This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 00:25:17 +0100 (MET)
I have a BNC network at home, and my neighbour wants to connect to it with
a wireless gateway and share my Internet connection. So I figured I could
insert a second NIC in my Redhat 8 server, and connect that to the
wireless network. Would that work? If so, how do I do it?
I'm not a very experienced linux user, so solutions not involving
recompiling the kernel is much preferred...
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: Re: Connecting two networks through a RedHat box
Date: 24 Feb 2003 17:48:22 -0600
On Mon, 2003-02-24 at 17:25, Rune Berge wrote:
>
> I have a BNC network at home, and my neighbour wants to connect to it with
> a wireless gateway and share my Internet connection. So I figured I could
> insert a second NIC in my Redhat 8 server, and connect that to the
> wireless network. Would that work? If so, how do I do it?
>
> I'm not a very experienced linux user, so solutions not involving
> recompiling the kernel is much preferred...
Yes, it's possible. And no, kernel recompilation is not required.
My best advice for the simple route to success: download Shorewall at
http://www.shorewall.net and use your RH8 box as a gateway. Really, it
sounds like you have three network connections and not two:
1. Your Internet connection
2. Your home network
3. Your neighbor's wireless gateway
If you want to go the extra mile, you can also use DHCP to assign his
machines addresses on a different subnet (e.g. assign yourself
192.168.0.x and him 192.168.1.x) and set up routing such that he can
access the Internet but is firewalled from your network. This is easy
with Shorewall and dhcp.
Note that there are plenty of other tools that do this. Shorewall just
happens to be the only one I know and use, and which has worked
flawlessly and easily for me. YMMV.
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: Re: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 01:05:33 +0100 (MET)
On 24 Feb 2003, Rodolfo J. Paiz wrote:
> On Mon, 2003-02-24 at 17:25, Rune Berge wrote:
> >
> My best advice for the simple route to success: download Shorewall at
> http://www.shorewall.net and use your RH8 box as a gateway. Really, it
> sounds like you have three network connections and not two:
>
> 1. Your Internet connection
> 2. Your home network
> 3. Your neighbor's wireless gateway
Thanks for the tip. I'll look into Shorewall.
I didn't say that I only have two network connections, I just said that I
want to connect two of them through my Redhat server. My home network and
my internet connection is connected through another machine running
Smoothwall.
Network layout:
ADSL -- Smoothwall box --(LAN)-- Redhat server -- Wireless GW
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: Re: Connecting two networks through a RedHat box
Date: 24 Feb 2003 22:36:00 -0600
On Mon, 2003-02-24 at 18:05, Rune Berge wrote:
> I didn't say that I only have two network connections, I just said that I
> want to connect two of them through my Redhat server. My home network and
> my internet connection is connected through another machine running
> Smoothwall.
>
> Network layout:
> ADSL -- Smoothwall box --(LAN)-- Redhat server -- Wireless GW
It'll still work. <smile>
By the way, it seems obvious to think of connecting the Wireless GW to
the Smoothwall box as a third interface, so I suppose that's already
been thought of and discarded as a valid option?
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: Re: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 15:28:08 +0100 (MET)
On 24 Feb 2003, Rodolfo J. Paiz wrote:
> On Mon, 2003-02-24 at 18:05, Rune Berge wrote:
> > I didn't say that I only have two network connections, I just said that I
> > want to connect two of them through my Redhat server. My home network and
> > my internet connection is connected through another machine running
> > Smoothwall.
> >
> > Network layout:
> > ADSL -- Smoothwall box --(LAN)-- Redhat server -- Wireless GW
>
> It'll still work. <smile>
Good. A couple of questions. What IP address should I use on the RH
server's second NIC? The same as on eth0 (192.168.0.10), or something else
(like 192.168.1.10)?
> By the way, it seems obvious to think of connecting the Wireless GW to
> the Smoothwall box as a third interface, so I suppose that's already
> been thought of and discarded as a valid option?
