Internal LAN cannot reach the wild Internet
I have IP_FORWARD="yes" and I can reach from the server through each Interface the Internet and the LAN machines. However the LAN machines cannot go out to the Internet. I have restarted the network and the /var/log/messages says to that: May 18 00:25:49 www kernel: eth1: network connection down May 18 00:25:50 www ifup-route: Warning: Could not set up default route via interface May 18 00:25:50 www ifup-route: Command ip route replace to default via 61.220.121.17 returned: May 18 00:25:50 www ifup-route: . RTNETLINK answers: Network is unreachable May 18 00:25:50 www ifup-route: Configuration line: default 61.220.121.17 - - May 18 00:25:50 www ifup-route: This needs NOT to be AN ERROR if you set up multiple interfaces. May 18 00:25:50 www ifup-route: See man 5 routes how to avoid this warning. May 18 00:25:51 www SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2 May 18 00:25:51 www kernel: eth1: network connection up using port A May 18 00:25:51 www kernel: speed: 100 May 18 00:25:51 www kernel: autonegotiation: yes May 18 00:25:51 www kernel: duplex mode: full May 18 00:25:51 www kernel: flowctrl: symmetric May 18 00:25:51 www kernel: irq moderation: disabled May 18 00:25:51 www kernel: tcp offload: disabled May 18 00:25:51 www kernel: scatter-gather: enabled May 18 00:25:51 www kernel: tx-checksum: enabled May 18 00:25:51 www kernel: rx-checksum: enabled May 18 00:25:51 www kernel: rx-polling: enabled May 18 00:26:00 www kernel: eth0: no IPv6 routers present May 18 00:26:00 www kernel: eth1: no IPv6 routers present What do I miss? bye Ronald
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
I have IP_FORWARD="yes"
and I can reach from the server through each Interface the Internet and the LAN machines. However the LAN machines cannot go out to the Internet.
I have restarted the network and the /var/log/messages says to that:
May 18 00:25:49 www kernel: eth1: network connection down May 18 00:25:50 www ifup-route: Warning: Could not set up default route via interface May 18 00:25:50 www ifup-route: Command ip route replace to default via 61.220.121.17 returned: May 18 00:25:50 www ifup-route: . RTNETLINK answers: Network is unreachable May 18 00:25:50 www ifup-route: Configuration line: default 61.220.121.17 - - May 18 00:25:50 www ifup-route: This needs NOT to be AN ERROR if you set up multiple interfaces. May 18 00:25:50 www ifup-route: See man 5 routes how to avoid this warning. May 18 00:25:51 www SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2 May 18 00:25:51 www kernel: eth1: network connection up using port A May 18 00:25:51 www kernel: speed: 100 May 18 00:25:51 www kernel: autonegotiation: yes May 18 00:25:51 www kernel: duplex mode: full May 18 00:25:51 www kernel: flowctrl: symmetric May 18 00:25:51 www kernel: irq moderation: disabled May 18 00:25:51 www kernel: tcp offload: disabled May 18 00:25:51 www kernel: scatter-gather: enabled May 18 00:25:51 www kernel: tx-checksum: enabled May 18 00:25:51 www kernel: rx-checksum: enabled May 18 00:25:51 www kernel: rx-polling: enabled May 18 00:26:00 www kernel: eth0: no IPv6 routers present May 18 00:26:00 www kernel: eth1: no IPv6 routers present
What do I miss?
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
I have IP_FORWARD="yes"
and I can reach from the server through each Interface the Internet and the LAN machines. However the LAN machines cannot go out to the Internet.
I have restarted the network and the /var/log/messages says to that:
May 18 00:25:49 www kernel: eth1: network connection down May 18 00:25:50 www ifup-route: Warning: Could not set up default route via interface May 18 00:25:50 www ifup-route: Command ip route replace to default via 61.220.121.17 returned: May 18 00:25:50 www ifup-route: . RTNETLINK answers: Network is unreachable May 18 00:25:50 www ifup-route: Configuration line: default 61.220.121.17 - - May 18 00:25:50 www ifup-route: This needs NOT to be AN ERROR if you set up multiple interfaces. May 18 00:25:50 www ifup-route: See man 5 routes how to avoid this warning. May 18 00:25:51 www SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2 May 18 00:25:51 www kernel: eth1: network connection up using port A May 18 00:25:51 www kernel: speed: 100 May 18 00:25:51 www kernel: autonegotiation: yes May 18 00:25:51 www kernel: duplex mode: full May 18 00:25:51 www kernel: flowctrl: symmetric May 18 00:25:51 www kernel: irq moderation: disabled May 18 00:25:51 www kernel: tcp offload: disabled May 18 00:25:51 www kernel: scatter-gather: enabled May 18 00:25:51 www kernel: tx-checksum: enabled May 18 00:25:51 www kernel: rx-checksum: enabled May 18 00:25:51 www kernel: rx-polling: enabled May 18 00:26:00 www kernel: eth0: no IPv6 routers present May 18 00:26:00 www kernel: eth1: no IPv6 routers present
What do I miss?
