Redhat Linux 7.1 Network to Windows 2000

Hi there. I am another Linux newbie trying to set up RH 7.1 as a firewall for 2 Windows 2000 machines. I had this working :) but I broke it somehow :( I have reinstalled.

I have spent about 30 hours so far trying set up the network (configuring hosts, routes, default gateways, dns, dhcp etc, etc, etc)

The server has 2 ethernet cards which seem to be installed ok. I am using gnome.

my server is binaryserv with ip
I have lo installed ok
I have eth0 with
I have eth1 with
abc1 is
binaryone is

I can ping abc1 but not binaryone

I have tested the physical network by booting to DOS and it is working

If I do dmesg | grep -i irq
it says PCI: Found IRQ 5 for device 00:07.2
IRQ routing conflict in pirq table for device 00:07.2

Would that stop me from pinging?

Also, I would like the Linux box to be a DNS server for the network. I have tried and tried to set it up but I can't get it working. (I think I have it working now, how do I test it)

I have followed the instructions to get this working:
- in 2 red hat linux books
- following howtos and minihowtos
- using man pages
- using linuxconf documentation
- from a linux web site
- following previous EE questions.

The problem is I don't understand what I am doing. As I have said I have put at least 30 hours into this and I am running out of ideas. If you need me to type commands and tell you the results, I can. If you need .conf files, specify which ones. I can find them and paste them up.

If you can help me get this working I will be really, really greatful.

Who is Participating?
alweberConnect With a Mentor Commented:
Of course you can add the lines in one of the boot scripts, e.g. /etc/rc.d/rc.local which should be executed as one of the last scripts on bootup. So the interfaces should be up and running by then.

However, which i don't see clearly is why you need to issue those commands. The networking subsystem is supposed to set a default set of routes itself, for example a route to should be set to Interface eth0. There should also be no need to put the interfaces into promiscouus mode. Please check again if you did enable routing. It's disabled by default!

You can start samba automatically via linixconf. In linuxconf there is a page called "services" (may be wrong, I haven't used the english interface yet ;) where you can enable and disable several services. Set samba to "automatic" to have it started on each bootup. Basically, this is an interface to the init scripts, so you could of course go and tweak them yourself, but I would recommend using linuxconf. You can use it to set the network parameters also, there's no need to manually edit the config scripts. For a start, try running /sbin/linuxconf as root.

As for the network masks: The network masks define the network part of an address, so your and are about the same thing as using two class C networks (e.g. and - and it will work the same if you enable routing and set the default routes on the clients.
The broadcast-based host lookup of Windows clients may work in this setup because you set the interfaces in promiscouus mode which means, that every interface will "see" any network traffic on that box. It is definetly not recommended in a productive environment. ;)
Your questions is a little unclear in some points. Let me try to ask the right questions to resolve that:

> as a firewall for 2 Windows 2000 machines"

Do you mean you want the Linux box to filter traffic between the 2 Win2000 boxes or just connect both to an external network?

> my server is binaryserv with ip
> I have lo installed ok
> I have eth0 with
> I have eth0 with

You listed eth0 twice; am I right to assume the latter is actually eth1? Also, your servers IP is not That one is always the address of the loopback device lo which is never accessible from the outside.

Which network card are your boxes connected to?

For starters, try to place eth0 to and eth1 to, both with a netmask of, that way there wont be any confusion which card the system should use for the reply packets ; then configure one of your windows boxes once to and once to (netmask of all the time here too) and each time try to ping both adresses of your Linux box. Any results already?
gregdaveyAuthor Commented:
Sorry it was pretty late a night when I put in the question

                | linserv |------> Modem ---> Internet
               eth0 |  | eth1
                    |  |
        =============  =============  
        | abc       |  | binaryone |
        =============  =============

domain name: binarydom
IP address:
Default gateway:
Subnet mask:

IP address:
Default gateway:
Subnet mask:

IP address: In hosts it is
Default gateway:
Gateway interface: eth0

IP address:
Subnet mask:
Default gateway:
DNS Server:

IP address:
Subnet mask:
Default gateway:
DNS Server:

This is what I CAN do
dig localhost (status: NOERROR)
netstat -i (eth0, eth1 and lo are up)
ping localhost
ping abc1

This is what I can't do
ping binaryone
ping linserv
ping linserv.binarydom
ping from binaryone
ping from binaryone

I don't know how to set up a route between eth1 and eth0

here are some config files and outputs of commands
eth0      Link encap:Ethernet  HWaddr 00:40:F4:15:4C:9F  
          inet addr:  Bcast:  Mask:
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:175 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:12 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:40:F4:15:3E:6E  
          inet addr:  Bcast:  Mask:
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100

lo        Link encap:Local Loopback  
          inet addr:  Mask:
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:638 errors:0 dropped:0 overruns:0 frame:0
          TX packets:638 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface *      UH    0      0        0 eth0     *        U     0      0        0 eth0     *        U     0      0        0 eth1       *            U     0      0        0 lo
default         *              U     0      0        0 lo