That's correct. AFAIK Smoothwall doesn't support multiple "green"
interfaces, and I _really_ don't want to mess with the Smoothwall config
files manually. I realise that it would probably work if I simply put the
GW on the Smoothwall's DMZ (which I don't use now), but I would like a
more flexible solution.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 13:38:30 -0500
ADSL Smoothwall RedHat Box Wireless Node
123.123.123.123 ----------
123.123.123.122_____192.168.0.1------192.168.0.100_____192.168.1.1-------192
.168.1.2
GW 123.123.123.123 GW 192.168.0.1 GW 192.168.1.1
Make sure the RedHat box has IP forwarding enabled. You also need to make
sure that the Smoothwall box is aware of the 192.168.1 subnet and that it is
routed through the redhat box. If that presents a problem you can always
use iptables to masquerade the 192.168.1 network. In that case the
Smoothwall will see all requests from all machines on the 192.168.1 network
as coming from the 192.168.0.100 address directly. (as if it is making the
requests) That presents a problem for logging in which the Smoothwall will
not be able to differentiate which user on the wireless system is making the
request. (depending on how the wireless device works that may not possible
anyway)
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 19:57:56 +0100 (MET)
On Tue, 25 Feb 2003, Larry Brown wrote:
> ADSL Smoothwall RedHat Box Wireless Node
> 123.123.123.123 ----------
> 123.123.123.122_____192.168.0.1------192.168.0.100_____192.168.1.1-------192
> .168.1.2
> GW 123.123.123.123 GW 192.168.0.1 GW 192.168.1.1
>
> Make sure the RedHat box has IP forwarding enabled. You also need to make
> sure that the Smoothwall box is aware of the 192.168.1 subnet and that it is
> routed through the redhat box. If that presents a problem you can always
> use iptables to masquerade the 192.168.1 network.
Could someone give some more specific information about how to do this?
How do I enable IP forwarding on the RedHat box? And how do I make the
Smoothwall box aware of the 192.168.1 subnet?
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Tue, 25 Feb 2003 14:47:16 -0500
echo "1" >/proc/sys/net/ipv4/ip_forward
turns on forwarding. As for the Smoothwall, I've never used it before.
>From just looking at their site they appear to have built it on RH. If so
and you have access to the console, redhat's route on the Smoothwall box
would be...
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.100
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: Re: Connecting two networks through a RedHat box
Date: 25 Feb 2003 21:39:46 -0600
On Tue, 2003-02-25 at 08:28, Rune Berge wrote:
> > > Network layout:
> > > ADSL -- Smoothwall box --(LAN)-- Redhat server -- Wireless GW
> >
> > It'll still work. <smile>
>
> Good. A couple of questions. What IP address should I use on the RH
> server's second NIC? The same as on eth0 (192.168.0.10), or something else
> (like 192.168.1.10)?
IP addresses don't belong to computers, they belong to network
interfaces. So no, you will never use the same exact IP address twice.
I note that you are not quite using the same IP address, but rather the
same final octet (x.x.x.10) on different subnets. If that is what you
meant, then you are free to do that or to do it entirely differently.
Overall, this is what I would do IF I FOUND IT ACCEPTABLE FOR MY
NEIGHBOR TO BE PART OF MY NETWORK AND ACCESS MY MACHINES:
1. Setup your eth1 (to your neighbor's house) as 192.168.1.1. From
habit, I use the "1" on small networks always as the gateway to the
outside, and as far as your neighbor is concerned that is his gateway.
2. Setup dhcp to answer only on eth1 (in /etc/sysconfig/dhcp change the
line to DHCPARGS="eth1" ensuring that dhcp will only serve addresses on
that interface.
3. Of course, configure dhcp.conf properly (easy).
4. Tell Shorewall (using the /etc/shorewall/masq file) that the whole
subnet on eth1 will be masqueraded and go out to the world through eth0.
This will allow him access to your network and the world.
5. Make sure the "rfc1918" keyword IS NOT SET on either interface,
since that would automatically block all private addresses (which you
are using). Alternately, modify /etc/shorewall/rfc1918 to tell Shorewall
which private addresses you use so it accepts them.