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP.
The public IP is correct. The machine is really on the "wild Internet" bye Ronald -- Ronald Wiplinger (CEO of ELMIT) http://www.elmit.com +886 (0) 939--77-55-16 or FWD 511208 - I'm a SpamCon Foundation Member, #694, Verify it at http://www.spamcon.org PS: Spam prevention! Our system is protected with a spam prevention program. If you send us an e-mail, our system will send you a confirmation message back. Just reply to this confirmation message please. After receiving this confirmation message, our system will send the hold message (one) and all future messages (after the received confirmation message) to me without asking you again.
On Wed, 2005-05-18 at 00:46 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP.
The public IP is correct. The machine is really on the "wild Internet"
bye
Ronald
Again, how do you connect to the internet?, my crystal ball is broken. There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:46 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP.
The public IP is correct. The machine is really on the "wild Internet"
bye
Ronald
Again, how do you connect to the internet?, my crystal ball is broken. There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Your crystal ball is not brocken, ... I DO have fix public IP addresses here, ... if you see it as a LONG cat 5 cable or a fiber is not important. eth1 is connected to the Internet, eth0 is connected to the LAN
sharing with /etc/sysconfig/network/ifcfg-xxxx and route files would help to recognize the problem
also send your SuSEfirewall2 rules and other related files
ping on server works?
# cat ifcfg-eth0 BOOTPROTO='static' BROADCAST='192.168.1.255' IPADDR='192.168.1.254' MTU='' NETMASK='255.255.255.0' NETWORK='192.168.1.0' REMOTE_IPADDR='' STARTMODE='auto' USERCONTROL='no' _nm_name='static-0' # cat ifcfg-eth-id-00\:0f\:ea\:8d\:43\:a9 BOOTPROTO='static' BROADCAST='61.220.121.255' IPADDR='61.220.121.21' MTU='' NETMASK='255.255.255.0' NETWORK='61.220.121.0' REMOTE_IPADDR='' STARTMODE='auto' UNIQUE='B35A.CrrGZ_ENih8' USERCONTROL='no' _nm_name='bus-pci-0000:02:00.0' # cat routes default 61.220.121.17 - - # grep -v ^# SuSEfirewall2 FW_QUICKMODE="no" FW_DEV_EXT="eth-id-00:0f:ea:8d:43:a9" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="5801 5901 80 domain http https imap imaps pop3 pop3s smtp ssh netbios-ns netbios-dgm netbios-ssn microsoft-ds" FW_SERVICES_EXT_UDP="domain bootps" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_SERVICES_DMZ_TCP="80" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_SERVICES_INT_TCP="80" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_SERVICES_DROP_EXT="" FW_SERVICES_REJECT_EXT="0/0,tcp,113" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="" FW_ALLOW_INCOMING_HIGHPORTS_UDP="" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG_LIMIT="" FW_LOG="" FW_KERNEL_SECURITY="yes" FW_ANTISPOOF="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="int" FW_IGNORE_FW_BROADCAST="no" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="yes" FW_IPSEC_TRUST="no" Any good news ;-) bye Ronald
On Tuesday, 17 of May 2005 19:22, Ronald Wiplinger wrote:
# cat routes default 61.220.121.17 - -
you should add to route 192.168.1.0 to eth0 and how your local machines get net configs? dhcp? say, can your server ping? -- Marek Chlopek
On Wed, 2005-05-18 at 01:22 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:46 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP.
