RE: 2 NIC cards not talking

RE: 2 NIC cards not talking

[Chadha, Devesh]

Juan,

Eth0 has the external assigned IP by my ISP. Eth1 has a 192.168.x.x ip
address. Eth1 acts as the DHCP server for my LAN. My LAN is working fine. I
can connect machines to the LAN and even connect one machine to another.

But I cannot get eth1 to talk to eth0. I cannot connect the LAN to the
internet nor connect to any internal machine from outside!!

Do I need to bridge the 2 NICs ???

Regards,
Devesh


-----Original Message-----
From: Juan Facundo Suárez [mailto:facundo.suarez@ensi.com.ar] 
Sent: Wednesday, January 21, 2004 10:13 AM
To: linux-newbie list
Subject: Re: 2 NIC cards not talking


Sorry, i don't understand at all. You say that you have two cards, in the
same machine, are them in the same subnet ? why don't you put one, wich
connects to "outside" in one, and the other in another subnet?. I have
working a firewall/router with iptables, and the card is connected to de
adsl-modem has 192.168.1.10, and the card to brins internet to the lan has
192.168.0.1.

 If you cannot ping from a machine in one subnet, to another in other
subnet, maybe you need to load the kernel-module wich does that job.

--
Facundo Suárez
Neuquén - Argentina
FDSoft
mail y jabber: faco@fdsoft.com.ar
facundo.suarez@ensi.com.ar

----- Original Message -----
From: "Chadha, Devesh" <devesh.chadha@lehman.com>
To: <linux-newbie@vger.kernel.org>
Sent: Wednesday, January 21, 2004 11:25 AM
Subject: 2 NIC cards not talking


| Hi,
|
| I have a linux box with 2 NIC cards, both are properly configured. 
| Both
are
| on the same subnet, but still don't ping to one another!!
|
| I need to setup the box as the firewall/router that has eth0 set as
external
| and eth1 as internal serving as DHCP server to other computers on the 
| network. Both have static IPs assigned to them.
|
| Regards,
| Devesh
| 6-6859
|
|
| ----------------------------------------------------------------------
| ----
----
| This message is intended only for the personal and confidential use of 
| the designated recipient(s) named above.  If you are not the intended
recipient of
| this message you are hereby notified that any review, dissemination, 
| distribution or copying of this message is strictly prohibited.  This 
| communication is for information purposes only and should not be 
| regarded
as
| an offer to sell or as a solicitation of an offer to buy any financial 
| product, an official confirmation of any transaction, or as an 
| official statement of Lehman Brothers.  Email transmission cannot be 
| guaranteed to
be
| secure or error-free.  Therefore, we do not represent that this
information is
| complete or accurate and it should not be relied upon as such.  All 
| information is subject to change without notice.
|
| -
| To unsubscribe from this list: send the line "unsubscribe 
| linux-newbie" in the body of a message to majordomo@vger.kernel.org 
| More majordomo info at  http://vger.kernel.org/majordomo-info.html
| Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above.  If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited.  This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or error-free.  Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such.  All information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[pa3gcu]

On Wednesday 21 January 2004 16:23, Chadha, Devesh wrote:
> Juan,
>
> Eth0 has the external assigned IP by my ISP. Eth1 has a 192.168.x.x ip
> address. Eth1 acts as the DHCP server for my LAN. My LAN is working fine. I
> can connect machines to the LAN and even connect one machine to another.
>
> But I cannot get eth1 to talk to eth0. I cannot connect the LAN to the
> internet nor connect to any internal machine from outside!!

Then you need "masquerading", in otherwords iptables or ipchains.
Also make sure /proc/sys/net/ipv4/ip_forward is set to "1"

Something like the following for iptables;

#!/bin/sh

iptables --flush            # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain     #chains that are not in default filter/nat table
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward  # Enables packet forwarding by kernel
This is a must for both examples.

Or the following with ipchains.
/sbin/ipchains -A forward -s 192.168.11.0/24 -j MASQ
Change to suit your subnet.

> Do I need to bridge the 2 NICs ???

No.

> Regards,
> Devesh
>

-- 
If the Linux community is a bunch of theives because they
try to imitate windows programs, then the Windows community
is built on organized crime.

Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Juan Facundo Suárez]

 mmm, the ask is, how are you trying to conect your lan to internet ? using
iptables ?, using squid?

 What the system says if you execute "ifconfig" ?, are both up ?

 You are goingo to need more than a dhcp server to share internet to your
lan. I guess you are goingo to use iptables at least.

 Sorry if i am saying to you, things you just know. May be i don't
understand you. :s

--
Facundo Suárez
Neuquén - Argentina
FDSoft
mail y jabber: faco@fdsoft.com.ar
facundo.suarez@ensi.com.ar

----- Original Message -----
From: "Chadha, Devesh" <devesh.chadha@lehman.com>
To: "'Juan Facundo Suárez'" <facundo.suarez@ensi.com.ar>; "linux-newbie
list" <linux-newbie@vger.kernel.org>
Sent: Wednesday, January 21, 2004 12:23 PM
Subject: RE: 2 NIC cards not talking


| Juan,
|
| Eth0 has the external assigned IP by my ISP. Eth1 has a 192.168.x.x ip
| address. Eth1 acts as the DHCP server for my LAN. My LAN is working fine.
I
| can connect machines to the LAN and even connect one machine to another.
|
| But I cannot get eth1 to talk to eth0. I cannot connect the LAN to the
| internet nor connect to any internal machine from outside!!
|
| Do I need to bridge the 2 NICs ???
|
| Regards,
| Devesh
|
|
| -----Original Message-----
| From: Juan Facundo Suárez [mailto:facundo.suarez@ensi.com.ar]
| Sent: Wednesday, January 21, 2004 10:13 AM
| To: linux-newbie list
| Subject: Re: 2 NIC cards not talking
|
|
| Sorry, i don't understand at all. You say that you have two cards, in the
| same machine, are them in the same subnet ? why don't you put one, wich
| connects to "outside" in one, and the other in another subnet?. I have
| working a firewall/router with iptables, and the card is connected to de
| adsl-modem has 192.168.1.10, and the card to brins internet to the lan has
| 192.168.0.1.
|
|  If you cannot ping from a machine in one subnet, to another in other
| subnet, maybe you need to load the kernel-module wich does that job.
|
| --
| Facundo Suárez
| Neuquén - Argentina
| FDSoft
| mail y jabber: faco@fdsoft.com.ar
| facundo.suarez@ensi.com.ar
|
| ----- Original Message -----
| From: "Chadha, Devesh" <devesh.chadha@lehman.com>
| To: <linux-newbie@vger.kernel.org>
| Sent: Wednesday, January 21, 2004 11:25 AM
| Subject: 2 NIC cards not talking
|
|
| | Hi,
| |
| | I have a linux box with 2 NIC cards, both are properly configured.
| | Both
| are
| | on the same subnet, but still don't ping to one another!!
| |
| | I need to setup the box as the firewall/router that has eth0 set as
| external
| | and eth1 as internal serving as DHCP server to other computers on the
| | network. Both have static IPs assigned to them.
| |
| | Regards,
| | Devesh
| | 6-6859
| |
| |
| | ----------------------------------------------------------------------
| | ----
| ----
| | This message is intended only for the personal and confidential use of
| | the designated recipient(s) named above.  If you are not the intended
| recipient of
| | this message you are hereby notified that any review, dissemination,
| | distribution or copying of this message is strictly prohibited.  This
| | communication is for information purposes only and should not be
| | regarded
| as
| | an offer to sell or as a solicitation of an offer to buy any financial
| | product, an official confirmation of any transaction, or as an
| | official statement of Lehman Brothers.  Email transmission cannot be
| | guaranteed to
| be
| | secure or error-free.  Therefore, we do not represent that this
| information is
| | complete or accurate and it should not be relied upon as such.  All
| | information is subject to change without notice.
| |
| | -
| | To unsubscribe from this list: send the line "unsubscribe
| | linux-newbie" in the body of a message to majordomo@vger.kernel.org
| | More majordomo info at  http://vger.kernel.org/majordomo-info.html
| | Please read the FAQ at http://www.linux-learn.org/faqs
|
| -
| To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
| the body of a message to majordomo@vger.kernel.org More majordomo info at
| http://vger.kernel.org/majordomo-info.html
| Please read the FAQ at http://www.linux-learn.org/faqs
|
| --------------------------------------------------------------------------
----
| This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient
of this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information
is complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.
|
| -
| To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
| the body of a message to majordomo@vger.kernel.org
| More majordomo info at  http://vger.kernel.org/majordomo-info.html
| Please read the FAQ at http://www.linux-learn.org/faqs
|