6. Don't forget to restart dhcp and shorewall so they reload and
activate their new configurations.
Unless I've forgotten something, this should be it and you should be up
and about in around five minutes.
Every file in /etc/shorewall is self-documenting and very easy to use.
However, PLEASE DO READ the Quickstart documentation on the
www.shorewall.net site so you understand how Shorewall thinks. Ten
minutes of reading and you'll have no trouble at all.
> That's correct. AFAIK Smoothwall doesn't support multiple "green"
> interfaces, and I _really_ don't want to mess with the Smoothwall config
> files manually. I realise that it would probably work if I simply put the
> GW on the Smoothwall's DMZ (which I don't use now), but I would like a
> more flexible solution.
My "more flexible solution" is an RH8 box that I've savagely cut down to
the bare minimum of anything at all, running three NICs and Shorewall
along with the following services:
o dhcp (on internal net only)
o named (on internal net only)
o squid (on internal net only)
o ntpd (on all interfaces)
o openssh (on all interfaces, using keys not passwords)
o seti@home <grin>
This box provides all basic network services and, if hacked, will only
require me to reinstall via kickstart and restore six or seven config
files... take all of 10 minutes. Runs on a P166, 64MB, 1GB, with about 8
months of uptime now. :-)
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 18:44:44 +0100 (MET)
On Tue, 25 Feb 2003, Larry Brown wrote:
> echo "1" >/proc/sys/net/ipv4/ip_forward
>
> turns on forwarding. As for the Smoothwall, I've never used it before.
> >From just looking at their site they appear to have built it on RH. If so
> and you have access to the console, redhat's route on the Smoothwall box
> would be...
>
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.100
Thanks for the help. I removed shorewall, and did as you said, and now the
two networks are connected. However, the 192.168.1 network is still unable
to access internet. Even the redhat box, which was able to before, gets a
"connect: Network is unreachable" error when trying to ping an address on
the internet (I've tried pinging IP-addresses, so it's not a DNS problem).
Does anybody know what the problem is? Below are the routing tables for
the two machines.
*Output from route on the redhat box (192.168.0.10/192.168.1.10):
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
*Output from route on the smoothwall box (192.168.0.1):
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
ti500720a080-l1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 krokodille.com 255.255.255.0 UG 0 0 0 eth0
1.1.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth0
default ti500720a080-l1 0.0.0.0 UG 0 0 0 ppp0
(krokodille.com is the redhat box)
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 16:00:54 -0500
Change the netmask on the redhat box for 192.168.0 to 255.255.255.0. Right
now the box will see everything as 192.168 to be coming from the 192.168.0
side. By using 255.255.255.0 for both sides it will know that 192.168.0
goes towards the net and 192.168.1 goes toward the wireless.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 16:05:48 -0500
Now on the smoothwall box do a:
route -n
and send the results. It should show IP numbers instead of dns names. I
believe the 192.168.1.0/255.255.255.0 entry is pointing in the wrong
direction but the results from route -n should help verify it.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 16:33:01 -0500
I just noticed that last line. Sorry about that. The problem I can see
though is that if you are going to use a name for the redhat box on the
internal network you should probably use a name that is not used on the
Internet since krokodille.com resolves to an actual web site. If you ping
krokodille.com you get a 194.63.248.12 address. It might not be a problem
as long as you don't want to hit that site, but to keep things balanced
well, I would use a name that is not used. Or even use an extension like
krokodille.int for your "int"ernal site. I don't think there is such a
domain extension in existence and I don't know of any extensions set aside
for this purpose either.
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 22:54:48 +0100 (MET)
On Thu, 27 Feb 2003, Larry Brown wrote:
> I just noticed that last line. Sorry about that. The problem I can see
> though is that if you are going to use a name for the redhat box on the
> internal network you should probably use a name that is not used on the
> Internet since krokodille.com resolves to an actual web site. If you ping
> krokodille.com you get a 194.63.248.12 address.