# Do not remove the following line, or various programs
# that require network functionality will fail.      abc1      binaryone      localhost

PING localhost ( from : 56(84) bytes of data.
64 bytes from localhost ( icmp_seq=0 ttl=255 time=48.072 msec
64 bytes from localhost ( icmp_seq=1 ttl=255 time=271 usec
64 bytes from localhost ( icmp_seq=2 ttl=255 time=291 usec
--- localhost ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.216/5.044/48.072/14.342 ms

PING abc1 ( from : 56(84) bytes of data.
64 bytes from abc1 ( icmp_seq=0 ttl=128 time=578 usec
64 bytes from abc1 ( icmp_seq=1 ttl=128 time=376 usec
64 bytes from abc1 ( icmp_seq=2 ttl=128 time=316 usec
64 bytes from abc1 ( icmp_seq=3 ttl=128 time=341 usec

--- abc1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.316/0.402/0.578/0.106 ms

PING binaryone ( from : 56(84) bytes of data.
From Destination Host Unreachable

--- binaryone ping statistics ---
38 packets transmitted, 0 packets received, +2 errors, 100% packet loss

I can see that linux is trying to ping binaryone from eth0 ( instead of eth1 (

I will try your solution to see if that works

Apart from that how can I
1. set an ip address for linserv?
2. test dns to see if it is working?
3. set up a domain (binarydom)? (Do I even need one?)


Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

gregdaveyAuthor Commented:
sorry again

correct info for eth0

IP address:
Default gateway:
Subnet mask:

gregdaveyAuthor Commented:
I don't really want to 2 windows machines to be on 2 different sub networks. How do I set up the routing from eth0 to eth1 (is that what I need to do?)

Should I have a gateway on this machine?
Do I need it to be a gateway?

I am very confused!

gregdaveyAuthor Commented:

I reconfigured as suggested
eth0 (
eth1 (
abc1 (
binaryone (

I also set the default gateway to (eth0)
Is this correct?

Ping works some of the time
linserv can ping abc1
linserv can ping binaryone
linserv can ping eth0
linserv can ping eth1
linserv can NOT ping

abc1 can ping eth0
abc1 can NOT ping eth1
abc1 can NOT ping
abc1 can NOT ping binaryone

binaryone can ping eth1
binaryone can NOT ping eth0
binaryone can NOT ping
binaryone can NOT ping abc1

binaryone CAN ping

I would like to be able to ping abc1 from binarone

First, is there any reason why you dont put both Windows machines on the same physical network if they are supposed to be on the same logical network anyway? It seems that you might just use a hub to connect both Win2000 and the Linux box, solving most of your problems. That way you'd also just have to have one NIC on linserv.

Anyway, with the current setup, try the following...

On linserv: Your default gateway should be your PPP (modem) peer adress, as all adresses you dont explicitly tell it about are likely part of the internet.

On each Windows box, the default gateway should be the adress of the interface on linserv it is hooked up to. If that was not the case until now, it would have caused the described problem.

As for your other questions:

> 1. set an ip address for linserv?

You just did. Note that talking of an IP adress *of your system* isnt quite right, as every interface has an IP. Your system only uses those interfaces, but does not define one of them as a "master IP". If you mean the one visible from the internet, that one is on the ppp0 interface and is most likely assigned to you from your ISP when you connect.

> 2. test dns to see if it is working?

You should first ping known IPs on the internet from all machines. If that works, domain name resolution will work too; you only have to enter the adress of your ISPs name server on every machine then.

> 3. set up a domain (binarydom)? (Do I even need one?)

You dont really need one but of course its sometimes more handy to enter the names of your servers instead of their IPs. For the setting up basic connectivity phase however you will be fine without your own name server.
gregdaveyAuthor Commented:
>First, is there any reason why you dont put both Windows >machines on the same physical network if they are supposed >to be on the same logical network anyway?

The previous expert advised this would be a good idea. I am putting these back to the same physical and logical network.

>It seems that you might just use a hub to connect
>both Win2000 and the Linux box, solving most of your
>problems. That way you'd also just have to have one NIC on >linserv.

Why? Can't linux handle 2 nics? Windows does beatifully! ;)
Seriously, I have 2 nics but no hub. A 100mbs hub is around $300 here. Way to much. I'll stick with this thanks.

I have the following configuration
eth0     inet addr:

eth1     inet addr:

lo     inet addr:

hosts               linserv localhost.localdomain localhost            abc1            binaryone

route               linserv localhost.localdomain localhost            abc1            binaryone

This routing table has problems. Eg. when I boot up I can't ping binaryone.
So I enter the following commands

ip route add -host abc1 eth0
ip route add -host binaryone eth1

which gives the following...
Kernel IP routing table
Destination     Gateway     Genmask         Flags Metric Ref    Use Iface
binaryone     * UH    0      0        0 eth1
abc1     * UH    0      0        0 eth0     *   U     0      0        0 eth0     *   U     0      0        0 eth1     *       U     0      0        0 lo

That's ok, I can ping abc1 and binaryone from linserv, but I still can't ping binaryone from abc1 or abc1 from binaryone.