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

The name is Devesh.

I have already answered the question in an earlier email. However, once
again for your convenience,

Ping -I eth0 192.168.1.1 gives Destination host unreachable.
Ping -I eth1 xxx.xxx.xxx.xxx also gives Destination host unreachable.

So pinging from eth0 to ip of eth1 and vice versa give dest host
unreachable.

Pinging from eth1 to external gateway also gives dest host unreachable.

Let me know if u need more info

Regards,
Devesh


-----Original Message-----
From: chuck [mailto:chuck@gelm.net] 
Sent: Thursday, January 22, 2004 4:24 PM
To: Beolach
Cc: linux-newbie@vger.kernel.org
Subject: Re: 2 NIC cards not talking


Hi, Beolach:
Thanks.
I asked, but Chadha never reported his (exact) 'ping' usage, nor the (exact)
error message. :-| Chuck

Beolach wrote:
> 
> ping has a -I option that allows you to specify the source interface.  
> I haven't used this option myself, but I would guess Chadha used some 
> thing like this: 'ping -I eth0 192.168.1.1'.
> 
> Conway S. Smith
> 
> chuck wrote:
> > Dear Chadha:
> >
> > In (4.) & (5.)...
> >
> > I know how to ping from a host with an 'eth0' or 'eth1' device. I do 
> > not know how to ping from 'eth0' or from 'eth1'.
> >
> > Sorry, I cannot help.
> >
> > Chuck
> >
> > "Chadha, Devesh" wrote:
> > <snip>
> >
> >
> >>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and 
> >>pinging xxx.xxx.xxx.xxx from eth1 gave the same.
> >>
> >>5. I can connect to internet using eth0 since I can browse the 
> >>internet. I can also ping the gateway from eth0
> >
> > <snip>
> >

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[chuck]

Hi, Devesh:

 I think 'destination host unreachable' is a routing problem.
I think that then no packets are transmitted.
If true, ping would not run and there is no ping failure.

 I think we are done with your original problem of 'ping' failure.

I am guessing, because you never reported the output of
ifconfig eth0, eth1, lo
only that they were 'configured correctly'.

Is eth0 == external network (internet?)?
Is eth1 == internal network 192.168.1.1?
If yes, why would they ping each other?
I see no reason for your internal NIC to 'talk to' your external NIC.
I see no reason for your external NIC to 'talk to' your internal NIC.

  I think the two NICs should never see each others packets without
passing through the router host.

From your previous 'netstat -nr' report,
 from that host,
  if you 'ping -c 4 192.168.1.x' 
   the host will route the packets to eth1;
  if you ping any other address
   the host will route the packets to eth0.

 OBTW, when I

ping -I eth0 192.168.1.1
ping: bad interface address 'eth0'
 
 is what I get.  I do have an eth0 device.     :-|

HTH, Chuck

"Chadha, Devesh" wrote:
> 
> The name is Devesh.
> 
> I have already answered the question in an earlier email. However, once
> again for your convenience,
> 
> Ping -I eth0 192.168.1.1 gives Destination host unreachable.
> Ping -I eth1 xxx.xxx.xxx.xxx also gives Destination host unreachable.
> 
> So pinging from eth0 to ip of eth1 and vice versa give dest host
> unreachable.
> 
> Pinging from eth1 to external gateway also gives dest host unreachable.
> 
> Let me know if u need more info
> 
> Regards,
> Devesh

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Beolach]

chuck wrote:
> [snip]
> 
>  OBTW, when I
> 
> ping -I eth0 192.168.1.1
> ping: bad interface address 'eth0'
>  
>  is what I get.  I do have an eth0 device.     :-|
> 

The -I option doesn't take an interface name (ie eth0), but rather the 
IP address (ie 192.168.0.1) assigned to the interface.

Conway S. Smith

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[pa3gcu]

On Friday 23 January 2004 05:04, Beolach wrote:
> chuck wrote:
> > [snip]
> >
> >  OBTW, when I
> >
> > ping -I eth0 192.168.1.1
> > ping: bad interface address 'eth0'
> >
> >  is what I get.  I do have an eth0 device.     :-|
>
> The -I option doesn't take an interface name (ie eth0), but rather the
> IP address (ie 192.168.0.1) assigned to the interface.

Get your facts right, it does take an interface name as option.
From the manual page of ping;

-I interface address
Set source address to specified interface address. Argument may be numeric IP 
address or name of  device.  When pinging IPv6 link-local address this option 
is required.

root@localhost:/# ping -I eth0 192.168.10.23
PING 192.168.10.23 (192.168.10.23) from 192.168.10.15 eth0: 56(84) bytes of 
data.
64 bytes from 192.168.10.23: icmp_seq=1 ttl=255 time=0.151 ms
64 bytes from 192.168.10.23: icmp_seq=2 ttl=255 time=0.148 ms
64 bytes from 192.168.10.23: icmp_seq=3 ttl=255 time=0.153 ms

Now if i try that from my router then i get the same as Chuck gets, why it is 
i dont know and to be honest i dont really care as i do not see the point in 
using the -l option in this case period.

Now if you explain your problem AND show us the configuration you use "To the 
letter" then maybe someone here can help you to solve your problem.

The examples i sent you and the most explanatory mail from Ray should have 
given you enough infomation to have solved it anyway.


> Conway S. Smith
>

-- 
If the Linux community is a bunch of theives because they
try to imitate windows programs, then the Windows community
is built on organized crime.

Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Ray Olszewski]

At 07:33 AM 1/23/2004 +0100, pa3gcu wrote:
>On Friday 23 January 2004 05:04, Beolach wrote:
> > chuck wrote:
> > > [snip]
> > >
> > >  OBTW, when I
> > >
> > > ping -I eth0 192.168.1.1
> > > ping: bad interface address 'eth0'
> > >
> > >  is what I get.  I do have an eth0 device.     :-|
> >
> > The -I option doesn't take an interface name (ie eth0), but rather the
> > IP address (ie 192.168.0.1) assigned to the interface.
>
>Get your facts right, it does take an interface name as option.
> >From the manual page of ping;
>
>-I interface address
>Set source address to specified interface address. Argument may be numeric IP
>address or name of  device.  When pinging IPv6 link-local address this option
>is required.