The public IP is correct. The machine is really on the "wild Internet"
bye
Ronald
Again, how do you connect to the internet?, my crystal ball is broken. There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Your crystal ball is not brocken, ... I DO have fix public IP addresses here, ... if you see it as a LONG cat 5 cable or a fiber is not important.
eth1 is connected to the Internet, eth0 is connected to the LAN
So you have a ethernet connection that requires no cable, modem or hardware other then the ethernet card. Interesting. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
Ken Schneider wrote:
On Wed, 2005-05-18 at 01:22 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:46 +0800, Ronald Wiplinger wrote:
Ken Schneider wrote:
On Wed, 2005-05-18 at 00:28 +0800, Ronald Wiplinger wrote:
How do you connect to the internet? It looks like you are using a public address on eth1 which I am not sure is appropriate. I would expect a ppp0 or adsl0(?) interface which connects to the internet through your ISP.
The public IP is correct. The machine is really on the "wild Internet"
bye
Ronald
Again, how do you connect to the internet?, my crystal ball is broken. There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Your crystal ball is not brocken, ... I DO have fix public IP addresses here, ... if you see it as a LONG cat 5 cable or a fiber is not important.
eth1 is connected to the Internet, eth0 is connected to the LAN
So you have a ethernet connection that requires no cable, modem or hardware other then the ethernet card. Interesting.
Of course in the Ethernet port is an Ethernet cabel, which goes to a hub, .. I am sure you have never seen that before, right? You do not need necessary to have a DSL to be connected, you can be connected to a hub, .... Knowing that, what is your suggestion to get the LAN connected to the Internet? bye Ronald
Anders Johansson wrote:
On Tuesday 17 May 2005 21:08, Ronald Wiplinger wrote:
Knowing that, what is your suggestion to get the LAN connected to the Internet?
Do the internal machines have the gateway machine set as the default gateway?
Thank you, that was it. I did not think DHCP, I thought on my router, and gave the IP of my router as gateway, and not the gateway machine's IP, ... bye Ronald
On Tuesday 17 May 2005 19:00, Ken Schneider wrote:
There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Just as an FYI, where I used to live in Sweden all the flats had an ethernet socket in the wall. Just plug'n'play. There doesn't always have to be a DSL or something
On Tue, 2005-05-17 at 21:15 +0200, Anders Johansson wrote:
On Tuesday 17 May 2005 19:00, Ken Schneider wrote:
There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Just as an FYI, where I used to live in Sweden all the flats had an ethernet socket in the wall. Just plug'n'play. There doesn't always have to be a DSL or something
Which is why I was asking for further info. The original post stated that eth1 was not coming up/connecting which could mean many different things could be wrong/bad. At least now we know he at least connects to a hub but failed to state what the hub connected to so we could offer further help. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
On Tue, 2005-05-17 at 17:28 -0400, Ken Schneider wrote:
On Tue, 2005-05-17 at 21:15 +0200, Anders Johansson wrote:
On Tuesday 17 May 2005 19:00, Ken Schneider wrote:
There has to be some device you plug into, unless your ISP ran a v e r y l o n g cat 5 cable to your place.
Just as an FYI, where I used to live in Sweden all the flats had an ethernet socket in the wall. Just plug'n'play. There doesn't always have to be a DSL or something
Which is why I was asking for further info. The original post stated that eth1 was not coming up/connecting
Correcting myself.. it was a restart of the interface that caused the default route to disappear. Since he is using a fixed address he will also need to manually set the default route. If Ronald could supply the results of route -n it would help. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
On Tuesday, 17 of May 2005 18:46, Ronald Wiplinger wrote:
What do I miss?
sharing with /etc/sysconfig/network/ifcfg-xxxx and route files would help to recognize the problem also send your SuSEfirewall2 rules and other related files ping on server works? -- Marek Chlopek
Hi Ronald, Ronald Wiplinger wrote:
I have IP_FORWARD="yes"
and I can reach from the server through each Interface the Internet and the LAN machines. However the LAN machines cannot go out to the Internet.
I have restarted the network and the /var/log/messages says to that:
...
What do I miss?
I assume that you LAN computers are using private IP adress spaces, so do you use masquerading? J
On Tuesday 17 May 2005 18:28, Ronald Wiplinger wrote:
I have IP_FORWARD="yes"
Do you also have FW_MASQUERADE="yes"? Set up your firewall in YaST to enable forwarding and masquerading (unless by chance all your LAN machines have public IPs)
participants (5)
-
Anders Johansson -
Jan Albrecht -
Ken Schneider -
Marek Chlopek -
Ronald Wiplinger