[plug] Still not able to route to adsl

bob bob at fots.org.au
Sat May 1 17:55:16 WST 2004


Thanks for the reply.

On Saturday 01 May 2004 16:59, Matt Kemner wrote:
> On Sat, 1 May 2004, quoth bob:
> > ADSL (NB1300+4)
> >
> >         eth1 (192.168.1.x dhcp'd from ADSL)
> > Gateway/firewall  (debian)
> >         eth0 (192.168.0.x)
> >
> > hosts on LAN
> >
> > I can not ping  ADSL from "hosts on LAN". I can ping  ADSL from
> > Gateway/firewall.
>
> Does the ADSL router have a route to 192.168.0.0/24 via the debian
> gateway?

Yes. 192.168.0.0/24  gw "Ip Ethernet 0" which is the LAN side of the device.

> Alternatively, does the debian gateway masquerade (NAT) packets from
> 192.168.0.0/24 so the ADSL gateway sees them as 192.168.1.x packets?

That one is interesting as I have had conflicting replies to that Q when I 
put it to the gateway. Is there a definitive way of finding out ?

> You'll need to do one of those two, or else you won't see reply packets
> from the internet because the ADSL router doesn't know where to find you.
>
> You'll also need to ensure IP forwarding is on
> (echo 1 > /proc/sys/net/ipv4/ip_forward)

Yes, done (and done and done :()

> > Yes, there is an iptables firewall... I tried an iptables -clear to see
> > if that got rid of the problem... nope - don't worry, I remembered to
> > restore it :).
>
> If there is a firewall, make sure it allows packets to flow between eth0
> and eth1, and SNATs them if required. (see above)

Currently the FW should be seeing eth0 and eth1 as both being in the "green" 
zone so there should be nothing stopping packets flowing.

Not sure about SNAT... is there an easy way to check this?

> > I have tried every setting on the ADSL that looks halfway sensible
> > without success. I have set routes to 192.168.0/24 on the device, I
> > have tried both static and dhcp IP#s on the Gateway/firewall eth1 (dhcp
> > was suggested as a possible solution).
>
> What I would do:
>
> Set eth1 to a static IP (eg 192.168.1.2) and make sure there is a route
> on the ADSL router for 192.168.0.0/24 via that IP (192.168.1.2)
>
> Then you should be able to ping the ADSL router from the 192.168.0.0/24
> network. If you can't do that, check your firewall (clear it if need be,
> and make sure the policy on the builtin rules are ACCEPT)  and
> ensure ip_forwarding is on.

Ok, I'll try that and report back.

> > I have set default routes on the Gateway/firewall to the ADSL
> > 192.168.1/24 addr, to the assigned ISP for the ADSL and to the ISP's
> > gateway addr. None made any difference.
>
> The default route on the Debian gateway must be the ADSL router IP
> (192.168.1.1 or whatever)

I suspected as much but tried them all n the vain hope...

> and the default routes on your 192.168.0.x machines must be eth0's IP
> address.

Yes, already that way.

> > (what's the point of buying a router in that case?)
>
> My ever-so-humble opinion is.. why buy a router at all when you have a
> perfectly good Linux box, which can do anything even a high-end router
> can (albeit in software, not in hardware which the really expensive
> ciscos can do)

Ermm... because I got caught by the BS ? :) (I am really starting to regret 
buying this)

> > [1] note to self: Two default routes + restarting networking = kernel
> > panic
>
> As Cameron said, that should not happen.

May not be as simple as [1], it had layers upon layers of changes made to 
the routing. More a straw that broke the camels back perhaps. I did notice 
that responses to route and route -n were becoming slow.

> Regards,

Thank you for the thoughts.

>  - Matt

-- 
Fay: The British police force used to be run by men of integrity.
Truscott: That is a mistake which has been rectified.
		-- Joe Orton, "Loot"




More information about the plug mailing list