When this sort of disagreement pops up, it is helpful to remember that many 
"standard" Unix/Linux programs actually exist in multiple versions, even 
with up-to-date distros. In this instance, for example, my ping app (on a 
fairly current Debian-Sid system) behaves as Beolach's version does, not as 
Richard's does. For example:

         ray@kuryakin:~$ ping -I eth0 celine
         bad interface address 'eth0'
         ray@kuryakin:~$ ping -I 192.168.1.2  celine
         PING celine.comarre (192.168.1.23): 56 data bytes
         64 bytes from 192.168.1.23: icmp_seq=0 ttl=254 time=798.5 ms
         64 bytes from 192.168.1.23: icmp_seq=1 ttl=254 time=0.7 ms

(And my version of "the" man page for ping doesn't even mention the -I flag.)

>root@localhost:/# ping -I eth0 192.168.10.23
>PING 192.168.10.23 (192.168.10.23) from 192.168.10.15 eth0: 56(84) bytes of
>data.
>64 bytes from 192.168.10.23: icmp_seq=1 ttl=255 time=0.151 ms
>64 bytes from 192.168.10.23: icmp_seq=2 ttl=255 time=0.148 ms
>64 bytes from 192.168.10.23: icmp_seq=3 ttl=255 time=0.153 ms
>
>Now if i try that from my router then i get the same as Chuck gets, why it is
>i dont know and to be honest i dont really care as i do not see the point in
>using the -l option in this case period.

I want to second this final comment. Using tricky tests is always worse 
than using straightforward ones, and this is, at best, a tricky test of 
routing capabilities. I don't know how to interpret successes or failures, 
and I've seen no indication in this discussion that anyone else here does 
either. OTOH, testing whether a router actually routes by trying to connect 
an actual, distinct host through it is a familiar exercise, with known, 
interpretable failure bahaviors.





-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[chuck]

Hi, Beolach:

 I tried the same thing that Devesh quoted.
I was not stating that the command line was
'configured correctly'. ;-)

Chuck

Beolach wrote:
> 
> chuck wrote:
> > [snip]
> >
> >  OBTW, when I
> >
> > ping -I eth0 192.168.1.1
> > ping: bad interface address 'eth0'
> >
> >  is what I get.  I do have an eth0 device.     :-|
> >
> 
> The -I option doesn't take an interface name (ie eth0), but rather the
> IP address (ie 192.168.0.1) assigned to the interface.
> 
> Conway S. Smith

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

Beolach,

You are right. Ping -I eth0 192.168.1.1 is what I use to ping from one
interface to another.

Regards,
Devesh


-----Original Message-----
From: linux-newbie-owner@vger.kernel.org
[mailto:linux-newbie-owner@vger.kernel.org] On Behalf Of Beolach
Sent: Wednesday, January 21, 2004 11:32 PM
Cc: chuck; linux-newbie@vger.kernel.org
Subject: Re: 2 NIC cards not talking


Oops.  I just tried it, and it doesn't take an interface name (eth0), 
but rather, the IP address for the interface.  So instead of

ping -I eth0 192.168.1.1

it would be

ping -I xxx.xxx.xxx.xxx 192.168.1.1

Where xxx.xxx.xxx.xxx is the IP address of eth0.

Beolach wrote:
> ping has a -I option that allows you to specify the source interface.  
> I
> haven't used this option myself, but I would guess Chadha used some 
> thing like this: 'ping -I eth0 192.168.1.1'.
> 
> 
> Conway S. Smith
> 
> chuck wrote:
> 
>>Dear Chadha:
>>
>>In (4.) & (5.)...
>>
>>I know how to ping from a host with an 'eth0' or 'eth1' device. I do 
>>not know how to ping from 'eth0' or from 'eth1'.
>>
>>Sorry, I cannot help.
>>
>>Chuck
>>
>>"Chadha, Devesh" wrote:
>><snip>
>>
>>
>>
>>>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and 
>>>pinging xxx.xxx.xxx.xxx from eth1 gave the same.
>>>
>>>5. I can connect to internet using eth0 since I can browse the 
>>>internet. I can also ping the gateway from eth0
>>
>><snip>
>>
> 
> -
> To unsubscribe from this list: send the line "unsubscribe 
> linux-newbie" in the body of a message to majordomo@vger.kernel.org 
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
> 


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs


------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Ray Olszewski]

 From what you wrote, I'd guess that you have not set up iptables to NAT 
the LAN hosts. I'm afraid that what you posted did not answer this 
definitively, but that was my fault; I asked for incomplete information 
about iptables. NAT'ing is done not in the default (filter) table that 
"iptables -nvL" reports, but in the nat table, specifically its POSTROUTING 
chain.

Run "iptables -t nat -nvL", and look for a rule in POSTROUTING similar to 
this one (in which I reckessly reveal my own static IP address, on the 
theory that 3 wrongs neither make a right nor improve the readibility of 
troubleshooting advice) --

Chain POSTROUTING (policy ACCEPT 149K packets, 9127K bytes)
  pkts bytes target     prot opt 
in     out     source               destination
  147K 8592K 
SNAT       all  --  *      eth0   !63.198.182.124       0.0.0.0/0 
to:63.198.182.124

If it is not there, you create this rule with a command like this one:

iptables -t nat -A POSTROUTING -o eth0 -s \! 63.198.182.124 -j SNAT 
--to-source 63.198.182.124

Since I don't know how you set up iptables on your system -- I don't even 
know how stock Red Hat does it, and I won't even try to troubleshoot a 
description like "I looked up the internet and ran some scripts" -- I can 
tell you only the rule you need, not where in your setup to put the command 
to add it.

If this isn't enough to fix your problem, then when you describe it next 
time, you need at least to tell us  where you are pinging these IP 
addresses *from*. Others have tried to guess what you mean by "Pinging 
192.168.1.1 from eth0" and "pinging xxx.xxx.xxx.xxx from eth1" mean,  but I 
prefer to ask you to be clear than to guess. Identify the host explicitly, 
quote the actual command you entered (if you feel you must obfuscate the 
external IP address, at least quote the rest of the command intact) and the 
exact, complete actual response.

Anyway, if you have a LAN to NAT, then you have a host other than this 
Linux host on it, right? You should be testing the ability of the Linux 
host to route using that host, not by doing tricky things with the 
interfaces on the Linux host itself. So if you are using ping with the -I 
flag, that's not the best test of routing and NAT'ing ability. Instead, see 
if a LAN host can ping --
         the Linux router's internal IP address
         the Linux router's external IP address
         your ISP's gateway IP address (the Limux router's default gateway, 
that is)
         some well-known Internet IP address (one known to respond to 
pings; not all do)

Use the success or failure of these tests to determine whether your Linux 
host is routing/NAT'ing the LAN successfully.

There are several well-known drop-in firewalling packages that will handle 
a NAT'd connection like yours probably is. The one I'm most familiar with 
is Shorewall (shorewall.sourceforge.net, I think). You might find it easier 
to turn to one of them, since any good one will deal with both your NAT'ing 
needs and typical firewalling requirements.

