I have a problems using a patch cable and trying to route though another machine. The client is a minimum installed machine and the router is just a simple dhcp desktop. Is there some packages that *dont* come with the minimum install that would keep you from getting a simple route. Tried everything but network trace and the route stalls. I can ping in both directions, so I dont think its driver related. I dropped firewalld on both machine as well as tried NAT masquerading, nada. Seems strange. config:
client:
NM_CONTROLLED="yes" BOOTPROTO="static" DEVICE="em1" IPADDR=192.168.0.11 NETMASK=255.255.255.0 ONBOOT=yes HWADDR=xx:xx:xx:xx:xx TYPE=Ethernet DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no NAME="System em1" GATEWAY=192.168.0.1 DNS1=75.75.75.75 DNS2=75.75.76.76
router:
NM_CONTROLLED="yes" BOOTPROTO="static" DEVICE="em1" IPADDR=192.168.0.1 NETMASK=255.255.255.0 ONBOOT=yes HWADDR=xx:xx:xx:xx:xx TYPE=Ethernet DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no NAME="System em1" DNS1=75.75.75.75 DNS2=75.75.76.76
I remember setting up a boot server sometime ago and something missing network wise on a min installed machine? any help/suggestions would be great!
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots.
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
you do NOT need this on the client and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes) pkts bytes target prot opt in out source destination 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots
I tried postrouting/masquerade in iptables on the router and still the client hang on route command. Its like the client cant see the router. But ping works fine in both directions. If I try and ping a known address on the greater internet, nothing. So there is no route beyond the subnet of 192.168.0.0. I know its something dumb cause I've done this 10..12 times before and it aways worked or is working now on some servers.
On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald h.reindl@thelounge.net wrote:
you do NOT need this on the client. and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes) pkts bytes target prot opt in out source destination 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
client hang on route command
what the hell are you doing?
the client does not need anything to know about routing your router is the standard-gateway of the clients and has to do anyhting with affeactes NAT/masquerading/routing because that is why it is called router
Am 12.03.2013 04:20, schrieb Gary Artim:
I tried postrouting/masquerade in iptables on the router and still the client hang on route command. Its like the client cant see the router. But ping works fine in both directions. If I try and ping a known address on the greater internet, nothing. So there is no route beyond the subnet of 192.168.0.0. I know its something dumb cause I've done this 10..12 times before and it aways worked or is working now on some servers.
On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald h.reindl@thelounge.net wrote:
you do NOT need this on the client. and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes) pkts bytes target prot opt in out source destination 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
not sure what you're saying...I just have a default route defined on the machine I'd like routed. The router has all the iptables stuff. When I type route on the non router it hangs, then after some time comes back with the default route to the router and canNOT get beyond the subnet. To my knowledge you need to define a default route on every machine in the subnet that is using the router, at least that is how I've had them setup for the last 15 years and it worked fine.
to summerize I have 2 machine linked by a single patch cable, one of the machine (the linux router) has a second interface to a bigger lan on campus. the ips: router 192.168.0.1 othermachine 192.168.0.11 (default route to 192.168.0.1) iptables: router has natted/masq 192.168.0.0 net, othermachine is wide open, all iptable rules flushed and accepting everything
This should work and worked in the passed, must be something I did or the router or othermachine is missing some software. Tomorrow I'll try tracing the route.
On Mon, Mar 11, 2013 at 8:31 PM, Reindl Harald h.reindl@thelounge.net wrote:
client hang on route command
what the hell are you doing?
the client does not need anything to know about routing your router is the standard-gateway of the clients and has to do anyhting with affeactes NAT/masquerading/routing because that is why it is called router
Am 12.03.2013 04:20, schrieb Gary Artim:
I tried postrouting/masquerade in iptables on the router and still the client hang on route command. Its like the client cant see the router. But ping works fine in both directions. If I try and ping a known address on the greater internet, nothing. So there is no route beyond the subnet of 192.168.0.0. I know its something dumb cause I've done this 10..12 times before and it aways worked or is working now on some servers.
On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald h.reindl@thelounge.net wrote:
you do NOT need this on the client. and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes) pkts bytes target prot opt in out source destination 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote:
I have a problems using a patch cable and trying to route though another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
--
Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/12/13 12:11, Gary Artim wrote:
When I type route on the non router it hangs, then after some time comes back with the default route to the router
So, it "pauses" which is not really a "hang".
If you use "route -n" does it pause?
nope, I get back the defined route, using -n elims the long term pause. I'm assuming the pause is a sign of it not working. maybe I'm looking in the wrong place and should focus in the router machine? On Mar 11, 2013 9:22 PM, "Ed Greshko" Ed.Greshko@greshko.com wrote:
On 03/12/13 12:11, Gary Artim wrote:
When I type route on the non router it hangs, then after some time comes back with the default route to the router
So, it "pauses" which is not really a "hang".
If you use "route -n" does it pause?
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer.... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/12/13 12:29, Gary Artim wrote:
nope, I get back the defined route, using -n elims the long term pause. I'm assuming the pause is a sign of it not working. maybe I'm looking in the wrong place and should focus in the router machine?
