problems setting up linux box as default gateway and router

D

darkmyth

Gawd
Joined
Dec 28, 2002
Messages
548
I had setup a linux redhat 9.0 box as a default gateway and my router before but the box went down and me and my cisco teacher forgot to document everything that we did to set it up. I thought i could handle redoing everything but I keep getting a host error. even though it's sappose to be dynamicly assigned. I entered the isp's dns servers in my /etc/dhcpd.conf file and setup firestarter found at http://firestarter.sourceforge.net . Which handles iptables, and sets up your eth0 as wan and eth1 as your lan connection. I have a crossover cable running from my lan card to my d-link switch which then has two computers running off it.

I'm useing a class A network 10.0.0.1/8 and using the ranges 10.0.0.2 10.0.0.252 for the ip's being handed out by dhcp. But I keep getting a host error??

I know before we set something in eth0 and eth1 text files but I'm not sure where to put those and can't find any doucmentation from when we set it up before in the papers we have that talked about it. Does anyone have any idea's?


specs for my client machine and the linux box are in my sig.

I'm doing another fresh install of redhat 9.0 now so I can't start fresh.?? any idea's anyone. Or any good tutorials someone can send my way??


thanks in advance.


where do you place echo 1 > /proc/sys/net/ipv4/ip_forward??
 
Originally posted by Blitzrommel
Because .532 is an invalid range.
Click to expand...

it was just a typo i meant to put .252

but what i meant is how does this help me out what so ever with my problem that I listed above. Yes it did point out I made a type in here but I didn't in the /etc/dhcpd.conf file.
 
#1 Why are you using a crossover cable to connect a PC to a switch?

I have a crossover cable running from my lan card to my d-link switch which then has two computers running off it.
Click to expand...

Can you ping the Red Hat machine from another system on the same LAN? Is it issuing addresses just not the DNS servers?
 
Originally posted by PHUNBALL
#1 Why are you using a crossover cable to connect a PC to a switch?



Can you ping the Red Hat machine from another system on the same LAN? Is it issuing addresses just not the DNS servers?
Click to expand...

this is the way my lan goes.

cable modem box > cat5 cable to eth0 (on redhat 9 box) > crossover cable goes from eth1 (on redhat box) to switch > then cat5 out to client machines from the switch.

the redhat 9 box is my router. Lets put it that way.

I setup /etc/dhcpd.conf with config:

#/etc/dhcpd.conf
ddns-update-style interim;

subnet 10.0.0.1 netmask 255.255.255.0 {
default-lease-time 63000;
max-lease-time 72000;
option routers 10.0.0.1
option subnet-mask 255.255.255.0;
option domain-name-servers 24.231.XX.XX 24.231.XX.XX
range 10.0.0.2 10.0.0.253
}


-------end of config------- (not actually in /etc/dhcpd.conf)----

My ip's are
eth0 is dynamically assigned by isp
eth1 has ip 10.0.0.1

not able to ping as far as I know. I just tryed smoothwall but that wasn't working so I'm reinstalling redhat 9.0 again

I use firestarter http://firestarter.sourceforge.net for NAT and firewall


I'm unable to get ip's on client machines, so everything else is out of the question as well. aka being able to ping, internet access, etc.
 
cable modem box > cat5 cable to eth0 (on redhat 9 box) > crossover cable goes from eth1 (on redhat box) to switch > then cat5 out to client machines from the switch.
Click to expand...

Do you have a link light on eth1? Unless your switch can auto negotiate this I'm willing to bet you don't because crossover cables are not meant to be used when connecting a PC to a switch.
 
Originally posted by PHUNBALL
Do you have a link light on eth1? Unless your switch can auto negotiate this I'm willing to bet you don't because crossover cables are not meant to be used when connecting a PC to a switch.
Click to expand...

ya actually they are.

get a link lite between eth1 and switch
 
Originally posted by darkmyth
ya actually they are.

get a link lite between eth1 and switch
Click to expand...