At 09:31 PM 1/21/2004 -0500, Chadha, Devesh wrote:
>Here are all the answers:
>
>Chuck's questions:
>My IP address is a public IP.
>I think I am not NATing correctly and hence this problem.
>ping -c 4 192.168.1.1 gives:
>64 bytes from 192.168.1.1 icmp_seq=1 ttl=64 time=0.237 ms
>64 bytes from 192.168.1.1 icmp_seq=2 ttl=64 time=0.152 ms
>64 bytes from 192.168.1.1 icmp_seq=3 ttl=64 time=0.150 ms
>64 bytes from 192.168.1.1 icmp_seq=4 ttl=64 time=0.152 ms
>
>--- 192.168.1.1 ping statistics ---
>4 packets transmitted, 4 received, 0% loss, time 3000ms
>
>ping -c 4 xxx.xxx.xxx.xxx gives:
>64 bytes from xxx.xxx.xxx.xxx icmp_seq=1 ttl=64 time=0.237 ms
>64 bytes from xxx.xxx.xxx.xxx icmp_seq=2 ttl=64 time=0.146 ms
>64 bytes from xxx.xxx.xxx.xxx icmp_seq=3 ttl=64 time=0.151 ms
>64 bytes from xxx.xxx.xxx.xxx icmp_seq=4 ttl=64 time=0.149 ms
>
>--- xxx.xxx.xxx.xxx ping statistics ---
>4 packets transmitted, 4 received, 0% loss, time 2998ms
>
>Rays questions:
>1. Correction, both are not on same subnet. Sorry for the wrong info. I
>guess I am not NATing right
>2. given that information. see below
>3. ip forwarding is on. I dont know if I have NATing set up correct. I
>looked up the internet and ran some scripts.
>Here is my iptables -nvl output:
>
>Chain INPUT (policy ACCEPT 46 packets, 4390 bytes)
>  pkts bytes target        prot  opt   in         out        source
>destination
>
>Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target        prot  opt   in         out        source
>destination
>     0     0 ACCEPT         all  --    eth1        *         0.0.0.0/0
>0.0.0.0/0
>
>Chain OUTPUT (policy ACCEPT 66 packets, 6036 bytes)
>  pkts bytes target        prot  opt   in         out        source
>destination
>
>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
>xxx.xxx.xxx.xxx from eth1 gave the same.
>
>5. I can connect to internet using eth0 since I can browse the internet. I
>can also ping the gateway from eth0
>
>Hope this helps. I know that xxx.xxx.... is annoying, but I cant help it.
>
>Thanks for taking interest...
[old stuff deleted]
[new garbage deleted]



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

Here are all the answers:

Chuck's questions:
My IP address is a public IP.
I think I am not NATing correctly and hence this problem.
ping -c 4 192.168.1.1 gives:
64 bytes from 192.168.1.1 icmp_seq=1 ttl=64 time=0.237 ms
64 bytes from 192.168.1.1 icmp_seq=2 ttl=64 time=0.152 ms
64 bytes from 192.168.1.1 icmp_seq=3 ttl=64 time=0.150 ms
64 bytes from 192.168.1.1 icmp_seq=4 ttl=64 time=0.152 ms

--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% loss, time 3000ms

ping -c 4 xxx.xxx.xxx.xxx gives:
64 bytes from xxx.xxx.xxx.xxx icmp_seq=1 ttl=64 time=0.237 ms
64 bytes from xxx.xxx.xxx.xxx icmp_seq=2 ttl=64 time=0.146 ms
64 bytes from xxx.xxx.xxx.xxx icmp_seq=3 ttl=64 time=0.151 ms
64 bytes from xxx.xxx.xxx.xxx icmp_seq=4 ttl=64 time=0.149 ms

--- xxx.xxx.xxx.xxx ping statistics ---
4 packets transmitted, 4 received, 0% loss, time 2998ms

Rays questions:
1. Correction, both are not on same subnet. Sorry for the wrong info. I
guess I am not NATing right
2. given that information. see below
3. ip forwarding is on. I dont know if I have NATing set up correct. I
looked up the internet and ran some scripts.
Here is my iptables -nvl output:

Chain INPUT (policy ACCEPT 46 packets, 4390 bytes)
 pkts bytes target        prot  opt   in         out        source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target        prot  opt   in         out        source
destination
    0     0 ACCEPT         all  --    eth1        *         0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 66 packets, 6036 bytes)
 pkts bytes target        prot  opt   in         out        source
destination

4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
xxx.xxx.xxx.xxx from eth1 gave the same.

5. I can connect to internet using eth0 since I can browse the internet. I
can also ping the gateway from eth0

Hope this helps. I know that xxx.xxx.... is annoying, but I cant help it.

Thanks for taking interest...

-----Original Message-----
From: linux-newbie-owner@vger.kernel.org
[mailto:linux-newbie-owner@vger.kernel.org]On Behalf Of Ray Olszewski
Sent: Wednesday, January 21, 2004 8:35 PM
To: linux-newbie@vger.kernel.org
Subject: RE: 2 NIC cards not talking


At 07:32 PM 1/21/2004 -0500, Chadha, Devesh wrote:
>Well my reason for not giving is that it is a public IP and does not have
>any firewalls in place. This exposes my server much more to unauthorized
>"visit"
>
>Anyway...lets get down to getting this done.
>
>I am on RH Linux 8
>uname -a is Linux 2.4.18
>netstat -nr gives
>192.168.1.0                     0.0.0.0         255.255.255.0           U
>eth1
>xxx.xxx.xxx.0           0.0.0.0         255.255.255.0           U
eth0
>127.0.0.1                       0.0.0.0         255.0.0.0
>U       lo
>0.0.0.0                 xxx.xxx.xxx.1   0.0.0.0                 UG
eth0
>
>ifconfig gives me that eth0, eth1 and lo are correctly configured.
>
>ip_forward gives a "1"
>
>What do the gurus say???

Not being a guru -- I'm just a guy who knows something about routing and 
firewalling -- I need the answers to ALL of the questions I asked, not just 
the less than 2 of them that the information above answers.

That includes the two questions I ask below about your public IP address.

It includes examples of the tests you did and how they failed; see my prior 
message for the details.

And just to be clear -- can this host *itself* not connect to other hosts 
on the Internet, or is the problem ONLY with LAN hosts attempting to use it 
as a NAT'ing router?

The kernel capability that firewalls -- iptables in the case of 2.4.x 
kernels - is the same capability that NATs. It certainly seems that you 
need to NAT this connection (or if not, your setup with your ISP is 
suficiently unusual that you won't get meaningful help without describing 
it). So if you do "not have any firewalls in place", how *is* the system 
NAT'ing LAN hosts?

In addition to everything I asked for before, we probably need to see the 
output of

         iptables -nvL


>-----Original Message-----
>From: Ray Olszewski [mailto:ray@comarre.com]
>Sent: Wednesday, January 21, 2004 7:02 PM
>To: linux-newbie@vger.kernel.org
>Subject: RE: 2 NIC cards not talking
>
>
>At 04:52 PM 1/21/2004 -0500, Chadha, Devesh wrote:
> >[...]
> >Ray:
> >I have static IP and therefore I cannot give the actual IP address.
>
>I don't understand why, unless for some reason you think that your IP
>address is a secret. Once you start using the address for any purpose, it
>will be known to everyone you deal with, after all.
>
>Even if you are that secretive, we do need to know a couple of things about
>the address. One, is it a public IP address? Two, is it on a different
>network (probably what you call a "subnet") from the internal, LAN
>interface? If we don't know at least that much information reliably, then
>we won't be able to eliminate, or spot, some possible sources of your
>problem.
[garbage deleted]


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs


------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Beolach]

[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]

It looks to me like you're iptables haven't been setup to NAT.  I have 
attached the output of 'iptables -nvL' on my NATing gateway.  Just for 
the heck of it I obscured my public address too.  I used a slightly 
modified version of the rc.firewall-stronger startup script from the 
IP-Masquerade HOWTO (IP-Masquerade is the same thing as NAT).  Links:

