[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

ipmasq

I have 2 computers networked together. in the server computer i have two network card one the lan and the other is for the adsl router(cisco 677)
i can ping the network on the client compuuters but can't get on the net. the server is the only computer that can get on the net. i have ipmasq setup but still not working the most i can can do is ping 10.,0.0.2 and that is the dsl network card.

info
server
eth0 is 192.168.0.1
eth1 is dchp (10.0.0.2) the router

client
eth0 is 192.168.0.5

please help me ??
0
tgrandinetti
Asked:
tgrandinetti
  • 15
  • 15
  • 6
  • +1
1 Solution
 
tgrandinettiAuthor Commented:
Adjusted points to 75
0
 
jlevieCommented:
Do the clients have their default gateway set to point to the "inside" NIC of Linux box?
0
 
lugnut1221Commented:
The router should have the real ip shouldnt it..i dont see a need for the server to have two ethernet cards because its not routing between any nets. that is what the router is for.  The router should be getting the "real" ip from your ISP and there should be a second ethernet port on the router which should be 10.10.10.1 or something like that... This should be the default gatway for the entire network..even the server
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
tgrandinettiAuthor Commented:
i can ping the eth1 but can't get on the net. these computers will be for an web server and an dns server
0
 
jlevieCommented:
When you say you can ping eth1, does that mean from one of client or from within the server box?  Can you ping the inside machine from the server box?

On the server and the client what is the output of "netstat -rn"? It would also help to seen the output of "ifconfig -a" from both machines.

What ethernet cards are in the IP Masq server (make/model)? I'd also like to see the contents of /etc/conf.modules.
0
 
lugnut1221Commented:
Now im not  that familiar of the Cisco dsl router.  but what i do know is that the dsl router will be assigned the real ip , not your server.  your router will also have a second eth interface with an internal IP. I do know that that cisco router does support NAT which will get all you internal computers on the net but i dont THINK it will forward web and DNS requests to an internal server.  What your talking about would best be accomplished by using Linux as your server OS which will do NAT to give net access and will be your web and DNS server.
0
 
lugnut1221Commented:
ok i did some reading on the Cisco 677.  The routing situation that your describing does not make scence.  The as you know the Cisco 677 is basicly a router / dsl modem in one.  it has the eth0 port which is your internal port (gets connected to the hub and has an internal IP address such as 10.10.10.1) The wall port is not really an ether net port but for simplicity sake we can talk like it is one. The cisco can be a DHCP Client which will obtain a valid IP address from your ISP and assign that to the WAN or "eth1" port.  What is going to happen here is the router will take all traffic from the 10.10.10.* side and route it to the its default gateway.  (The internal pc gateway will be 10.10.10.1, and the router default gateway will be the gateway for that dsl subnet (if you dont know this ip your ISP will tell you). for  The net to work you need NAT enabled on the cicso and you need to add a default route to the cisco. again i am pretty sure now that the cisco will not alow trafic to the server from the outside so you cant have a web and DNS server.  Again to do this use a linux server as both the router, web and DNS server....to utilize the cisco as just a plain dsl modem you need to put it in to bridge mode and not routing mode.
0
 
jlevieCommented:
Uh, I hate to sound picky, but, lugnut1221, did you actually read the question? All of that information about the 677, while basically correct isn't applicable to the question. The server has two NIC's and is IP Masquerading the internal net onto the single external IP. So whether on not the 677 can do NAT is immaterial (and he may not have admin privs on the 677 anyway).
0
 
lugnut1221Commented:
then what is the point of the 677 if the server is doing the doing the NAT.  If you only have one real IP then the router should have the real ip.  If your using the 677 as strictly a dsl modem then i can see what you mean
0
 
lugnut1221Commented:
where exactly do you have the 677 connected to...eth0 should be connected to the hub and the WAN or wall port should be connected to the dsl line itself
0
 
jlevieCommented:
He says in the question that the 677 is connected to one of the server NIC's, eth1 to be exact.
0
 
lugnut1221Commented:
well if thats the case the 677 is not going to be the router. Its going to function as a plain dsl modem.  the Server is going to have to do the routing.  for this to happen the server #1 has to be able to get on the net (which you say it can), #2 ip fowarding has to be enabled, #3 two ipchain commands must be executed on boot. thest lines are as follows

ipchains -P forward DENY
ipchains  -A forward -s 192.168.0.5 /24 -j MASQ

the gateway should be set to the 192.168.0.1 for all the internal pcs

0
 
tgrandinettiAuthor Commented:
netstat=
192.168.0.1 0.0.0.0 255.255.255.255 uh 0.0 0 eth0