Replace that cable with a straight through (just to humor me), assign the appropriate STATIC IP address, Subnet Mask, and Gateway to a PC on the Internal LAN and try to ping the gateway (Red Hat Box) and report back...
 
Originally posted by PHUNBALL
Replace that cable with a straight through (just to humor me), assign the appropriate STATIC IP address, Subnet Mask, and Gateway to a PC on the Internal LAN and try to ping the gateway (Red Hat Box) and report back...
Click to expand...

ip's are assigned dynamically to clients. Also I'm only on disk 2 for redhat 9.0 since I had to reinstall after not getting smoothwall to work. But I may give smoothwall another try. since I just looked at a tutorial and they said you need to further config your smoothwall box via the web-server that is broadcasted from the box.
 
Originally posted by darkmyth
ip's are assigned dynamically to clients. Also I'm only on disk 2 for redhat 9.0 since I had to reinstall after not getting smoothwall to work. But I may give smoothwall another try. since I just looked at a tutorial and they said you need to further config your smoothwall box via the web-server that is broadcasted from the box.
Click to expand...

Just because you have a DHCP server set up does not mean you can't statically assign a box with an IP of your choice for testing purposes, give it a shot, I promise it will work as long as it is in the same subnet :)


Smoothwall is pretty straightforward and should function fine after the initial install so give it a shot again if you can...
 
Originally posted by PHUNBALL
Just because you have a DHCP server set up does not mean you can't statically assign a box with an IP of your choice for testing purposes, give it a shot, I promise it will work as long as it is in the same subnet :)


Smoothwall is pretty straightforward and should function fine after the initial install so give it a shot again if you can...
Click to expand...

the thing with smoothwall though was that I was able to assign ip's but was unable to get internet access. the green + red config is kindda screwed up.

I'm not to sure if you have to set your green as your internal and your red as outside or what? My isp hands out ip's dynamically and I don't have one that I have all the time to set in GREEEN with the subnet mask 255.255.255.0 ?? have you worked with smoothwall before.?

The way I did it was that I set eth0 with GREEN and eth1 with RED and then I set my dns servers in the dhcp section. I'm not sure what to set RED to though. DO I set it to static, or do I set it to DHCP??

new to smoothwall so? i'm confused with it.
 
My smoothwall is using the GREEN+ORANGE+RED configuration.

The Green Interface is the local network behind the smoothwall
The Orange Interface is the DMZ zone
The Red Interface is the internet

If your ISP hands out IPs, just make sure you configure the Red interface, in setup, to use DHCP.

The Green interface you want to give a static IP such as 192.168.0.1/255.255.255.0, or whatever fits your fancy.

The DHCP server for your network will operate on the green interface if you enable it.

You might try reading the forums at http://smoothwall.org or http://smoothwall.org/docs/
 
Originally posted by nismo_r34
My smoothwall is using the GREEN+ORANGE+RED configuration.

The Green Interface is the local network behind the smoothwall
The Orange Interface is the DMZ zone
The Red Interface is the internet

If your ISP hands out IPs, just make sure you configure the Red interface, in setup, to use DHCP.

The Green interface you want to give a static IP such as 192.168.0.1/255.255.255.0, or whatever fits your fancy.

The DHCP server for your network will operate on the green interface if you enable it.

You might try reading the forums at http://smoothwall.org or http://smoothwall.org/docs/
Click to expand...


hey thanks man. Do you need to access the web-page or whatever for the smoothwall for further config??

I've been to smoothwall.org
 
Originally posted by darkmyth
hey thanks man. Do you need to access the web-page or whatever for the smoothwall for further config??

I've been to smoothwall.org
Click to expand...

You can configure everything except port forwarding rules, etc. through the initial setup and are not required to go through the GUI to enable routing, etc.

Have you tried to ping this box from another machine yet? You really are skipping a ton of troubleshooting steps by ignoring this simple task because if you don't have IP connectivity to this box then nothing else you do will matter and you will be going in circles forever...

