
Routing problems?
Hello!
I'm having probs trying to access the net from behind a second
router... it's kind of weird really, maybe then again, I'm just
inexperienced with networks!
I am having probs using the IP numbers 192.168.2.XXX as the IP
numbers for the computers behind the firewall. Here is a breakdown of the
problem. First thing I'd like to say is that the firewall has not been
installed nor configured yet! I have the linux (slack 2.0.29) box with
both ethernet cards up and running but there are no filters set in place.
Actually it's more of a router right now than a firewall.. but anyways.
Here is a description of the setup.
I have 1 (so far) computer (CP1) behind the firewall. CP1 has the IP
address of 192.168.2.2. The Firewall machine has eth0 set as 192.168.2.1
and eth1 as 206.84.66.162. On the outside of the firewall there are 4
stations with 206 addresses, and beyond that is the cisco 1000 router to
the internet, beyond the cisco are DNS servers 206.137.97.254 and 253.
All 4 external stations can surf the net no prob, and they can see CP1 no
prob. How ever CP1 can see as far as the cisco 1000 router (ping and
traceroute wise) but cannot get to the DNS servers!
here is some info I took from shell.
--------------------------
From behind the firewall
web:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1500 0 0 eth0
traceroute to 206.137.97.254 (206.137.97.254), 30 hops max, 40 byte
packets
1 10.107.136.200 (10.107.136.200) 2.22 ms 23.854 ms 1.482 ms
2 206.84.66.161 (206.84.66.161) 2.612 ms 1.997 ms 1.972 ms
3 * * *
4 * * *
5 * * ^C and so on until 30
from the firewall machine....
traceroute to 206.137.97.254 (206.137.97.254), 30 hops max, 40 byte
packets
1 206.84.66.161 (206.84.66.161) 1.769 ms 1.68 ms 1.698 ms
2 192.168.100.77 (192.168.100.77) 20.077 ms 20.204 ms 20.086 ms
3 polux.entelchile.net (206.137.97.254) 20.225 ms 19.947 ms 20.168 ms
I see here that the "ISDN modem" has an IP address of 192.168.100.77.
Could that be messing me up?
I don't think so because I had the same prob when I used another set of
reserved IP numbers (10.XXX.XXX.XXX)
I thought of a possible solution, take the IP numbers that were assigned
to me and make 2 networks out of them. One for behind the firewall and of
for outside the firewall.
The good folks that gave me the dedicated lines game me the following
data:
Netmask 255.255.255.224
Network 206.84.66.160
Broadcast 206.84.66.191
Gateway 206.84.66.161
So.. I have X.162 to X.190 available to play with. Now I want to break this
up into 2 smaller networks. One to place behind the firewall and one
outside it. I came up with the following table. Is this correct?
NET 1 NET 2
Netmask 255.255.255.224 255.255.255.224
Network 206.84.66.178 206.84.66.160
Broadcast 206.84.66.191 206.84.66.177
Gateway 206.84.66.178 206.84.66.161
So in Net 1. Eth0 on the firewall would be 206.84.66.178 and the
individual stations would go from 179 to 190.. Can I use 191?
And in Net 2. Eth1 on the firewall would be 162. 160 is the "ISDN Modem",
161 is the router to the internet 162 would be eth1 on the firewall and
the stations Outside the firewall would go up to 176.. again, could I use
the broadcast number of 177 as an IP number for one of the stations?
By the way. Here is the the netsat results from the firewall machine.
The 3rd line was added automatically by the "ISDN modem" or cisco router,
not sure which but it is not in my /etc/rc.d/rc.inet1 file.
fw:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
206.84.66.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth1
192.168.100.0 206.84.66.161 255.255.255.0 UG 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 206.84.66.161 0.0.0.0 UG 1500 0 0 eth0
Thank you for your help!
It is greatly appreciated!
Marcelo Iturbe
206.84.66.160 ________204.84.66.161 204.84.66.162 192.168.2.1
__ _ \ | | / _____________ \ __________ / ___________
inter-| \|Cisco 1000| | 4 | \ | Firewall | |192.168.2.2 |
net \---| System |----| Workstations|--- | (router)|---| CP1 |
/\_/\_/ |__________| |__.170 -.173_| |_(gateway)| |__________|
UURG!!
You should change the width to of this window to 80 collumns!
I'm having probs trying to access the net from behind a second
router... it's kind of weird really, maybe then again, I'm just
inexperienced with networks!
