Solved

Linux routing question

Posted on 2013-01-07
30
293 Views
Last Modified: 2013-01-11
I am configuring Linux to route for me....it is Damn Small Linux, which is based on Knoppix, a Debian version of Linux...

Two interfaces on the linux
eth0  10.0.0.100
eth1  192.168.20.1
I turned on routing with  echo "1" >> /proct/sys/net/ipv4/ip_forward.

I have two PCs running windows. ..
PC A is on the 10.0.0.0 network - Default Gateway set to 10.0.0.100
PC B is on the 192.168.20.0 network. Default Gateway set to 192.168.20.1

I want PC A and B to be able to ping each other. I have already accomplished that. I can do that with this setup. However. I also want PC A to be able to reach the Internet.
To reach the Internet, it must send to 10.0.0.1, as that is the route to the Internet.

Question: What commands can I setup on my linux router so that it will send packets for the 192.168.20.x network as it is now, to that network, but if it is Internet traffic, it will send it out to the 10.0.0.1 device.
0
Comment
Question by:mswarbrick
  • 15
  • 14
30 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38753413
You need to make the default route on the Linux box 10.0.0.1.

What OS is PC A running?

I personally would change the default route on PC A to 10.0.0.1 and then setup a specific route for 192.168.20.0/24 pointing to 10.0.0.100.
0
 
LVL 7

Expert Comment

by:wdfdo1986
ID: 38753542
You need to configure NAT (Network Address Translation)
You have done one step already. Do the other steps as well.
refer to this link
http://www.cyberciti.biz/faq/howto-configure-network-address-translation-or-nat/
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38754835
He should not need to configure NAT on Linux router.  All he needs to do is send the traffic to the correct router.
0
 

Author Comment

by:mswarbrick
ID: 38755673
I appreciate the responses, however no one has told me how to do this. Just telling me what to make the default route does not help me because I don't know how to do that. I need someone to tell me specifically what commands to enter at the command line to make all this happen.

I believe that giltjr is correct when he says that I do NOT need to configure NAT. I have static IPs set on these other two PCs. The two PCs are running Windows and I have their default gateways set to point to the linux router.

I appreciate the help and I really hope someone can give me the information to do this. Thanks in advance.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38755947
Can you post the output from the command:

route

From your linux box?
0
 

Author Comment

by:mswarbrick
ID: 38756804
destination      Gateway       Genmask      flags        Metric    Ref   Use   Iface

192.168.20.0       *           255.255.255.0   U              0           0       0    eth1
10.0.0.0               *            255.255.255.0  U              0           0       0    eth0
0
 

Author Comment

by:mswarbrick
ID: 38757250
There is the route. Still hoping someone can help me. I appreciate the effort. Thanks.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38757335
On the linux box issue the command:

     route add default gw 10.0.0.1 eth0

and see if that works.  If that does, I'll have to research to see how to make the permanent across re-boots of DSL.
0
 

Author Comment

by:mswarbrick
ID: 38757466
Sir, you are a genius!  Thanks! That works!  Yes, if you can please tell me how to make that permanent even after reboot. While your at it, in case you know, I need to make some other commands permanent too - so if there is a script that I can put the commands in to make them run on startup, that would be helpful to know what and where that file is. Also, I don't want this to load xwindows on start. If you know how to turn that off that would be helpful. Thank you so very much for your help!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38757610
Try editing the file  /etc/network/interfaces and add the line

     gateway 10.0.0.1

to the section that configures eth0.  Should end up looking something like

    iface eth0 inet static
            address 10.0.0.100
            netmask 255.255.255.0
            gateway 10.0.0.1
0
 

Author Comment

by:mswarbrick
ID: 38757628
Ok, I will try that....But I also need this to run on startup as well...

echo "1" >> /proc/sys/net/ipv4/ip_forward

in order to turn on routing...or is that command permanent?

I also need to run the ifconfig commands at startup to assign the static ips...or is that also permanent?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38757636
Unless you have something that changes ip_forward back to 0 or deletes the file, it should be permanent.

If you look at  /etc/network/interfaces it should have the config for all of the interfaces.

If it does not then you can add the config for eth1 to the file.
0
 

Author Comment

by:mswarbrick
ID: 38757687
These are the commands I am entering to get everything working...

ifconfig eth0 10.0.0.100 netmask 255.255.255.0 up
ifconfig eth1 192.168.20.1 netmask 255.255.255.0 up
echo "1" >> /proc/sys/net/ipv4/ip_forward
route add default gw 10.0.0.1 eth0

After a reboot I have to manually enter all that in again to get it working.
Is there a startup script I can put these in so they will run everytime it boots?

I looked at the /etc/network/interfaces as you suggested. However it has no config there except for lo. I could put something in there but I don't know what syntax to use. Also I still need to run the other commands. So I am thinking I just need to know the startup script that would be an equivalent of autoexec.bat in old windows.
0
 

Author Comment

by:mswarbrick
ID: 38757773
I've been working on this all afternoon and evening. I have read that /opt/bootlocal.sh is the last startup script to run after boot. I put all the commands in there but it didn't work. I then ran that script manually after putting in the commands. That works. It acts like that script is not running on startup....but I think more likely its this: I am running the script from a su root promt...perhaps on startup it does not have the privledges needed?  I put sudo in front of everyline in the script but that didn't work.