No, I don't because krokodille.com is mapped to 192.168.0.10 in /etc/hosts
on the smoothwall box. It's the only way I've managed to be able to use
the same address both internal and external.
Anyway. I changed the netmask as you said, but I still can't connect to
the internet from the redhat box. I notieced that there isn't an entry for
external addresses in the Redhat Box's routing table. Shouldn't there be
something like that? Could it be that the smoothwall box is no longer the
default gateway for the redhat machine? If so, how do I restore it?
To clarify my situation: The machines on both networks are able to ping
each other without problem. The machines on 192.168.0 (except the redhat
box) are able to connect to the internet, but the machines on 192.168.1
are not.
Info that might be helpful:
Redhat box:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 52:54:05:DF:0B:9F
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20678 errors:0 dropped:0 overruns:0 frame:0
TX packets:25394 errors:66 dropped:0 overruns:0 carrier:65
collisions:1109 txqueuelen:100
RX bytes:2517686 (2.4 Mb) TX bytes:4360660 (4.1 Mb)
Interrupt:10 Base address:0x6400
# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:10:A7:06:52:8B
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21028 errors:0 dropped:0 overruns:0 frame:0
TX packets:15303 errors:0 dropped:0 overruns:0 carrier:0
collisions:27 txqueuelen:100
RX bytes:17008249 (16.2 Mb) TX bytes:16538978 (15.7 Mb)
Interrupt:11 Base address:0x8000
Smoothwall:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
80.213.72.0 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 192.168.0.10 255.255.255.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 80.213.72.0 0.0.0.0 UG 0 0 0 ppp0
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:80:AD:91:39:FC
inet addr:192.168.0.1 Bcast:192.168.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20266 errors:0 dropped:0 overruns:0 frame:0
TX packets:20657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x6000
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 22:56:32 +0100 (MET)
On Thu, 27 Feb 2003, Larry Brown wrote:
> Change the netmask on the redhat box for 192.168.0 to 255.255.255.0. Right
> now the box will see everything as 192.168 to be coming from the 192.168.0
> side. By using 255.255.255.0 for both sides it will know that 192.168.0
> goes towards the net and 192.168.1 goes toward the wireless.
So, the network mask on ALL machines on both networks should be
255.255.255.0? Is that correct?
Rune
===
To: redhat-list@listman.redhat.com
From: "Rubel, William S. (IA)" <William.Rubel@ia.ngb.army.mil>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 16:04:00 -0600
Check and see if your NIC is registered with your ISP. I recently setup a
RH 8.1 box behind a Smoothwall box and I had the same problem. Basically
nailed it down to my ISP who wouldn't recognize my NIC.
You can check if this is the problem by pinging out of the network because
some ISP's allow ACK's out.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 17:27:40 -0500
Yes. To both being 255.255.255.0. Your routing tables looks correct. All
of the machines that act as routers set their default routes to the router
on the other side of a directly connected subnet. The machines in the
192.168.1 network should all show their default gateways as 192.168.1.10 (in
your setup). They send a request to anything other than 192.168.1 to the
redhat box at 192.168.1.10. Lets say the ip address you are sending to is
24.65.32.12. The request would be sent to the gw 192.168.1.10 since it is
not on the local net. The redhat box has the smoothwall as its default
gateway so if the request from the 192.168.1 machine going to 24.65.32.12
would be passed to the gateway for the redhat box (192.168.0.1). That box
has the ISP DSL/Cable modem/modem or whatever as its gw. So it would send
the packets for 24.65.32.12 on to it. The chain keeps working that way
until it gets to a router on the ISP that has specific routes to the network
24.65.32.12 are on. On the return path the ISP is sending the packets to
the smoothwall box which is masquerading. It knows to route the response
back to the machine on the 192.168.1 network because of the static route you
added that sends packets destined for that subnet to the RH box
192.168.0.10. The RH box is directly connected to the 192.168.1 subnet to
it can send the packets directly back to the requesting machine. I hope
this helps you in the future if I described it well enough.