It doesn't pause since the -n doesn't do a dns lookup. Since you're having network issues, dns is not working properly either.
Instead of describing in words what your network looks like, I for one, would rather see the outputs on both machines of "ifconfig" and "route -n".
On 03/12/13 14:58, Garry T. Williams wrote:
On 3-11-13 21:11:50 Gary Artim wrote:
to summerize I have 2 machine linked by a single patch cable, one of
If that is not a cross-over cable, that is your problem. Can you ping the router from othermachine?
I have not seen the need for cross-over cables in years. All of the recent hardware which I have supports Auto-MDIX.
why should you need a default-route set MANUALLY?
configure the standrad-gateway which is your router in the network-configuration and you are done
nobody on this world ever needed the route-command on a ordinary client and if the client si using DHCP it would even get the standard-gateway
[root@buildserver:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static TYPE=Ethernet MODE=Managed IPADDR=10.0.0.103 NM_CONTROLLED=no IPV6INIT=no NETMASK=255.255.255.0 GATEWAY=10.0.0.1 USERCTL=no MTU=1472
nobody needed to add this route at all
[root@buildserver:~]$ LANG=C; route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Am 12.03.2013 05:11, schrieb Gary Artim:
not sure what you're saying...I just have a default route defined on the machine I'd like routed. The router has all the iptables stuff. When I type route on the non router it hangs, then after some time comes back with the default route to the router and canNOT get beyond the subnet. To my knowledge you need to define a default route on every machine in the subnet that is using the router, at least that is how I've had them setup for the last 15 years and it worked fine.
to summerize I have 2 machine linked by a single patch cable, one of the machine (the linux router) has a second interface to a bigger lan on campus. the ips: router 192.168.0.1 othermachine 192.168.0.11 (default route to 192.168.0.1) iptables: router has natted/masq 192.168.0.0 net, othermachine is wide open, all iptable rules flushed and accepting everything
This should work and worked in the passed, must be something I did or the router or othermachine is missing some software. Tomorrow I'll try tracing the route.
On Mon, Mar 11, 2013 at 8:31 PM, Reindl Harald h.reindl@thelounge.net wrote:
client hang on route command
what the hell are you doing?
the client does not need anything to know about routing your router is the standard-gateway of the clients and has to do anyhting with affeactes NAT/masquerading/routing because that is why it is called router
Am 12.03.2013 04:20, schrieb Gary Artim:
I tried postrouting/masquerade in iptables on the router and still the client hang on route command. Its like the client cant see the router. But ping works fine in both directions. If I try and ping a known address on the greater internet, nothing. So there is no route beyond the subnet of 192.168.0.0. I know its something dumb cause I've done this 10..12 times before and it aways worked or is working now on some servers.
On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald h.reindl@thelounge.net wrote:
you do NOT need this on the client. and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes) pkts bytes target prot opt in out source destination 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
thanks, I forgot to mention I do have this set on both the client and router, still doesnt work. something is fishie, I went home frustrated and used my 2 laptops, one running mint linux, wirelessly, with a ethernet port (as the router) and one running fedora 18 as the client and got it to route -- ie ping yahoo.com. Go figure.
On Mon, Mar 11, 2013 at 5:55 PM, zoom itman rummymobile@gmail.com wrote:
On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim gartim@gmail.com wrote: > I have a problems using a patch cable and trying to route though > another machine
This might help, on the machine doing the forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists over reboots
On 03/12/13 18:42, Reindl Harald wrote:
why should you need a default-route set MANUALLY?
I don't think he was trying to set the default route manually. I think he was just typing "route" to see what the routes were and confirm he had the default route actually defined. He is then became perplexed that it "hung" and thought that could be significant.
yes, exactly! I'll retry and post config and iptables rules.
On Tue, Mar 12, 2013 at 3:47 AM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/12/13 18:42, Reindl Harald wrote:
why should you need a default-route set MANUALLY?
I don't think he was trying to set the default route manually. I think he was just typing "route" to see what the routes were and confirm he had the default route actually defined. He is then became perplexed that it "hung" and thought that could be significant.
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Okay, maybe I needed sleep. But it really helped to hear stuff like: DNS will hang the route command without the -n switch and the reference to POSTROUTING/MASQ,
this dummy had this in iptables: (em1 is the link/interface for the second machine) /sbin/iptables -t nat -A POSTROUTING -o em1 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
instead of THIS (my wider network interface) /sbin/iptables -t nat -A POSTROUTING -o p37p1 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
So all is working now. thanks much for hearing me out/help!
On Tue, Mar 12, 2013 at 7:21 AM, Gary Artim gartim@gmail.com wrote:
yes, exactly! I'll retry and post config and iptables rules.
On Tue, Mar 12, 2013 at 3:47 AM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/12/13 18:42, Reindl Harald wrote:
why should you need a default-route set MANUALLY?
I don't think he was trying to set the default route manually. I think he was just typing "route" to see what the routes were and confirm he had the default route actually defined. He is then became perplexed that it "hung" and thought that could be significant.
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
Dan Irwin -
Ed Greshko -
Garry Williams -
Gary Artim -
Reindl Harald