The IP-Masquerade HOWTO:
<http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html>

The exampe startup scripts from the HOWTO.
<http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/>

Good luck,
Conway S. Smith


Chadha, Devesh wrote:
> Here are all the answers:
> 
> Chuck's questions:
> My IP address is a public IP.
> I think I am not NATing correctly and hence this problem.
> ping -c 4 192.168.1.1 gives:
> 64 bytes from 192.168.1.1 icmp_seq=1 ttl=64 time=0.237 ms
> 64 bytes from 192.168.1.1 icmp_seq=2 ttl=64 time=0.152 ms
> 64 bytes from 192.168.1.1 icmp_seq=3 ttl=64 time=0.150 ms
> 64 bytes from 192.168.1.1 icmp_seq=4 ttl=64 time=0.152 ms
> 
> --- 192.168.1.1 ping statistics ---
> 4 packets transmitted, 4 received, 0% loss, time 3000ms
> 
> ping -c 4 xxx.xxx.xxx.xxx gives:
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=1 ttl=64 time=0.237 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=2 ttl=64 time=0.146 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=3 ttl=64 time=0.151 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=4 ttl=64 time=0.149 ms
> 
> --- xxx.xxx.xxx.xxx ping statistics ---
> 4 packets transmitted, 4 received, 0% loss, time 2998ms
> 
> Rays questions:
> 1. Correction, both are not on same subnet. Sorry for the wrong info. I
> guess I am not NATing right
> 2. given that information. see below
> 3. ip forwarding is on. I dont know if I have NATing set up correct. I
> looked up the internet and ran some scripts.
> Here is my iptables -nvl output:
> 
> Chain INPUT (policy ACCEPT 46 packets, 4390 bytes)
>  pkts bytes target        prot  opt   in         out        source
> destination
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target        prot  opt   in         out        source
> destination
>     0     0 ACCEPT         all  --    eth1        *         0.0.0.0/0
> 0.0.0.0/0
> 
> Chain OUTPUT (policy ACCEPT 66 packets, 6036 bytes)
>  pkts bytes target        prot  opt   in         out        source
> destination
> 
> 4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
> xxx.xxx.xxx.xxx from eth1 gave the same.
> 
> 5. I can connect to internet using eth0 since I can browse the internet. I
> can also ping the gateway from eth0
> 
> Hope this helps. I know that xxx.xxx.... is annoying, but I cant help it.
> 
> Thanks for taking interest...
> 

[-- Attachment #2: iptables-nvL --]
[-- Type: text/plain, Size: 3214 bytes --]

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1614  165K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
 339K   51M ACCEPT     all  --  eth0   *       192.168.0.0/24       0.0.0.0/0          
    0     0 drop-and-log-it  all  --  eth1   *       192.168.0.0/24       0.0.0.0/0          
 5577  489K ACCEPT     icmp --  eth1   *       0.0.0.0/0            xxx.xxx.xxx.xxx       
 756K 1092M ACCEPT     all  --  eth1   *       0.0.0.0/0            xxx.xxx.xxx.xxx       state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          tcp spt:123 dpt:123 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          udp spt:123 dpt:123 
 1358 66864 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            xxx.xxx.xxx.xxx       state NEW,RELATED,ESTABLISHED tcp dpt:80 
   62  2232 ACCEPT     udp  --  eth1   *       0.0.0.0/0            xxx.xxx.xxx.xxx       udp spt:6112 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            xxx.xxx.xxx.xxx       udp dpt:6112 
 358K  127M drop-and-log-it  all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
19540 1801K ACCEPT     tcp  --  eth1   eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:6112 state NEW,RELATED,ESTABLISHED 
 2210  109K ACCEPT     tcp  --  eth1   eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:6113 state NEW,RELATED,ESTABLISHED 
3773K 2726M ACCEPT     all  --  eth1   eth0    0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
3785K 2010M ACCEPT     all  --  eth0   eth1    0.0.0.0/0            0.0.0.0/0          
    0     0 drop-and-log-it  all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy DROP 4 packets, 960 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1614  165K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0          
  564  443K ACCEPT     all  --  *      eth0    xxx.xxx.xxx.xxx         192.168.0.0/24     
 423K 1093M ACCEPT     all  --  *      eth0    192.168.0.0/24       192.168.0.0/24     
    0     0 drop-and-log-it  all  --  *      eth1    0.0.0.0/0            192.168.0.0/24     
 645K   39M ACCEPT     all  --  *      eth1    xxx.xxx.xxx.xxx         0.0.0.0/0          
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp spt:123 dpt:123 
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp spt:123 dpt:123 
    0     0 drop-and-log-it  all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain drop-and-log-it (5 references)
 pkts bytes target     prot opt in     out     source               destination         
 358K  127M LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 6 
 358K  127M REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-port-unreachable 

Re: 2 NIC cards not talking

[chuck]

Dear Chadha:

In (4.) & (5.)...

I know how to ping from a host with an 'eth0' or 'eth1' device.
I do not know how to ping from 'eth0' or from 'eth1'.

Sorry, I cannot help.

Chuck

"Chadha, Devesh" wrote:
<snip> 

> 4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
> xxx.xxx.xxx.xxx from eth1 gave the same.
> 
> 5. I can connect to internet using eth0 since I can browse the internet. I
> can also ping the gateway from eth0
<snip>

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Beolach]

ping has a -I option that allows you to specify the source interface.  I 
haven't used this option myself, but I would guess Chadha used some 
thing like this: 'ping -I eth0 192.168.1.1'.


Conway S. Smith

chuck wrote:
> Dear Chadha:
> 
> In (4.) & (5.)...
> 
> I know how to ping from a host with an 'eth0' or 'eth1' device.
> I do not know how to ping from 'eth0' or from 'eth1'.
> 
> Sorry, I cannot help.
> 
> Chuck
> 
> "Chadha, Devesh" wrote:
> <snip> 
> 
> 
>>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
>>xxx.xxx.xxx.xxx from eth1 gave the same.
>>
>>5. I can connect to internet using eth0 since I can browse the internet. I
>>can also ping the gateway from eth0
> 
> <snip>
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Beolach]

Oops.  I just tried it, and it doesn't take an interface name (eth0), 
but rather, the IP address for the interface.  So instead of

ping -I eth0 192.168.1.1

it would be

ping -I xxx.xxx.xxx.xxx 192.168.1.1

Where xxx.xxx.xxx.xxx is the IP address of eth0.