That is why the redhat routing table shouldn't have any other internet
addresses on it.
Now for fixing the problem.
You say the redhat box can't surf nor ping an address on the net? Sounds
like the smoothwall is not passing traffic through. Check the configuration
to make sure it is configured properly to allow traffic out. Also make sure
you can ping Internet addresses via name and ip from the smoothwall box
itself.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Thu, 27 Feb 2003 17:33:34 -0500
Oh, I see the redhat box does not have a default gw. You need to edit
/etc/sysconfig/network on the redhat box and make sure you have:
GATEWAY=192.168.0.1
And then do a:
service network restart
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 19:44:07 +0100 (MET)
On Thu, 27 Feb 2003, Larry Brown wrote:
> Oh, I see the redhat box does not have a default gw. You need to edit
> /etc/sysconfig/network on the redhat box and make sure you have:
>
> GATEWAY=192.168.0.1
>
> And then do a:
>
> service network restart
/etc/sysconfig/network did contain "GATEWAY=192.168.0.1", but when I ran a
service network restart it worked again, so I guess the gateway setting
had been altered for some reason.
Output from service network restart on the redhat box:
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
For some reason it disabled ip forwarding. I enabled it again but it would
be nice to make the setting permanent. Also, it doesn't seem like it
restarted eth1. Does that mean that eth1 won't be brought up automatically
if I reboot the redhat box?
Anyway. It finally works prefectly, so thanks a lot for the help! I've
learned quite a bit about linux and routing from this. :D
Rune
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: RE: Connecting two networks through a RedHat box
Date: 28 Feb 2003 13:11:38 -0600
On Fri, 2003-02-28 at 12:44, Rune Berge wrote:
> For some reason it disabled ip forwarding. I enabled it again but it would
> be nice to make the setting permanent.
I think you change this is /etc/sysconfig/sysctl.conf but I'm not sure.
> Also, it doesn't seem like it restarted eth1. Does that mean that
> eth1 won't be brought up automatically if I reboot the redhat box?
Make sure /etc/sysconfig/network-scripts/ifcfg-eth1 has "ONBOOT=yes"
somewhere in it. Then restart the network to be sure; it should come up
immediately and automatically.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 14:35:20 -0500
I'm glad it helped. Put the ip_forward entry into your rc.local and it will
turn forwarding on when you reboot. Also, I was doing a little research on
the route entries like the static route we added to your firewall...
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.10
It turns out that that is not persistent. When you reboot that box it will
remove the entry. There are two ways of making it persistent. The first is
to add the entire line to its rc.local. The second is to create an
/etc/sysconfig/static-routes which is the better choice. However, in the
static routes the format is different. It is run by the script if-up which
is parsed when bringing up a network card. I'm checking on the exact syntax
now...
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 14:47:08 -0500
OK, the line in /etc/sysconfig/static-routes is...
eth0 net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.10
so whenever eth0 is brought up either from a reboot or from "service network
restart" the route will be added. Again this is on the smoothwall box.
Larry S. Brown
Dimension Networks, Inc.
(727) 723-8388
-----Original Message-----
From: redhat-list-admin@redhat.com [mailto:redhat-list-admin@redhat.com]On
Behalf Of Larry Brown
Sent: Friday, February 28, 2003 2:35 PM
To: redhat-list@redhat.com
Subject: RE: Connecting two networks through a RedHat box
I'm glad it helped. Put the ip_forward entry into your rc.local and it will
turn forwarding on when you reboot. Also, I was doing a little research on
the route entries like the static route we added to your firewall...
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.10
It turns out that that is not persistent. When you reboot that box it will
remove the entry. There are two ways of making it persistent. The first is
to add the entire line to its rc.local. The second is to create an
/etc/sysconfig/static-routes which is the better choice. However, in the
static routes the format is different. It is run by the script if-up which
is parsed when bringing up a network card. I'm checking on the exact syntax
now...