If you can find an answer for this it would truly be awesome.

Thanks again.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38758343
I'll have to do some reading.  Although "Linux" is "Linux" each distribution does it own thing in a lot of ways.

You should not need to do sudu at boot time.  Typically anything that runs at boot is done as root.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 57

Expert Comment

by:giltjr
ID: 38758552
What commands did you put in to bootlocal.sh?  

Can you post what your bootlocal.sh looked like before you started changing it?
0
 

Author Comment

by:mswarbrick
ID: 38759891
Original bootlocal.sh

#!/bin/bash
# put other system startup command here
/sbin/syslogd

Modified bootlocal.sh

#!/bin/bash
# put other system startup command here
sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0 up
sudo ifconfig eth1 192.168.20.1 netmask 255.255.255.0 up
sudo echo "1" >> /proc/sys/net/ipv4/ip_forward
sudo route add default gw 10.0.0.1 eth0
/sbin/syslogd

I tried it with and with out sudo. If I run the bootlocal.sh manually all the commands execute and it works, bit if I just reboot things do not work - however, the echo "1" command is apparently working as when I look at the ip_forward file the 1 is there. Perhaps the ifconfig commands are being overwritten by another process further in the boot cycle?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38759945
As I stated before, once you do echo "1" >> /proc/sys/net/ipv4/ip_forward it should stay set forever.  No need to redo it.

Does syslogd start?

You should not need the sudo, all of these command should be issues as root.

Can you try:

#!/bin/bash
# put other system startup command here
ifconfig eth0 10.0.0.100 netmask 255.255.255.0 up
echo "dideth0" > /mylog.txt
ifconfig eth1 192.168.20.1 netmask 255.255.255.0 up
echo "dideth1" >> /mylog.txt
route add default gw 10.0.0.1 eth0
echo "diddefgw" >> /mylog.txt
/sbin/syslogd

and see if the file /mylog.txt exists and has the string echoed in them.  If the file does exist and has the string in them, then something else is resetting the network config.
0
 

Author Comment

by:mswarbrick
ID: 38760090
Ok, did that...Here are the results: Contents of mylog.txt...

dideth0
dideth1
diddefgw

By the way, if I do not have the echo "1" in the bootlocal.sh then ip_forward is back at 0 after a reboot. I just double-checked to make certain that is the case.

I do not know how to determine if syslogd has started.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38760112
O.K., bootlocal.sh is getting executed or the file would not exist.  So something that is getting executed after bootlocal.sh is resetting everything.

I have not used DSL, so I will need to do some research to see what could be doing this.

What iso did you use to install DLS?
0
 

Author Comment

by:mswarbrick
ID: 38760158
I used dsl-4.4.10-syslinux.iso
0
 

Author Comment

by:mswarbrick
ID: 38760318
0
 

Author Comment

by:mswarbrick
ID: 38761241
Any progress?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38761509
Trying to get DSL up and running from a thumb drive and not having any luck.  Going to try another computer tomorrow.

Did you add the configuration for the network to the file /etc/network/interfaces?

If not, try that.
0
 

Author Comment

by:mswarbrick
ID: 38761530
Yes, I tried that. No luck. I am beginning to think DSL linux is a real pain. I can use any Linux that is small - like 300 MB or less. I don't need xwindows.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38762615
300MB or less what?  Disk space or RAM?

Although they go beyond just being a router you may want to look at Smoothwall or Untangle.  They are firewalls as well as routers.

Then there is Zeroshell (http://www.zeroshell.org).  It currently needs at least a Pentium process running 233 Mhz (yes M ) and 92MB of RAM.

I personally have not used any of these.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 38762800
O.K, got a copy of embedded DSL running under QEMU.

This is a bit of a mess in my personal opinion.

Start X-Windows. At the bottom near the left hand corner you should see "Panel".  Click that, and then click netcardconfig.  Set your configuration for what you need.  That should do it.

What I found is that in /opt you should see 'eth0.sh' and 'eth1.sh' files.  These contain the commands to configure the network interfaces.  I have not checked to see if any doc has been updated to reflect these "new" files.

So in bootlocal.sh you can have the echo to enable routing, the command to start syslogd that was there to start with and that should  be it.

The eth0 and eth1 ".sh" files in /opt should do the rest.
0
 

Author Comment

by:mswarbrick
ID: 38765395
Yes! Everything works now. I want to give you a sincere thank you for your effort on this. You definitely went above and beyond the call of duty!  I want to make sure you get awarded all the points I can give you. Please let me know how to do that to your maximum benefit.

An interested note: It calls the /opt/eth0.sh scrips from the bootlocal.sh  It works if called like that. Go figure.

Thank you again for all of your expert help. It is very much appreciated.

...Mark
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38766839
Just award the points as you see fit and give the grade you see fit.    You can't award any more points that you made the question (500) and the best grade is an A.
0
 

Author Closing Comment

by:mswarbrick
ID: 38769206
An awesome job!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now