I am having probs using the IP numbers 192.168.2.XXX as the IP
numbers for the computers behind the firewall. Here is a breakdown of the
problem. First thing I'd like to say is that the firewall has not been
installed nor configured yet! I have the linux (slack 2.0.29) box with
both ethernet cards up and running but there are no filters set in place.
Actually it's more of a router right now than a firewall.. but anyways.
Here is a description of the setup.
I have 1 (so far) computer (CP1) behind the firewall. CP1 has the IP
address of 192.168.2.2. The Firewall machine has eth0 set as 192.168.2.1
and eth1 as 206.84.66.162. On the outside of the firewall there are 4
stations with 206 addresses, and beyond that is the cisco 1000 router to
the internet, beyond the cisco are DNS servers 206.137.97.254 and 253.
All 4 external stations can surf the net no prob, and they can see CP1 no
prob. How ever CP1 can see as far as the cisco 1000 router (ping and
traceroute wise) but cannot get to the DNS servers!
here is some info I took from shell.
--------------------------
From behind the firewall
web:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1500 0 0 eth0
traceroute to 206.137.97.254 (206.137.97.254), 30 hops max, 40 byte
packets
1 10.107.136.200 (10.107.136.200) 2.22 ms 23.854 ms 1.482 ms
2 206.84.66.161 (206.84.66.161) 2.612 ms 1.997 ms 1.972 ms
3 * * *
4 * * *
5 * * ^C and so on until 30
from the firewall machine....
traceroute to 206.137.97.254 (206.137.97.254), 30 hops max, 40 byte
packets
1 206.84.66.161 (206.84.66.161) 1.769 ms 1.68 ms 1.698 ms
2 192.168.100.77 (192.168.100.77) 20.077 ms 20.204 ms 20.086 ms
3 polux.entelchile.net (206.137.97.254) 20.225 ms 19.947 ms 20.168 ms
I see here that the "ISDN modem" has an IP address of 192.168.100.77.
Could that be messing me up?
I don't think so because I had the same prob when I used another set of
reserved IP numbers (10.XXX.XXX.XXX)
I thought of a possible solution, take the IP numbers that were assigned
to me and make 2 networks out of them. One for behind the firewall and of
for outside the firewall.
The good folks that gave me the dedicated lines game me the following
data:
Netmask 255.255.255.224
Network 206.84.66.160
Broadcast 206.84.66.191
Gateway 206.84.66.161
So.. I have X.162 to X.190 available to play with. Now I want to break this
up into 2 smaller networks. One to place behind the firewall and one
outside it. I came up with the following table. Is this correct?
NET 1 NET 2
Netmask 255.255.255.224 255.255.255.224
Network 206.84.66.178 206.84.66.160
Broadcast 206.84.66.191 206.84.66.177
Gateway 206.84.66.178 206.84.66.161
So in Net 1. Eth0 on the firewall would be 206.84.66.178 and the
individual stations would go from 179 to 190.. Can I use 191?
And in Net 2. Eth1 on the firewall would be 162. 160 is the "ISDN Modem",
161 is the router to the internet 162 would be eth1 on the firewall and
the stations Outside the firewall would go up to 176.. again, could I use
the broadcast number of 177 as an IP number for one of the stations?
By the way. Here is the the netsat results from the firewall machine.
The 3rd line was added automatically by the "ISDN modem" or cisco router,
not sure which but it is not in my /etc/rc.d/rc.inet1 file.
fw:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
206.84.66.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth1
192.168.100.0 206.84.66.161 255.255.255.0 UG 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 206.84.66.161 0.0.0.0 UG 1500 0 0 eth0
Thank you for your help!
It is greatly appreciated!
Marcelo Iturbe
206.84.66.160 ________204.84.66.161 204.84.66.162 192.168.2.1
__ _ \ | | / _____________ \ __________ / ___________
inter-| \|Cisco 1000| | 4 | \ | Firewall | |192.168.2.2 |
net \---| System |----| Workstations|--- | (router)|---| CP1 |
/\_/\_/ |__________| |__.170 -.173_| |_(gateway)| |__________|
UURG!!
You should change the width to of this window to 80 collumns!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did that and it worked well, but I also discovered that soon I will have more thatn 20 pc's behind the linux router and 15 infront of it, so I will run out of IPs and IP numbers are EXPENSIVE here in Chile so I already masqueraded them.
Thanks for your help!