When troubleshooting a network problem you have to start at the bottom. Is layer 1 working properly? You say you have link lights on both ends so I would have to say yes based on the info you provided. How about layer 2? Again, based on the info you provided I would say it probably is, but no way to know for sure. Now, how about layer 3? Nothing has been shown yet that makes me think layer 3 is functional

This is just a friendly tip from someone that makes a living doing this because honestly, rebuilding your router every time something does not work is not the answer...
 
Originally posted by PHUNBALL
You can configure everything except port forwarding rules, etc. through the initial setup and are not required to go through the GUI to enable routing, etc.

Have you tried to ping this box from another machine yet? You really are skipping a ton of troubleshooting steps by ignoring this simple task because if you don't have IP connectivity to this box then nothing else you do will matter and you will be going in circles forever...

When troubleshooting a network problem you have to start at the bottom. Is layer 1 working properly? You say you have link lights on both ends so I would have to say yes based on the info you provided. How about layer 2? Again, based on the info you provided I would say it probably is, but no way to know for sure. Now, how about layer 3? Nothing has been shown yet that makes me think layer 3 is functional

This is just a friendly tip from someone that makes a living doing this because honestly, rebuilding your router every time something does not work is not the answer...
Click to expand...



I'm in cisco class I know what I'm doing the steps I took were this.

checked all cables made sure link lights were on. Checked ac adapter for switch, checked switch connection lights. Checked cable modem was on and activity light on Then went to redhat box untared dhcpd-latest.tar.gz with tar xzvf dhcpd-latest.tar.gz then cd in dhcpd-3.0. dir and did a ./configure make and make install Then I made the files /etc/dhcpd.conf and /var/state/share/dhcpd.leases <-could be wrong on the syntax of that one and then made a iptables file in /etc/sysconfig put in my iptables rules. Then installed firestarter and went through the setup and setup nat. put echo 1 > /proc/sys/net/ipv4/ip_forward in my /etc/rc.d/rc.local file useing nano . Then I started dhcpd in the terminal with dhcpd (which I also put in my /etc/rc.d/rc.local file so dhcpd boots automatically.

Now i'm able to get internet access, ip etc. I figured it out and got it up and running. And yes you do use a crossover cable when you go from a broadcasting nic card to a switch. commen sense man. need the link between it.

thanks for all the help everyone. Figured it out with some help from all of you and my know how as well.
 
Originally posted by darkmyth
I'm in cisco class I know what I'm doing the steps I took were this.

checked all cables made sure link lights were on. Checked ac adapter for switch, checked switch connection lights. Checked cable modem was on and activity light on Then went to redhat box untared dhcpd-latest.tar.gz with tar xzvf dhcpd-latest.tar.gz then cd in dhcpd-3.0. dir and did a ./configure make and make install Then I made the files /etc/dhcpd.conf and /var/state/share/dhcpd.leases <-could be wrong on the syntax of that one and then made a iptables file in /etc/sysconfig put in my iptables rules. Then installed firestarter and went through the setup and setup nat. put echo 1 > /proc/sys/net/ipv4/ip_forward in my /etc/rc.d/rc.local file useing nano . Then I started dhcpd in the terminal with dhcpd (which I also put in my /etc/rc.d/rc.local file so dhcpd boots automatically.

Now i'm able to get internet access, ip etc. I figured it out and got it up and running. And yes you do use a crossover cable when you go from a broadcasting nic card to a switch. commen sense man. need the link between it.

thanks for all the help everyone. Figured it out with some help from all of you and my know how as well.
Click to expand...

*cough*
http://en.wikipedia.org/wiki/Cat5
*cough*

I'm not trying to start anything, but I've know a lot of software people who I would never let near any hardware problems, and vice versa (layer 1 being hardware). I've also known far to many people who've "taken classes" or "gotten certs" who again, I'd never let anywhere near anything, where as some of the best consultants I've used have 0 certs, but 100% real world knowledge.

