Solved

Redhat Linux 7.1 Network to Windows 2000

Posted on 2001-06-29
15
238 Views
Last Modified: 2010-03-18
Hi there. I am another Linux newbie trying to set up RH 7.1 as a firewall for 2 Windows 2000 machines. I had this working :) but I broke it somehow :( I have reinstalled.

I have spent about 30 hours so far trying set up the network (configuring hosts, routes, default gateways, dns, dhcp etc, etc, etc)

The server has 2 ethernet cards which seem to be installed ok. I am using gnome.

my server is binaryserv with ip 127.0.0.1
I have lo installed ok
I have eth0 with 192.168.0.10
I have eth1 with 192.168.0.11
abc1 is 192.168.0.20
binaryone is 192.168.0.21

I can ping abc1 but not binaryone

I have tested the physical network by booting to DOS and it is working

If I do dmesg | grep -i irq
it says PCI: Found IRQ 5 for device 00:07.2
IRQ routing conflict in pirq table for device 00:07.2

Would that stop me from pinging?

Also, I would like the Linux box to be a DNS server for the network. I have tried and tried to set it up but I can't get it working. (I think I have it working now, how do I test it)

I have followed the instructions to get this working:
- in 2 red hat linux books
- following howtos and minihowtos
- using man pages
- using linuxconf documentation
- from a linux web site
- following previous EE questions.

The problem is I don't understand what I am doing. As I have said I have put at least 30 hours into this and I am running out of ideas. If you need me to type commands and tell you the results, I can. If you need .conf files, specify which ones. I can find them and paste them up.

If you can help me get this working I will be really, really greatful.

Greg
0
Comment
Question by:gregdavey
  • 10
  • 3
  • 2
15 Comments
 

Expert Comment

by:Cironian
Comment Utility
Your questions is a little unclear in some points. Let me try to ask the right questions to resolve that:

> as a firewall for 2 Windows 2000 machines"

Do you mean you want the Linux box to filter traffic between the 2 Win2000 boxes or just connect both to an external network?

> my server is binaryserv with ip 127.0.0.1
> I have lo installed ok
> I have eth0 with 192.168.0.10
> I have eth0 with 192.168.0.11

You listed eth0 twice; am I right to assume the latter is actually eth1? Also, your servers IP is not 127.0.0.1. That one is always the address of the loopback device lo which is never accessible from the outside.

Which network card are your boxes connected to?

For starters, try to place eth0 to 192.168.0.10 and eth1 to 192.168.1.11, both with a netmask of 255.255.255.0, that way there wont be any confusion which card the system should use for the reply packets ; then configure one of your windows boxes once to 192.168.0.20 and once to 192.168.1.20 (netmask of 255.255.255.0 all the time here too) and each time try to ping both adresses of your Linux box. Any results already?
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
Sorry it was pretty late a night when I put in the question

                ===========
                | linserv |------> Modem ---> Internet
                ===========
               eth0 |  | eth1
                    |  |
        =============  =============  
        | abc       |  | binaryone |
        =============  =============

domain name: binarydom
eth0
IP address: 192.168.0.1
Default gateway: 192.168.0.254
Subnet mask: 255.255.255.0

eth1
IP address: 192.168.0.11
Default gateway: 192.168.0.254
Subnet mask: 255.255.255.0

linserv
IP address: In hosts it is 192.168.0.1
Default gateway: 192.168.0.254
Gateway interface: eth0

abc
IP address: 192.168.0.20
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.254
DNS Server: 192.168.0.1

binaryone
IP address: 192.168.0.20
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.254
DNS Server: 192.168.0.1

This is what I CAN do
telnet 127.0.0.1
dig localhost (status: NOERROR)
netstat -i (eth0, eth1 and lo are up)
ping localhost
ping abc1

This is what I can't do
ping binaryone
ping linserv
ping linserv.binarydom
ping 192.168.0.1 from binaryone
ping 192.168.0.254 from binaryone