10.0.0.0  0.0.0.0  255.255.255.0 u 0.0 0 eth1

192.168.0.0 0.0.0.0 255.255.255.0 u 0.0 0 eth0

127.0.0.0  0.0.0.0  255.0.0.0 ug 0.0 0 lo

0.0.0.0  10.0.0.1 0.0.0.0  ug 0.0 0 eth1


0
 
tgrandinettiAuthor Commented:
if i hook every thing up to hub it all works but then i 'm on my isp network. if i do it like that will the dns and apache work. i have a really fast line speed. 8m down and 2.345 upload and i want to start my own web server and to lease out space so what everway will work i will try.....You guys are the experts. Remember i have just one ip address 199.190.xx.xx. and that goes to the router and the router is 10.0.0.2 to my computer.

yes my router using dchp

when i do nslookup i get ns1.madbbs.com my isp.

what sucks about adsl is that i'm on the isp network. but for 219.00 a month i'm going fast than a t1 line that is alot cheaper (2300 a month) Now you guys know what i want to do can i do this idea i have? AND can you help, find the best way to set it up
0
 
jlevieCommented:
Is NAT already configured on the 677? According to the data in the netstat output it would have to be for those addresses to be in use on the outside of the Linux box.

And yes, you could hook the 677 directly to the hub and have Apache, DNS, and other servers, but your network would be wide open... No firewall between your machines and the Internet. The config on the 677 would undoubtedly need massaging in that case to allow inbound port forwarding. Who controls (has "enable" privs on the 677) the config of the 677, you or the ISP?
0
 
tgrandinettiAuthor Commented:
yes my isp

why isn't it working
0
 
jlevieCommented:
I've worked with a lot of Cisco gear, but not with a 677, so some of this is conjecture...

A couple of definitions...
NPAT (or PAT as Cisco frequently calls it) is Network Port Address Translation. It's used to allow multiple machines on a local net to share a single external IP address. NPAT translates both the TCP/IP port in use for a connection and the IP address. IP Masquerade is frequently called NAT, but in fact it's NPAT. For inside systems to be able to provide services to outside (Internet) systems the box that is doing NPAT has to be configured to "port-forward" all inbound requests on a specific port to one of the inside systems.

NAT is Network Address Translation, which only translates the IP address. NAT requires more than one external IP as each inside system will require an external IP for at least the life of a particular session. NAT, since it has to have multiple external IP's, can be configured for static translations between inside and outside IP's. This in conjunction with rules to allow inbound requests on a specific port or ports allows machines inside to act as servers to Internet clients.
 
I think what's happening is the the 677 is NPAT'ing your 10.0.0.0 network onto a single external IP, which is fine and works when all the systems and the router are hooked to the hub. However when you introduce a second level of NPAT with the IP Masq the router can't figure out how to translate the "translated ports" and can't return the data stream back to the originating host.

Since you don't control the router, your options are somewhat limited. To have servers that are accessible from the outside, the router must be configured to allow that traffic inbound. If, as I suspect, it is doing NPAT, that would mean configuring a port forward for each service to one of the internal machines.
Even if it was doing NAT instead, it would still require a configuration change to set up the static translations and allowed port(s). In either case the ISP would have to do this as they control the router.

Whether or not the ISP is willing to do this may depend on what kind of service you've got and what their Terms and Conditions are for each kind of service they offer. Some ISPs have T&C that absolutely prohibit any kind of server on their "personal Internet services". Others are more generous and as long as the traffic isn't too great they'll tolerate a "home user" running a server or two. If you haven't already done so, you should probably check the Terms and Conditions of you service to see if it allows you to run servers. Of course if you have a "commercial" service that allows servers, the ISP should be more than willing to help set this up.


0
 
tgrandinettiAuthor Commented:
my isp set it up for i'll double the point if you can help me set an dns server
0
 
jlevieCommented:
Yeah we can do that. First it would be good to verify that the external IP for your name server works. I can probably tell if you'll tell what IP they said the DNS server should appear at.