On topic, I'm not a linux guru by any means, and I've never used smoothwall, but I was under the impression that it worked basically "out of the box", and if it wasnt, something else (hardware, isp, etc) was the issue. And to and my further 2 cents, I run astaro for one of my routers, which is free for soho use.
 
I'd just like to point out you are very wrong when you say it is "common sense" to use a crossover cable to connect a NIC to a switch. The switch MAY auto negotiate it, though.

As SoulkeepHL so graciously provided for your reading pleasure darkmyth:

In Ethernet, "crossover" Cat-5 cables are used to connect two hubs together, in which pairs two and three are reversed. Crossover cables can also be used to connect two PC's NICs directly (with no intervening hub). See the TIA-568B article for a pinout diagram.
Click to expand...
 
I'm in cisco class I know what I'm doing the steps I took were this.
Click to expand...

Are they teaching you the following in this class? If so, ask for a refund...

And yes you do use a crossover cable when you go from a broadcasting nic card to a switch. commen sense man. need the link between it.
Click to expand...

This is NOT common sense nor is it common practice and I have to disagree with the fact that you know what you are doing. I know you are probably learning a lot in your Cisco class, but I have a shocker for you. That class might teach you 10% of what you need to know in order to succeed in the real world. By assuming you "know what you are doing" you are only hindering yourself. I have been doing this professionaly for over 7 years and still, to this day never toss out someones idea (as long as it is in the ballpark of course) because "I know what I am doing". Just some friendly advise, do with it what you will...
 
Originally posted by PHUNBALL
Are they teaching you the following in this class? If so, ask for a refund...



This is NOT common sense nor is it common practice and I have to disagree with the fact that you know what you are doing. I know you are probably learning a lot in your Cisco class, but I have a shocker for you. That class might teach you 10% of what you need to know in order to succeed in the real world. By assuming you "know what you are doing" you are only hindering yourself. I have been doing this professionaly for over 7 years and still, to this day never toss out someones idea (as long as it is in the ballpark of course) because "I know what I am doing". Just some friendly advise, do with it what you will...
Click to expand...
Nice job on belittling his intelligence. lol
 
Originally posted by Blitzrommel
Nice job on belittling his intelligence. lol
Click to expand...

I'm just trying to point out that you can't take everything as gospel, you need to be open to other's interpretations, and if you are new to something don't assume you know everything because you don't...

I was not attempting to belittle anyone, but it reached the point where it was obviously going in one ear and out the other so I had to take the gloves off... :)
 
Originally posted by SoulkeepHL
*cough*
http://en.wikipedia.org/wiki/Cat5
*cough*

I'm not trying to start anything, but I've know a lot of software people who I would never let near any hardware problems, and vice versa (layer 1 being hardware). I've also known far to many people who've "taken classes" or "gotten certs" who again, I'd never let anywhere near anything, where as some of the best consultants I've used have 0 certs, but 100% real world knowledge.

On topic, I'm not a linux guru by any means, and I've never used smoothwall, but I was under the impression that it worked basically "out of the box", and if it wasnt, something else (hardware, isp, etc) was the issue. And to and my further 2 cents, I run astaro for one of my routers, which is free for soho use.
Click to expand...

I'm not all about certs but what cisco is is networking class. Me and my cisco teacher also go out of what is taught in the ciriculum and do, do real world networking etc. You go over the layers in cisco class. I've networked my room, and also am going to be setting up another lan in the cisco room, and setting up a cisco server rack in the back room. Built two computers, and I run a server in the cisco room.

It doesn't take a genius to run cat5 no offense but you basicly can't screw it up.

I got dhcpd running, iptables up, firestarter configured, and got vnc server up.

I'm now working on samba, httpd (apache server), and vsftpd up.

httpd isn't a problem but ftp server and samba are.
 
Originally posted by PHUNBALL
I'm just trying to point out that you can't take everything as gospel, you need to be open to other's interpretations, and if you are new to something don't assume you know everything because you don't...

