On Sun Dec 31 2000 at 18:06, Katrin Niemann wrote:
> Hi everyone,
>
> we have a strange problem with our new LAN. The setup is very simple
Not so simple at all... the boxes are serially connected which is
not the usual thing with ethernets (which usually use hubs).
> hal (IP 192.168.0.3, Linux 2.2.13)
> |
> |
> dave (IP 192.168.0.4, Linux 2.2.13)
> |
> |
> ramboy (IP 192.168.0.2, Win98)
> |
> |
> proxy (IP 192.168.0.1, NT4.0 with masquerading router
> to the Internet)
Note: I assume from this diagram that each box has TWO ethernet
cards, which are connected in series via crossover cables. If so,
then an IP address is assigned to each interface, two per box. So
why only one address per box there?
> Everything is fine, except that the two Linux boxes cannot reach each other.
> They can both contact ramboy, proxy and the Internet, but not each other. The
> problem disappears, if the link between dave and ramboy is removed, leaving
> dave and hal alone.
Note that all your boxes are in the same c-class network, yet they
are not connected via a hub. I wouldn't have recommended doing it
like this... each needs to be in a different network (or subnet or
whatever).
What netmasks are you using? It would have been helpful to see the
routing tables ("/sbin/route -n") on both the linux boxes, and the
winbloze boxes ("route print").
Each of your boxes are in the same (c-class) subnet address range,
and they would expect other boxes in the same locally-connected
networks to be, well, locally connected.
But they are not... they are serially connected.
- hal needs a route to ramboy and proxy via dave as a gateway.
- dave needs a route to proxy via ramboy.
- and they all need host routes back the other way (eg, proxy needs
to know that the route to hal and dave is via ramboy).
Good luck doing this with windows (yeech:)
Perhaps the "real way" to do this is to divide your 192.168.0.0/24
network into a series of 192.168.0.0/30 subnets. (If you don't know
what I'm talking about, then this is out of your league and don't
worry about it).
> Using KSnuffle I saw that ARP packets from hal do not show up on dave and vice
> versa. If e.g. hal sends a 'who-has ramboy', dave sees only the 'is-at' reply
> from ramboy. If proxy queries ramboy, dave sees both packets.
(Oh, so you are arp aliasing instead???)
Why should dave see any traffic between ramboy and proxy?
> Even entering the MACs manually into the ARP tables of dave and hal does not
> work.
>
> Any ideas?
Basic ethernet routing... there is presumed to be a subnet hanging
off a network card connected to a "family" of other local computers.
The netmask is the key to dividing up c-class addresses, and you
should route traffic using that. Otherwise you'll need to add
specific host routes to each box.
eg, on hal...
[hal]# route add -host 192.168.0.2 gw 192.168.0.4
[hal]# route add -host 192.168.0.1 gw 192.168.0.4
and on ramboy, you'll need to give that windows box a static route
to hal via dave (with its route command).
And proxy needs to know how to reach hal and dave (via ramboy).
Finally, I would highly recommend putting your windoze boxes AWAY
from the network interface, at the very END of your network chain.
Besides, linux can do a fantastic job of firewalling and
masquerading for a network...
(Apologies if I have misunderstood your question).
Good luck.
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <Tony@growzone.com.au> Systems Administrator, RHCE
GrowZone OnLine - regional internet services for Southern Qld
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