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 22:03:55 +0100 (MET)
On 28 Feb 2003, Rodolfo J. Paiz wrote:
> On Fri, 2003-02-28 at 12:44, Rune Berge wrote:
> > For some reason it disabled ip forwarding. I enabled it again but it would
> > be nice to make the setting permanent.
>
> I think you change this is /etc/sysconfig/sysctl.conf but I'm not sure.
The file was in /etc, but otherwise you were right. Thanks.
> > Also, it doesn't seem like it restarted eth1. Does that mean that
> > eth1 won't be brought up automatically if I reboot the redhat box?
>
> Make sure /etc/sysconfig/network-scripts/ifcfg-eth1 has "ONBOOT=yes"
> somewhere in it. Then restart the network to be sure; it should come up
> immediately and automatically.
The file ifcfg-eth1 doesn't exist. Only ifcfg-eth0. Would it be sufficient
to copy ifcfg-eth0 and alter it, or do I is there more to it?
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 22:16:46 +0100 (MET)
On Fri, 28 Feb 2003, Larry Brown wrote:
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.10
>
> It turns out that that is not persistent. When you reboot that box it will
> remove the entry. There are two ways of making it persistent. The first is
> to add the entire line to its rc.local. The second is to create an
> /etc/sysconfig/static-routes which is the better choice.
Neither of the two files you mention exist on my smoothwall system, so I
added the line at the end of /etc/rc.d/sysinit instead. That would do the
trick, wouldn't it?
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: RE: Connecting two networks through a RedHat box
Date: 28 Feb 2003 15:35:00 -0600
On Fri, 2003-02-28 at 15:03, Rune Berge wrote:
> The file ifcfg-eth1 doesn't exist. Only ifcfg-eth0. Would it be sufficient
> to copy ifcfg-eth0 and alter it, or do I is there more to it?
It is sufficient to copy and alter it. Bottom line, you should have
something like the following (customize to use your numbers, of course):
DEVICE=eth1
NAME=internal
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
USERCTL=no
Other entries are possible but in this case unnecessary. If you want the
gory details of what's possible, there's a file somewhere in
/usr/share/doc/initscripts...something that describes this. But the
above will do exactly what you need.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 16:36:09 -0500
The only difference between placing it in /etc/sysconfig/static-routes
(which does not exist until you create one) and placing it in sysinit is
that if you give the service network restart command it will not get run and
the route will drop. Sysinit only gets parsed on startup. Also, make sure
you test the /etc/sysconfig/static-routes method if you are going to use it.
According to the RH documentation that is how it should be done but I don't
know if Smoothwall makes any modification to this nor do I know how many
versions back in RH it works that way. I tested RH8 and it works perfectly
as described. Another way to verify that it looks for this is running:
fgrep static-routes /etc/sysconfig/network-scripts/ifup*
Look through the results and you should see an entry:
if [ -f /etc/sysconfig/static-routes ]; then
That is where it checks for your file. In RH8 this is in ifup-aliases but
earlier versions of RH might have it in a different script but in that
folder under ifup.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 16:43:46 -0500
Don't put the GATEWAY= line in there though. This can mess you up if you
change the gateway in the future since it is now stored in the
/etc/sysconfig/network file.
Larry S. Brown
Dimension Networks, Inc.
(727) 723-8388
-----Original Message-----
From: redhat-list-admin@redhat.com [mailto:redhat-list-admin@redhat.com]On
Behalf Of Rodolfo J. Paiz
Sent: Friday, February 28, 2003 4:35 PM
To: Red Hat List
Subject: RE: Connecting two networks through a RedHat box
On Fri, 2003-02-28 at 15:03, Rune Berge wrote:
> The file ifcfg-eth1 doesn't exist. Only ifcfg-eth0. Would it be sufficient
> to copy ifcfg-eth0 and alter it, or do I is there more to it?
It is sufficient to copy and alter it. Bottom line, you should have
something like the following (customize to use your numbers, of course):
DEVICE=eth1
NAME=internal
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
USERCTL=no
Other entries are possible but in this case unnecessary. If you want the
gory details of what's possible, there's a file somewhere in
/usr/share/doc/initscripts...something that describes this. But the
above will do exactly what you need.