I was not attempting to belittle anyone, but it reached the point where it was obviously going in one ear and out the other so I had to take the gloves off... :)
Click to expand...


meaning you belittled

I took your opinions as they were and did look through it but I use a crossover from eth1 to switch. I don't really care if it's not common practice. I custom made all my cat5 as well so I know that the wires are crossed on one end of the crossover cable. I'm not retarded, and I have some knowledge of networking, but as you said i am by far away from knowing most things. I'm in the process of learning these thing in my cisco class, outside of the cisco ciriculum me and my teacher are doing real world things.

I know http, and am learning perl, cgi, and php.

What I meant of what I know what I was doing is that I've done this before. Setting up the cat5 is basicly straight forward, not to all people of course but to most. I knew what to do with firestarter, the /etc/dhcpd.conf file, and haveing to create the leases file. Then I knew that I needed to make a iptables file in /etc/sysconfig/ . Then start everything up.

I take anyones idea's as suggestions and use them.

I just didn't see any point to changeing the cables from the way I had them when it worked before my server went down.
 
Have you tried running ifconfig and seeing if both your interfaces are up? Also, look in your /etc/modules.conf. There should be two lines in there (amongst others) that say "alias eth0 (something)" and "alias eth1 (something)".

For instance, in mine it says:
alias eth0 ne
alias eth1 3c59x

The ne and 3c59x are the module names for your network cards. ne is a common one, tulip is as well. You can run lsmod and see which modules are installed, and make sure your network cards are listed.

For my install of firestarter on slackware, I had to add the alias lines to modules.conf in order to get both cards working.

If one of your cards isn't listed during the ifconfig, you can try "ifconfig eth0 up" or eth1. If your card isn't setup right, it'll say something like "eth0 does not exist" or something like that.
 
I took your opinions as they were and did look through it but I use a crossover from eth1 to switch. I don't really care if it's not common practice.
Click to expand...

[rant]People don't just sit around coming up with standards and best practices because they are bored. They do it for a very good reason, to keep everything standardized from business to business and employee to employee.[/rant]

With that said, what kind of real world things are you doing that are Cisco and network related? Any Frame-Relay or ATM? How about BGP or OSPF? Switching (and I don't mean ethernet)?
 
Originally posted by rm.o
Have you tried running ifconfig and seeing if both your interfaces are up? Also, look in your /etc/modules.conf. There should be two lines in there (amongst others) that say "alias eth0 (something)" and "alias eth1 (something)".

For instance, in mine it says:
alias eth0 ne
alias eth1 3c59x

The ne and 3c59x are the module names for your network cards. ne is a common one, tulip is as well. You can run lsmod and see which modules are installed, and make sure your network cards are listed.

For my install of firestarter on slackware, I had to add the alias lines to modules.conf in order to get both cards working.

If one of your cards isn't listed during the ifconfig, you can try "ifconfig eth0 up" or eth1. If your card isn't setup right, it'll say something like "eth0 does not exist" or something like that.
Click to expand...

I ran ifconfig and both are up. As you should have read above I fixed it and the server is running now. Thanks for the input though. I haven't had a problem with both cards not being recognized it was just with softwear etc. But everythings up and running now so that's a plus. Thanks again though I'll have to take a look in /etc/modules.conf and see what's in there for future reference. What I had to do for firestarter is open up some ports as well for my client machines to access some things. aka 80(http), 53(dns), 5900 5800 (both for vncserver) and going to open 5788 for my apache server and one that I haven't decided on yet for my vsftpd server. Which I need to still config. my isp blocks ports so I have to broadcast on higher ones.
 
Originally posted by PHUNBALL
[rant]People don't just sit around coming up with standards and best practices because they are bored. They do it for a very good reason, to keep everything standardized from business to business and employee to employee.[/rant]

With that said, what kind of real world things are you doing that are Cisco and network related? Any Frame-Relay or ATM? How about BGP or OSPF? Switching (and I don't mean ethernet)?
Click to expand...

actually yes we are going to attack all of those, beleive it or not my cisco teacher gives a shit about my future career.
 
You must log in or register to reply here.
Back
Top