Also I'm going to need your domain name, the host name of your dns server and he IP of your second dns server (quite possibly your ISP is willing to provide that service oor may have already agreed to it).
0
 
tgrandinettiAuthor Commented:
my ip adress is 206.162.25.239
get get on the net (ny isp) 199.190.126.13
199.190.126.14
i don't have an domain namei was think of lionsden

if you talking about my two computer
kandy.advantage.net 192.168.0.1
mal.advantage.net 192.168.0.5

kandy is also the web server

0
 
jlevieCommented:
Okay, let's see. Your external IP is within a network that belongs to madbbs.com. In fact your IP has the hostname of dsl206.162.25.239.madbbs.com. Currently the nameservers for advantage.net are:

advantage.net   nameserver = NS2.NETSERVE.NET
advantage.net   nameserver = NS1.NETSERVE.NET
 
It looks like you registered the domain through Network solutions, sound correct?
0
 
tgrandinettiAuthor Commented:
no i have no domain name
0
 
jlevieCommented:
I based that comment on what you said earlier, that your inside computers were:

kandy.advantage.net 192.168.0.1
mal.advantage.net 192.168.0.5

So I guess I'm confused, is advantage.net registered to you?
0
 
tgrandinettiAuthor Commented:
no
0
 
tgrandinettiAuthor Commented:
no i don't have a domian name please help
0
 
tgrandinettiAuthor Commented:
the name i want to use is advantiumplus.com
0
 
jlevieCommented:
Hang on instructions forthcomming...
0
 
tgrandinettiAuthor Commented:
i just got a domainname today advantiumplus.com
0
 
jlevieCommented:
Okay, I got a few minutes now. When you registered the domain, what nameserver IP's were specified? If you intend to set up your machine as the primary name server for the domain, you'll need the cooperation of your ISP to get the public IP that you'll be using for the dns server delegated to your domain. You also are required to have a second nameserver, and you may want to get your ISP to provide provide that service.
0
 
tgrandinettiAuthor Commented:
don't under stand
0
 
jlevieCommented:
Which part?
0
 
tgrandinettiAuthor Commented:
how do setup an mailserver for my office
xxx@advantiumplus.com
0
 
jlevieCommented:
Okay, your ISP has set up an MX record for you pinting mail for your domain to mail.advantiumplus.com, which resolves to 206.162.25.239. The IP is live in that it can be pinged, but there doesn't appear to be a sendmail server running. Is that the IP that you intend to use as the mail server? Is its hostname set to "mail.advantiumplus.com"?

I'm a little concerned that I can't connect to the SMTP port at that IP. Even if sendmail isn't configured to accept email or to send email out to other servers, I would expect to be able to connect to it.
0
 
tgrandinettiAuthor Commented:
i dont know how to set send mail
my domain is www.advantiumplus.com
0
 
jlevieCommented:
I'm sorry, I accidentally filed the last email notification on this question in the wrong folder and just now found it again.

Let's see... Actually your domain name is advantiumplus.com. Your web server would be www.advantiumplus.com. The DNS is set up to deliver all mail to mail.advantiumplus.com, but that could be easily changed by your ISP.

I hope this won't become to confusing, but what I would recommend that you do is to make the machine's official name be mail.advantiumplus.com and set the web server up as a virtual server responding to www.advantiumplus.com. The reason is that mail systems don't need to change very often and email is more picky about hostnames & IP addresses than a web server is. If the web server isn't tightly bound to this system it's very easy later to move it to another system. You don't have to use mail.advantiumplus.com as this machines hostname, but if you decide to use something else you'll need to get your ISP to change the dns records.

Which way do you want to proceed? I don't think I know what Linux you are running, and to go further I guess I need to know.
0
 
egf9ef041700Commented:
change all those IP addresses in the
192 subnet from 192.168.0.X to
something like 192.168.1.X

May work now

;^)
0
 
jlevieCommented:
Why??? 192.168.0.x is just as valid as 192.168.1.x as far an OS (Linux/Unix/Windows, etc) is concerned. And it perferctly acceptable to a router if you tell the router that it's allowed to use subnet zero.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 15
  • 15
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now