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: RE: Connecting two networks through a RedHat box
Date: 28 Feb 2003 15:55:26 -0600
On Fri, 2003-02-28 at 15:36, Larry Brown wrote:
> The only difference between placing it in /etc/sysconfig/static-routes
> (which does not exist until you create one) and placing it in sysinit is
> that if you give the service network restart command it will not get run and
> the route will drop. Sysinit only gets parsed on startup.
Generally, there is usually a "better" place to put things than rc.local
or rc.sysinit (in your two cases today, sysctl.conf and static-routes).
People mostly put stuff in rc.local or rc.sysinit when they don't know
what the "better" place is. Works, but with some weaknesses.
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 22:56:33 +0100 (MET)
On Fri, 28 Feb 2003, Larry Brown wrote:
> The only difference between placing it in /etc/sysconfig/static-routes
> (which does not exist until you create one) and placing it in sysinit is
> that if you give the service network restart command it will not get run and
> the route will drop.
Neither the /etc/sysconfig directory nor the service command exist on the
smoothwall box, so I think I'll just keep it in sysinit.
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 22:58:25 +0100 (MET)
On 28 Feb 2003, Rodolfo J. Paiz wrote:
> On Fri, 2003-02-28 at 15:03, Rune Berge wrote:
> > The file ifcfg-eth1 doesn't exist. Only ifcfg-eth0. Would it be sufficient
> > to copy ifcfg-eth0 and alter it, or do I is there more to it?
>
> It is sufficient to copy and alter it. Bottom line, you should have
> something like the following (customize to use your numbers, of course):
OK. I did, and ran service network restart, and everything seems to be ok,
so I guess that's it then. Thanks!
===
To: redhat-list@listman.redhat.com
From: "Rodolfo J. Paiz" <rpaiz@simpaticus.com>
Subject: RE: Connecting two networks through a RedHat box
Date: 28 Feb 2003 16:04:22 -0600
On Fri, 2003-02-28 at 15:43, Larry Brown wrote:
> Don't put the GATEWAY= line in there though. This can mess you up if you
> change the gateway in the future since it is now stored in the
> /etc/sysconfig/network file.
Does "it is now stored" mean "it is now always supposed to be stored" in
recent versions of Red Hat, and I didn't notice?
Or does it mean "it's stored because we put it there in previous
attempts at troubleshooting"?
I've always been used to having a GATEWAY for each device, then adding
(for example) "GATEWAYDEV=eth0" to /etc/sysconfig/network...
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 17:06:59 -0500
Just to know more about Smoothwall, did you try the fgrep static-routes
/etc/sysconfig/network-scripts/ifup* command? It helps just in case I come
across someone else that is using it and has some similar/related question.
===
To: redhat-list@listman.redhat.com
From: "Larry Brown" <larry.brown@dimensionnetworks.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 17:23:07 -0500
Originally in 6.2 (I think) I used to have one ethX that had the GATEWAY=
line and used that to denote the gateway. Subsequently I had a problem
where I had a more recent version and went to change the gateway in the ethX
scripts and it was not there. I added the GATEWAY= line and it still didn't
work. I ultimately found that there was a line in /etc/sysconfig/network
for the gateway. I changed it and took the lines out of the ethX and it
worked fine. I also found that the GUI tools were not making any changes to
ethX for the gateway, but rather to just /etc/sysconfig/network so I
abandoned using ethX.
===
To: redhat-list@listman.redhat.com
From: Rune Berge <rune@krokodille.com>
Subject: RE: Connecting two networks through a RedHat box
Date: Fri, 28 Feb 2003 23:46:45 +0100 (MET)
On Fri, 28 Feb 2003, Larry Brown wrote:
> Just to know more about Smoothwall, did you try the fgrep static-routes
> /etc/sysconfig/network-scripts/ifup* command? It helps just in case I come
> across someone else that is using it and has some similar/related question.
As I said in an earlier post: There is no /etc/sysconfig directory.
===