Beolach wrote:
> ping has a -I option that allows you to specify the source interface.  I 
> haven't used this option myself, but I would guess Chadha used some 
> thing like this: 'ping -I eth0 192.168.1.1'.
> 
> 
> Conway S. Smith
> 
> chuck wrote:
> 
>>Dear Chadha:
>>
>>In (4.) & (5.)...
>>
>>I know how to ping from a host with an 'eth0' or 'eth1' device.
>>I do not know how to ping from 'eth0' or from 'eth1'.
>>
>>Sorry, I cannot help.
>>
>>Chuck
>>
>>"Chadha, Devesh" wrote:
>><snip> 
>>
>>
>>
>>>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
>>>xxx.xxx.xxx.xxx from eth1 gave the same.
>>>
>>>5. I can connect to internet using eth0 since I can browse the internet. I
>>>can also ping the gateway from eth0
>>
>><snip>
>>
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
> 


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[chuck]

Hi, Beolach:
Thanks.
I asked, but Chadha never reported his (exact) 'ping' usage,
nor the (exact) error message.
:-|
Chuck

Beolach wrote:
> 
> ping has a -I option that allows you to specify the source interface.  I
> haven't used this option myself, but I would guess Chadha used some
> thing like this: 'ping -I eth0 192.168.1.1'.
> 
> Conway S. Smith
> 
> chuck wrote:
> > Dear Chadha:
> >
> > In (4.) & (5.)...
> >
> > I know how to ping from a host with an 'eth0' or 'eth1' device.
> > I do not know how to ping from 'eth0' or from 'eth1'.
> >
> > Sorry, I cannot help.
> >
> > Chuck
> >
> > "Chadha, Devesh" wrote:
> > <snip>
> >
> >
> >>4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
> >>xxx.xxx.xxx.xxx from eth1 gave the same.
> >>
> >>5. I can connect to internet using eth0 since I can browse the internet. I
> >>can also ping the gateway from eth0
> >
> > <snip>
> >

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Ray Olszewski]

At 07:32 PM 1/21/2004 -0500, Chadha, Devesh wrote:
>Well my reason for not giving is that it is a public IP and does not have
>any firewalls in place. This exposes my server much more to unauthorized
>"visit"
>
>Anyway...lets get down to getting this done.
>
>I am on RH Linux 8
>uname -a is Linux 2.4.18
>netstat -nr gives
>192.168.1.0                     0.0.0.0         255.255.255.0           U
>eth1
>xxx.xxx.xxx.0           0.0.0.0         255.255.255.0           U       eth0
>127.0.0.1                       0.0.0.0         255.0.0.0
>U       lo
>0.0.0.0                 xxx.xxx.xxx.1   0.0.0.0                 UG      eth0
>
>ifconfig gives me that eth0, eth1 and lo are correctly configured.
>
>ip_forward gives a "1"
>
>What do the gurus say???

Not being a guru -- I'm just a guy who knows something about routing and 
firewalling -- I need the answers to ALL of the questions I asked, not just 
the less than 2 of them that the information above answers.

That includes the two questions I ask below about your public IP address.

It includes examples of the tests you did and how they failed; see my prior 
message for the details.

And just to be clear -- can this host *itself* not connect to other hosts 
on the Internet, or is the problem ONLY with LAN hosts attempting to use it 
as a NAT'ing router?

The kernel capability that firewalls -- iptables in the case of 2.4.x 
kernels - is the same capability that NATs. It certainly seems that you 
need to NAT this connection (or if not, your setup with your ISP is 
suficiently unusual that you won't get meaningful help without describing 
it). So if you do "not have any firewalls in place", how *is* the system 
NAT'ing LAN hosts?

In addition to everything I asked for before, we probably need to see the 
output of

         iptables -nvL


>-----Original Message-----
>From: Ray Olszewski [mailto:ray@comarre.com]
>Sent: Wednesday, January 21, 2004 7:02 PM
>To: linux-newbie@vger.kernel.org
>Subject: RE: 2 NIC cards not talking
>
>
>At 04:52 PM 1/21/2004 -0500, Chadha, Devesh wrote:
> >[...]
> >Ray:
> >I have static IP and therefore I cannot give the actual IP address.
>
>I don't understand why, unless for some reason you think that your IP
>address is a secret. Once you start using the address for any purpose, it
>will be known to everyone you deal with, after all.
>
>Even if you are that secretive, we do need to know a couple of things about
>the address. One, is it a public IP address? Two, is it on a different
>network (probably what you call a "subnet") from the internal, LAN
>interface? If we don't know at least that much information reliably, then
>we won't be able to eliminate, or spot, some possible sources of your
>problem.
[garbage deleted]


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

Well my reason for not giving is that it is a public IP and does not have
any firewalls in place. This exposes my server much more to unauthorized
"visit"

Anyway...lets get down to getting this done.

I am on RH Linux 8
uname -a is Linux 2.4.18
netstat -nr gives
192.168.1.0			0.0.0.0		255.255.255.0		U
eth1
xxx.xxx.xxx.0		0.0.0.0		255.255.255.0		U	eth0
127.0.0.1			0.0.0.0		255.0.0.0
U	lo
0.0.0.0			xxx.xxx.xxx.1	0.0.0.0			UG	eth0

ifconfig gives me that eth0, eth1 and lo are correctly configured.

ip_forward gives a "1"

What do the gurus say???


-----Original Message-----
From: Ray Olszewski [mailto:ray@comarre.com]
Sent: Wednesday, January 21, 2004 7:02 PM
To: linux-newbie@vger.kernel.org
Subject: RE: 2 NIC cards not talking


At 04:52 PM 1/21/2004 -0500, Chadha, Devesh wrote:
>[...]
>Ray:
>I have static IP and therefore I cannot give the actual IP address.

I don't understand why, unless for some reason you think that your IP 
address is a secret. Once you start using the address for any purpose, it 
will be known to everyone you deal with, after all.

Even if you are that secretive, we do need to know a couple of things about 
the address. One, is it a public IP address? Two, is it on a different 
network (probably what you call a "subnet") from the internal, LAN 
interface? If we don't know at least that much information reliably, then 
we won't be able to eliminate, or spot, some possible sources of your
problem.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[chuck]

Hi, Chadha:

Originally, you said:

> I have a linux box with 2 NIC cards, both are properly configured.
> Both are on the same subnet, but still don't ping to one another!!

 You do not show how you attempt the 'ping',
nor the error message.

Please show exact ping command attempt.

I was hoping for something like:
----------------------------------------------------------
gelmce@web:~$ ping -c 4 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 octets data
64 octets from 192.168.0.1: icmp_seq=0 ttl=127 time=1.6 ms
64 octets from 192.168.0.1: icmp_seq=1 ttl=127 time=1.4 ms
64 octets from 192.168.0.1: icmp_seq=2 ttl=127 time=1.4 ms
64 octets from 192.168.0.1: icmp_seq=3 ttl=127 time=1.3 ms
 
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.3/1.4/1.6 ms

The above (LAN) IP address is my hardware router, a DLink DI-604.

---------------------------------------------------------
gelmce@web:~$ ping -c 4 68.74.221.208
PING 68.74.221.208 (68.74.221.208): 56 octets data
64 octets from 68.74.221.208: icmp_seq=0 ttl=127 time=1.6 ms
64 octets from 68.74.221.208: icmp_seq=1 ttl=127 time=1.4 ms
64 octets from 68.74.221.208: icmp_seq=2 ttl=127 time=1.4 ms
64 octets from 68.74.221.208: icmp_seq=3 ttl=127 time=1.4 ms
 
--- 68.74.221.208 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.4/1.4/1.6 ms
------------------------------------------------------------
The above is the IP address that my ISP gives my router.

So, again, exactly how does 'ping' fail?

Chuck

"Chadha, Devesh" wrote:
> 
> Well my reason for not giving is that it is a public IP and does not have
> any firewalls in place. This exposes my server much more to unauthorized
> "visit"
> 
> Anyway...lets get down to getting this done.
> 
> I am on RH Linux 8
> uname -a is Linux 2.4.18
> netstat -nr gives
> 192.168.1.0                     0.0.0.0         255.255.255.0           U
> eth1
> xxx.xxx.xxx.0           0.0.0.0         255.255.255.0           U       eth0
> 127.0.0.1                       0.0.0.0         255.0.0.0
> U       lo
> 0.0.0.0                 xxx.xxx.xxx.1   0.0.0.0                 UG      eth0
> 
> ifconfig gives me that eth0, eth1 and lo are correctly configured.
> 
> ip_forward gives a "1"
> 
> What do the gurus say???