I don't know how to set up a route between eth1 and eth0

here are some config files and outputs of commands
ifconfig
eth0      Link encap:Ethernet  HWaddr 00:40:F4:15:4C:9F  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:175 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:12 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:40:F4:15:3E:6E  
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:638 errors:0 dropped:0 overruns:0 frame:0
          TX packets:638 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
255.255.255.255 *               255.255.255.255 UH    0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         *               0.0.0.0         U     0      0        0 lo


hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.0.20      abc1
192.168.0.21      binaryone
127.0.0.1      localhost


ping
localhost
PING localhost (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=0 ttl=255 time=48.072 msec
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=255 time=271 usec
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=255 time=291 usec
(etc)
--- localhost ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.216/5.044/48.072/14.342 ms

abc1
PING abc1 (192.168.0.20) from 192.168.0.10 : 56(84) bytes of data.
64 bytes from abc1 (192.168.0.20): icmp_seq=0 ttl=128 time=578 usec
64 bytes from abc1 (192.168.0.20): icmp_seq=1 ttl=128 time=376 usec
64 bytes from abc1 (192.168.0.20): icmp_seq=2 ttl=128 time=316 usec
64 bytes from abc1 (192.168.0.20): icmp_seq=3 ttl=128 time=341 usec

--- abc1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.316/0.402/0.578/0.106 ms

binaryone
PING binaryone (192.168.0.21) from 192.168.0.10 : 56(84) bytes of data.
From 192.168.0.10: Destination Host Unreachable

--- binaryone ping statistics ---
38 packets transmitted, 0 packets received, +2 errors, 100% packet loss


I can see that linux is trying to ping binaryone from eth0 (192.168.0.10) instead of eth1 (192.168.0.11)

I will try your solution to see if that works

Apart from that how can I
1. set an ip address for linserv?
2. test dns to see if it is working?
3. set up a domain (binarydom)? (Do I even need one?)

Thanks

Greg
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
sorry again

correct info for eth0

eth0
IP address: 192.168.0.10
Default gateway: 192.168.0.254
Subnet mask: 255.255.255.0

0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
I don't really want to 2 windows machines to be on 2 different sub networks. How do I set up the routing from eth0 to eth1 (is that what I need to do?)

Should I have a gateway on this machine?
Do I need it to be a gateway?

I am very confused!

Greg
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
OK

I reconfigured as suggested
eth0 (192.168.0.10)
eth1 (192.168.1.10)
abc1 (192.168.0.20)
binaryone (192.168.1.20)

I also set the default gateway to 192.168.0.10 (eth0)
Is this correct?

Ping works some of the time
linserv can ping abc1
linserv can ping binaryone
linserv can ping eth0
linserv can ping eth1
linserv can NOT ping 192.168.0.1

abc1 can ping eth0
abc1 can NOT ping eth1
abc1 can NOT ping 192.168.0.1
abc1 can NOT ping binaryone

binaryone can ping eth1
binaryone can NOT ping eth0
binaryone can NOT ping 192.168.0.1
binaryone can NOT ping abc1

binaryone CAN ping 160.81.214.17

I would like to be able to ping abc1 from binarone

Greg
0
 

Expert Comment

by:Cironian
Comment Utility
First, is there any reason why you dont put both Windows machines on the same physical network if they are supposed to be on the same logical network anyway? It seems that you might just use a hub to connect both Win2000 and the Linux box, solving most of your problems. That way you'd also just have to have one NIC on linserv.

Anyway, with the current setup, try the following...

On linserv: Your default gateway should be your PPP (modem) peer adress, as all adresses you dont explicitly tell it about are likely part of the internet.

On each Windows box, the default gateway should be the adress of the interface on linserv it is hooked up to. If that was not the case until now, it would have caused the described problem.

As for your other questions:

> 1. set an ip address for linserv?

You just did. Note that talking of an IP adress *of your system* isnt quite right, as every interface has an IP. Your system only uses those interfaces, but does not define one of them as a "master IP". If you mean the one visible from the internet, that one is on the ppp0 interface and is most likely assigned to you from your ISP when you connect.

> 2. test dns to see if it is working?

You should first ping known IPs on the internet from all machines. If that works, domain name resolution will work too; you only have to enter the adress of your ISPs name server on every machine then.

> 3. set up a domain (binarydom)? (Do I even need one?)

You dont really need one but of course its sometimes more handy to enter the names of your servers instead of their IPs. For the setting up basic connectivity phase however you will be fine without your own name server.
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
>First, is there any reason why you dont put both Windows >machines on the same physical network if they are supposed >to be on the same logical network anyway?

The previous expert advised this would be a good idea. I am putting these back to the same physical and logical network.

>It seems that you might just use a hub to connect
>both Win2000 and the Linux box, solving most of your
>problems. That way you'd also just have to have one NIC on >linserv.

Why? Can't linux handle 2 nics? Windows does beatifully! ;)
Seriously, I have 2 nics but no hub. A 100mbs hub is around $300 here. Way to much. I'll stick with this thanks.

I have the following configuration
ifconfig
eth0     inet addr:192.168.0.20
     Bcast:192.168.0.255
     Mask:255.255.255.0

eth1     inet addr:192.168.0.30
     Bcast:192.168.0.255
     Mask:255.255.255.0

lo     inet addr:127.0.0.1
     Mask:255.0.0.0

hosts
127.0.0.1               linserv localhost.localdomain localhost
192.168.0.21            abc1
192.168.0.31            binaryone

route
127.0.0.1               linserv localhost.localdomain localhost
192.168.0.21            abc1
192.168.0.31            binaryone

THIS IS THE DEFAULT ROUTE WHEN I BOOT UP
This routing table has problems. Eg. when I boot up I can't ping binaryone.
So I enter the following commands

ip route add -host abc1 eth0
ip route add -host binaryone eth1

which gives the following...
Kernel IP routing table
Destination     Gateway     Genmask         Flags Metric Ref    Use Iface
binaryone     *     255.255.255.255 UH    0      0        0 eth1
abc1     *     255.255.255.255 UH    0      0        0 eth0
192.168.0.0     *     255.255.255.0   U     0      0        0 eth0
192.168.0.0     *     255.255.255.0   U     0      0        0 eth1
127.0.0.0     *     255.0.0.0       U     0      0        0 lo

That's ok, I can ping abc1 and binaryone from linserv, but I still can't ping binaryone from abc1 or abc1 from binaryone.

If I set tcpdump -i eth1 and try to ping abc1 from binaryone this is what it says...

who has abc1 tell binaryone

and on binaryon it says...

request timed out

THE WORST THING OF ALL
yes, it gets worse. When I reboot, my route is reset to the original with no route to binaryone or abc1. What gives?

I feel like I am getting much closer.

What do I need to do to ping abc1 from binaryone and binaryone from abc1?

What do I need to do to stop the routing table from being re-set every time I reboot? (I feel like I am working with windows 98 - that os used to dynamically reconfigure every time I rebooted too!)

Thanks for your help

Greg

0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:alweber
Comment Utility
Don't put two NICs into the same network. You were probably advised to put the clients into one net, not the NICs. However, it should work either way:
When you use different networks for the clients, assign them binaryserv as a router: For example, if eth0 is 192.168.0.1/24 and eth1 is 192.168.1.1/24, then give abc1 192.168.0.2/24 with 192.168.0.1 as the default gateway. binaryone gets 192.168.1.2 and 192.168.1.1 as the gateway.
And don't forget to activate IP forwarding on the server, it's disabled by default!

The other way is to put the clients into one net. An example: eth0 is 192.168.0.1/24 and eth1 is 192.168.1.1/24. Give abc1 192.168.0.2 and binaryone 192.168.1.3. Then you will not have to enable routing to reach these three boxes, it should work instantly. But do not try to give two NICs addresses within the same network.

It's not that Linux could not handle two NICs, they just should have different networks unless you are planning to employ some kind of port trunking or bonding, which requires additional software.
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
What about if I divide the network into two segments using a netmask of 255.255.255.128?

Could I put eth0 and abc1 into 192.168.0.1-127
and eth1 and binaryone into 192.168.0.128-254?

eg
eth0 = 192.168.0.50 (Netmask 255.255.255.128)
abc1 = 192.168.0.51 (Netmask 255.255.255.128 gw 192.168.0.50)
eth1 = 192.168.0.150 (Netmask 255.255.255.128)
binaryone = 192.168.0.151 (Netmask 255.255.255.128 gw 192.168.0.150)

Would this work?
Would I have to bridge between the 2 segments of the network?

I am very confused. The first 'expert' told me to put the nics and clients into 2 different networks, then I was told to use one network, then 2 again? Does anyone know what is going on, coz I don't!

Help!

Greg


0
 
LVL 1

Expert Comment

by:alweber
Comment Utility
Yes, you can safely use the two subnets. It will work just like using two completely different networks.

As for the tip to put both cards into one network: There are a few scenarios where it would make sense. In this case, routing seems to be better, as you will not be able to use the machine as a server if you enable bridging because the interfaces would become virtually invisibe. (Of course, you may decide to assign them multiple addresses, but I don't think it's worth it)

Your suggested setup will work, and you will not have to bridge. The server would be acting as a router (don't forget to enable routing!). You will be able to access any connected computer on the two subnets; however, broadcasts won't make it to be routed between the subnets, so abc1 and binaryone will not see each other in the netwirk neighborhood unless you use some sort of WINS server.
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
alweber

Thanks for all of your advice, not that I understand all of it!

This is the setup I have:

eth0 = 192.168.0.50 (Netmask 255.255.255.128)
eth1 = 192.168.0.150 (Netmask 255.255.255.128)

abc1 = 192.168.0.51 (Netmask 255.255.255.128 gw 192.168.0.50)
binaryone = 192.168.0.151 (Netmask 255.255.255.128 gw 192.168.0.150)

abc1 is connected to eth0 and
binaryone is connected to eth1

I had to manually configure the network scripts

ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.50
NETMASK=255.255.255.128

ifcfg-eth1

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.150
NETMASK=255.255.255.128

I also configured SAMBA using swat.

Currently everything is working. I can see and access all computers in the network in network neighbourhood even though I did not set up any wins (Some other program may have set it up without my knowing)

I disagree with you about this setup being like 2 different networks. When I had the same setup with
192.168.0.50 and 192.168.1.50 it did not work. My understanding is that computers in the same network can talk to each other if they have the same netmask but you have to route or bridge between two computers on different networks. I don't really understand this so feel free to correct me if I am wrong :)

Here is a list of problems to be solved.
All of my networking is working perfectly however I lose my settings when I boot. Every time I boot this is what I have to type

ip route add 192.168.0.50 dev eth0
ip route add 192.168.0.150 dev eth1
ifconfig eth0 promisc
ifconfig eth1 promisc
samba start

Is there any way to set these so that I can have them start automatically without having to type them each time.

If you can answer this before I find the answer myself, and by the way, the suggestion should work to get the points! ;) (I have tried lots of suggestions that have not worked on this one!)

Thanks for the help so far - I am almost there!

Greg










0
 
LVL 1

Accepted Solution

by:
alweber earned 200 total points
Comment Utility
Of course you can add the lines in one of the boot scripts, e.g. /etc/rc.d/rc.local which should be executed as one of the last scripts on bootup. So the interfaces should be up and running by then.

However, which i don't see clearly is why you need to issue those commands. The networking subsystem is supposed to set a default set of routes itself, for example a route to 192.168.0.0/25 should be set to Interface eth0. There should also be no need to put the interfaces into promiscouus mode. Please check again if you did enable routing. It's disabled by default!

You can start samba automatically via linixconf. In linuxconf there is a page called "services" (may be wrong, I haven't used the english interface yet ;) where you can enable and disable several services. Set samba to "automatic" to have it started on each bootup. Basically, this is an interface to the init scripts, so you could of course go and tweak them yourself, but I would recommend using linuxconf. You can use it to set the network parameters also, there's no need to manually edit the config scripts. For a start, try running /sbin/linuxconf as root.

As for the network masks: The network masks define the network part of an address, so your 192.168.0.0/25 and 192.168.0.128/25 are about the same thing as using two class C networks (e.g. 192.168.0.0/24 and 192.168.1.0/24) - and it will work the same if you enable routing and set the default routes on the clients.
The broadcast-based host lookup of Windows clients may work in this setup because you set the interfaces in promiscouus mode which means, that every interface will "see" any network traffic on that box. It is definetly not recommended in a productive environment. ;)
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
alweber

Thanks again for the help.

I will try out what you suggested ASAP and get back to you.

A couple of points. Firstly, this is not a production environment, so the promisc mode thing is not a problem. Secondly, I am not sure how to enable routing, but since the whole system is working, I am not too concerned.

I did not want to set any routes on the clients, coz I don't know how. I was hoping to set all of this up on the server, and it seems to be working ok.

The last thing is that I can't get linuxconf to open in gui mode. All I get is that text view and I can't use it.

Thanks again for your help. I will get back to you as soon as I get a chance to try this out.

Greg
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
I am very sorry for taking so long to get back to you on this question. I promised I would respond as soon as I had a chance to look at the RH box again. Unfortunatly I still have not had time to look at it as I am bogged down 7 days a week on a big asp project.

I will award full points to alweber for putting in the effort to try to help.

Please note that this is not any sort of guarantee that the solution works. I am awarding points for effort as I don't have time to test the solution.

Thanks for the input alweber. I hope your solution works when I finally have a chance to implement it!

Greg
0
 
LVL 2

Author Comment

by:gregdavey
Comment Utility
Sorry I can't give you an A 'coz I don't have time to test the solution. I feel bad about that, but there is nothing I can do at the moment. I an stuck doing an asp contract for the next 6 weeks which requires all my time.

Thanks for the help anyway

Greg
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now