If I set tcpdump -i eth1 and try to ping abc1 from binaryone this is what it says...

who has abc1 tell binaryone

and on binaryon it says...

request timed out

yes, it gets worse. When I reboot, my route is reset to the original with no route to binaryone or abc1. What gives?

I feel like I am getting much closer.

What do I need to do to ping abc1 from binaryone and binaryone from abc1?

What do I need to do to stop the routing table from being re-set every time I reboot? (I feel like I am working with windows 98 - that os used to dynamically reconfigure every time I rebooted too!)

Thanks for your help


Don't put two NICs into the same network. You were probably advised to put the clients into one net, not the NICs. However, it should work either way:
When you use different networks for the clients, assign them binaryserv as a router: For example, if eth0 is and eth1 is, then give abc1 with as the default gateway. binaryone gets and as the gateway.
And don't forget to activate IP forwarding on the server, it's disabled by default!

The other way is to put the clients into one net. An example: eth0 is and eth1 is Give abc1 and binaryone Then you will not have to enable routing to reach these three boxes, it should work instantly. But do not try to give two NICs addresses within the same network.

It's not that Linux could not handle two NICs, they just should have different networks unless you are planning to employ some kind of port trunking or bonding, which requires additional software.
gregdaveyAuthor Commented:
What about if I divide the network into two segments using a netmask of

Could I put eth0 and abc1 into
and eth1 and binaryone into

eth0 = (Netmask
abc1 = (Netmask gw
eth1 = (Netmask
binaryone = (Netmask gw

Would this work?
Would I have to bridge between the 2 segments of the network?

I am very confused. The first 'expert' told me to put the nics and clients into 2 different networks, then I was told to use one network, then 2 again? Does anyone know what is going on, coz I don't!



Yes, you can safely use the two subnets. It will work just like using two completely different networks.

As for the tip to put both cards into one network: There are a few scenarios where it would make sense. In this case, routing seems to be better, as you will not be able to use the machine as a server if you enable bridging because the interfaces would become virtually invisibe. (Of course, you may decide to assign them multiple addresses, but I don't think it's worth it)

Your suggested setup will work, and you will not have to bridge. The server would be acting as a router (don't forget to enable routing!). You will be able to access any connected computer on the two subnets; however, broadcasts won't make it to be routed between the subnets, so abc1 and binaryone will not see each other in the netwirk neighborhood unless you use some sort of WINS server.
gregdaveyAuthor Commented:

Thanks for all of your advice, not that I understand all of it!

This is the setup I have:

eth0 = (Netmask
eth1 = (Netmask

abc1 = (Netmask gw
binaryone = (Netmask gw

abc1 is connected to eth0 and
binaryone is connected to eth1

I had to manually configure the network scripts





I also configured SAMBA using swat.

Currently everything is working. I can see and access all computers in the network in network neighbourhood even though I did not set up any wins (Some other program may have set it up without my knowing)

I disagree with you about this setup being like 2 different networks. When I had the same setup with and it did not work. My understanding is that computers in the same network can talk to each other if they have the same netmask but you have to route or bridge between two computers on different networks. I don't really understand this so feel free to correct me if I am wrong :)

Here is a list of problems to be solved.
All of my networking is working perfectly however I lose my settings when I boot. Every time I boot this is what I have to type

ip route add dev eth0
ip route add dev eth1
ifconfig eth0 promisc
ifconfig eth1 promisc
samba start

Is there any way to set these so that I can have them start automatically without having to type them each time.

If you can answer this before I find the answer myself, and by the way, the suggestion should work to get the points! ;) (I have tried lots of suggestions that have not worked on this one!)

Thanks for the help so far - I am almost there!


gregdaveyAuthor Commented:

Thanks again for the help.

I will try out what you suggested ASAP and get back to you.

A couple of points. Firstly, this is not a production environment, so the promisc mode thing is not a problem. Secondly, I am not sure how to enable routing, but since the whole system is working, I am not too concerned.

I did not want to set any routes on the clients, coz I don't know how. I was hoping to set all of this up on the server, and it seems to be working ok.

The last thing is that I can't get linuxconf to open in gui mode. All I get is that text view and I can't use it.

Thanks again for your help. I will get back to you as soon as I get a chance to try this out.

gregdaveyAuthor Commented:
I am very sorry for taking so long to get back to you on this question. I promised I would respond as soon as I had a chance to look at the RH box again. Unfortunatly I still have not had time to look at it as I am bogged down 7 days a week on a big asp project.

I will award full points to alweber for putting in the effort to try to help.

Please note that this is not any sort of guarantee that the solution works. I am awarding points for effort as I don't have time to test the solution.

Thanks for the input alweber. I hope your solution works when I finally have a chance to implement it!

gregdaveyAuthor Commented:
Sorry I can't give you an A 'coz I don't have time to test the solution. I feel bad about that, but there is nothing I can do at the moment. I an stuck doing an asp contract for the next 6 weeks which requires all my time.

Thanks for the help anyway

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.