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Ray Olszewski]

At 04:52 PM 1/21/2004 -0500, Chadha, Devesh wrote:
>[...]
>Ray:
>I have static IP and therefore I cannot give the actual IP address.

I don't understand why, unless for some reason you think that your IP 
address is a secret. Once you start using the address for any purpose, it 
will be known to everyone you deal with, after all.

Even if you are that secretive, we do need to know a couple of things about 
the address. One, is it a public IP address? Two, is it on a different 
network (probably what you call a "subnet") from the internal, LAN 
interface? If we don't know at least that much information reliably, then 
we won't be able to eliminate, or spot, some possible sources of your problem.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

Chuck,

Noted your and Ray's comments. I will get back with all the information
soon.

Ray:
I have static IP and therefore I cannot give the actual IP address.

All:
I am using the office ID and they append this disclaimer to every email.
Don't have any control on that. Sorry for the inconvenience.

Regards,
Devesh


-----Original Message-----
From: chuck gelm net [mailto:chuck@gelm.net] 
Sent: Wednesday, January 21, 2004 4:45 PM
To: Chadha, Devesh
Cc: 'linux-newbie@vger.kernel.org'
Subject: Re: 2 NIC cards not talking


Hello, Chadha:

 You do not show how you attempt the 'ping',
nor the error message.

Please show exact ping command attempt.
Please show output of 'netstat -r -n'.

 Both cards (should not, cannot) be on the same subnet
for the 'firewall/router' to function.  The 'firewall/router' should show a
route to the local LAN (eth1) for all addresses as 192.168.x.y and a default
route (0.0.0.0) to eth0.

An old 'netstat -n -r' of mine looked like:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
67.39.15.254    0.0.0.0         255.255.255.255 UH        0 0          0
ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0
lo
0.0.0.0         67.39.15.254    0.0.0.0         UG        0 0          0
ppp0

 In the above case, ppp0 was a ppp-over-ethernet association with eth1. You
should mask out your real IP address for security (if static).

HTH, Chuck
p.s. I have never understood the signature threat! ? ! ? 
Perhaps a separate email identity for public messages?



 

"Chadha, Devesh" wrote:
> 
> Hi,
> 
> I have a linux box with 2 NIC cards, both are properly configured. 
> Both are on the same subnet, but still don't ping to one another!!
> 
> I need to setup the box as the firewall/router that has eth0 set as 
> external and eth1 as internal serving as DHCP server to other 
> computers on the network. Both have static IPs assigned to them.
> 
> Regards,
> Devesh
> 6-6859
> 
> ----------------------------------------------------------------------
> --------
> This message is intended only for the personal and confidential use of the
> designated recipient(s) named above.  If you are not the intended
recipient of
> this message you are hereby notified that any review, dissemination,
> distribution or copying of this message is strictly prohibited.  This
> communication is for information purposes only and should not be regarded
as
> an offer to sell or as a solicitation of an offer to buy any financial
> product, an official confirmation of any transaction, or as an official
> statement of Lehman Brothers.  Email transmission cannot be guaranteed to
be
> secure or error-free.  Therefore, we do not represent that this
information is
> complete or accurate and it should not be relied upon as such.  All
> information is subject to change without notice.


------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Ray Olszewski]

At 10:23 AM 1/21/2004 -0500, Chadha, Devesh wrote:
>Juan,
>
>Eth0 has the external assigned IP by my ISP. Eth1 has a 192.168.x.x ip
>address. Eth1 acts as the DHCP server for my LAN. My LAN is working fine. I
>can connect machines to the LAN and even connect one machine to another.
>
>But I cannot get eth1 to talk to eth0. I cannot connect the LAN to the
>internet nor connect to any internal machine from outside!!
>
>Do I need to bridge the 2 NICs ???

This description is better than your first try, but it still leaves out way 
too much information. Terms like "connect" and "talk to" are, in this 
context, too vague, and interfaces don't "talk to" each other by any 
reasonable definition of "talk to". Moreover, some of what you say here 
appears inconsistent with the first report (or perhaps you changed your 
setup between them). So please go step by step and give us the required 
details.

1. What is the physical setup here? In this second message, you talk about 
connecting "the LAN to the internet", but the first message said bith NICs 
were "on the same subnet". Is this 2-NIC Linux host intended to act as a 
router or not (I'm guessing yes)? If yes, does it need to NAT or not (I'm 
guessing it does)?

2. What are the actual IP addresses involved, and what does the routing 
table on the Linux host look like? (IP addresses are not secrets, after 
all.) Show us the output of

         ifconfig -a [the complete entries for eth0 and eth1]
         netstat -nr

3. Assuming the Linux host is supposed to be acting as a router, do you 
have it configured to do so? First, is ip_forwarding turned on (that is, 
does "more /proc/sys/net/ipv4/ip_forward" return a "1")? Second, assuming I 
read this correctly that the LAN uses private IP addresses 
(192.168.c.d/16-24) and the ISP side a public address you have not 
identified, you you have iptables set up to NAT the LAN?

4. What actual tests are you making, and what are their actual results? 
Hosts don't "talk to" each other. They "ping", and "telnet", and "ssh", and 
a bunch of other things ... we need to know what fails (and how -- ping, 
for example, fails in at least 4 distinct ways) to be able to diagnnose a 
problem beyond offering wild guesses (as I have above).

5. Can the Linux router itself ping, or make other connections, to Internet 
hosts? That is, does eth0 work at all, as configured? Be specifc in your 
response about what tests you emplyed to answer this.

6. If you do post again, please include the basics of your setup: What 
Linux distro and version, what kernel ("uname -a"), what NICs, and the 
specifics I asked for above. Note the number of times I had to "guess" or 
"assume" something, and it will tell you how much important detail you've 
left out.

If I'm ***guessing*** correctly about your setup, you need to be NAT'ing a 
private-address LAN. If so, you will, with a bit of work, be able to set it 
up so that the LAN hosts can initiate connections to Internet hosts 
(assuming your ISP is not doing something unusual with your service). But 
setting things up to that Internet hosts can initiate connections to LAN 
hosts will be more involved, and more limited, since they all share a 
single public (routable) IP address ... you'll need to use port forwarding 
(DNAT, in iptables terms) and make only one host available per service.

Finally, and just as a matter of form, I must object to you (or anyone) 
posting messages to this list with the assertion that they are 
"confidential" and that "any review, dissemination,  distribution or 
copying of this message is strictly prohibited". I understand that the 
attachment of this baloney is outside your personal control ... but it is 
baloney nonetheless, and you and your employer need to understand that it 
is made meaningless by the act of you sending the message to a mailing list.

>-----Original Message-----
>From: Juan Facundo Suárez [mailto:facundo.suarez@ensi.com.ar]
>Sent: Wednesday, January 21, 2004 10:13 AM
>To: linux-newbie list
>Subject: Re: 2 NIC cards not talking
>
>
>Sorry, i don't understand at all. You say that you have two cards, in the
>same machine, are them in the same subnet ? why don't you put one, wich
>connects to "outside" in one, and the other in another subnet?. I have
>working a firewall/router with iptables, and the card is connected to de
>adsl-modem has 192.168.1.10, and the card to brins internet to the lan has
>192.168.0.1.
>
>  If you cannot ping from a machine in one subnet, to another in other
>subnet, maybe you need to load the kernel-module wich does that job.
>
>--
>Facundo Suárez
>Neuquén - Argentina
>FDSoft
>mail y jabber: faco@fdsoft.com.ar
>facundo.suarez@ensi.com.ar
>
>----- Original Message -----
>From: "Chadha, Devesh" <devesh.chadha@lehman.com>
>To: <linux-newbie@vger.kernel.org>
>Sent: Wednesday, January 21, 2004 11:25 AM
>Subject: 2 NIC cards not talking
>
>
>| Hi,
>|
>| I have a linux box with 2 NIC cards, both are properly configured.
>| Both
>are
>| on the same subnet, but still don't ping to one another!!
>|
>| I need to setup the box as the firewall/router that has eth0 set as
>external
>| and eth1 as internal serving as DHCP server to other computers on the
>| network. Both have static IPs assigned to them.

[boilerplate baloney deleted]


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: 2 NIC cards not talking

[Chadha, Devesh]

Thanks Richard,

I would try that!!

A little history..
I have tried the home network howto and the script given there, but it did
not work. I tried to understand iptables and write them myself, that didn't
work! I have now loaded firestarter firewall....but still no result.

I shall try your solution after I reach home and get back to you tomorrow.

Regards,
Devesh


-----Original Message-----
From: pa3gcu [mailto:pa3gcu@zeelandnet.nl] 
Sent: Wednesday, January 21, 2004 11:38 AM
To: Chadha, Devesh; linux-newbie list
Subject: Re: 2 NIC cards not talking


On Wednesday 21 January 2004 16:23, Chadha, Devesh wrote:
> Juan,
>
> Eth0 has the external assigned IP by my ISP. Eth1 has a 192.168.x.x ip 
> address. Eth1 acts as the DHCP server for my LAN. My LAN is working 
> fine. I can connect machines to the LAN and even connect one machine 
> to another.
>
> But I cannot get eth1 to talk to eth0. I cannot connect the LAN to the 
> internet nor connect to any internal machine from outside!!

Then you need "masquerading", in otherwords iptables or ipchains. Also make
sure /proc/sys/net/ipv4/ip_forward is set to "1"

Something like the following for iptables;

#!/bin/sh

iptables --flush            # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain     #chains that are not in default filter/nat table
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward  # Enables packet forwarding by
kernel This is a must for both examples.

Or the following with ipchains.
/sbin/ipchains -A forward -s 192.168.11.0/24 -j MASQ
Change to suit your subnet.

> Do I need to bridge the 2 NICs ???

No.

> Regards,
> Devesh
>

-- 
If the Linux community is a bunch of theives because they
try to imitate windows programs, then the Windows community
is built on organized crime.

Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/




------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[Juan Facundo Suárez]

Sorry, i don't understand at all. You say that you have two cards, in the
same machine, are them in the same subnet ? why don't you put one, wich
connects to "outside" in one, and the other in another subnet?. I have
working a firewall/router with iptables, and the card is connected to de
adsl-modem has 192.168.1.10, and the card to brins internet to the lan has
192.168.0.1.

 If you cannot ping from a machine in one subnet, to another in other
subnet, maybe you need to load the kernel-module wich does that job.

--
Facundo Suárez
Neuquén - Argentina
FDSoft
mail y jabber: faco@fdsoft.com.ar
facundo.suarez@ensi.com.ar

----- Original Message -----
From: "Chadha, Devesh" <devesh.chadha@lehman.com>
To: <linux-newbie@vger.kernel.org>
Sent: Wednesday, January 21, 2004 11:25 AM
Subject: 2 NIC cards not talking


| Hi,
|
| I have a linux box with 2 NIC cards, both are properly configured. Both
are
| on the same subnet, but still don't ping to one another!!
|
| I need to setup the box as the firewall/router that has eth0 set as
external
| and eth1 as internal serving as DHCP server to other computers on the
| network. Both have static IPs assigned to them.
|
| Regards,
| Devesh
| 6-6859
|
|
| --------------------------------------------------------------------------
----
| This message is intended only for the personal and confidential use of the
| designated recipient(s) named above.  If you are not the intended
recipient of
| this message you are hereby notified that any review, dissemination,
| distribution or copying of this message is strictly prohibited.  This
| communication is for information purposes only and should not be regarded
as
| an offer to sell or as a solicitation of an offer to buy any financial
| product, an official confirmation of any transaction, or as an official
| statement of Lehman Brothers.  Email transmission cannot be guaranteed to
be
| secure or error-free.  Therefore, we do not represent that this
information is
| complete or accurate and it should not be relied upon as such.  All
| information is subject to change without notice.
|
| -
| To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
| the body of a message to majordomo@vger.kernel.org
| More majordomo info at  http://vger.kernel.org/majordomo-info.html
| Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

2 NIC cards not talking

[Chadha, Devesh]

Hi,

I have a linux box with 2 NIC cards, both are properly configured. Both are
on the same subnet, but still don't ping to one another!!

I need to setup the box as the firewall/router that has eth0 set as external
and eth1 as internal serving as DHCP server to other computers on the
network. Both have static IPs assigned to them.

Regards,
Devesh
6-6859


------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the
designated recipient(s) named above.  If you are not the intended recipient of
this message you are hereby notified that any review, dissemination,
distribution or copying of this message is strictly prohibited.  This
communication is for information purposes only and should not be regarded as
an offer to sell or as a solicitation of an offer to buy any financial
product, an official confirmation of any transaction, or as an official
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
secure or error-free.  Therefore, we do not represent that this information is
complete or accurate and it should not be relied upon as such.  All
information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: 2 NIC cards not talking

[chuck gelm net]

Hello, Chadha:

 You do not show how you attempt the 'ping',
nor the error message.

Please show exact ping command attempt.
Please show output of 'netstat -r -n'.

 Both cards (should not, cannot) be on the same subnet
for the 'firewall/router' to function.  The 'firewall/router'
should show a route to the local LAN (eth1) for all addresses as
192.168.x.y and a default route (0.0.0.0) to eth0.

An old 'netstat -n -r' of mine looked like:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
67.39.15.254    0.0.0.0         255.255.255.255 UH        0 0          0
ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0
lo
0.0.0.0         67.39.15.254    0.0.0.0         UG        0 0          0
ppp0

 In the above case, ppp0 was a ppp-over-ethernet association with eth1.
You should mask out your real IP address for security (if static).

HTH, Chuck
p.s. I have never understood the signature threat! ? ! ? 
Perhaps a separate email identity for public messages?



 

"Chadha, Devesh" wrote:
> 
> Hi,
> 
> I have a linux box with 2 NIC cards, both are properly configured. Both are
> on the same subnet, but still don't ping to one another!!
> 
> I need to setup the box as the firewall/router that has eth0 set as external
> and eth1 as internal serving as DHCP server to other computers on the
> network. Both have static IPs assigned to them.
> 
> Regards,
> Devesh
> 6-6859
> 
> ------------------------------------------------------------------------------
> This message is intended only for the personal and confidential use of the
> designated recipient(s) named above.  If you are not the intended recipient of
> this message you are hereby notified that any review, dissemination,
> distribution or copying of this message is strictly prohibited.  This
> communication is for information purposes only and should not be regarded as
> an offer to sell or as a solicitation of an offer to buy any financial
> product, an official confirmation of any transaction, or as an official
> statement of Lehman Brothers.  Email transmission cannot be guaranteed to be
> secure or error-free.  Therefore, we do not represent that this information is
> complete or accurate and it should not be relied upon as such.  All
> information is subject to change without notice.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs