Activating routing - Networking

This is a discussion on Activating routing - Networking ; Hello. I have two machines, slick and swift. They communicate over a WIFI link (both are set in Ad-Hoc mode), using addresses 192.168.1.3 for swift and 192.168.1.4 for slick. I can ssh from one to the other without trouble. swift ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Activating routing

  1. Activating routing

    Hello.

    I have two machines, slick and swift. They communicate over a WIFI link
    (both are set in Ad-Hoc mode), using addresses 192.168.1.3 for swift and
    192.168.1.4 for slick. I can ssh from one to the other without trouble.

    swift is connected to the internet through an ethernet cable to a DSL modem.

    I'd like it to act as a router for slick.

    I have installed and started dnsmaq on swift, which acts as a DNS server for
    slick (this works).

    However, I can't ping google.com from slick. It is served an IP, but can't
    reach its destination:

    fab@slick:~$ ping google.com
    PING google.com (64.233.187.99) 56(84) bytes of data.
    From swift.airforce-one.org (192.168.1.3): icmp_seq=1 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3): icmp_seq=2 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3): icmp_seq=3 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3) icmp_seq=1 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3) icmp_seq=2 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3) icmp_seq=3 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3): icmp_seq=4 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3): icmp_seq=5 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3): icmp_seq=6 Redirect Host(New nexthop: 192.168.1.254)
    From swift.airforce-one.org (192.168.1.3) icmp_seq=5 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3) icmp_seq=6 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3) icmp_seq=7 Destination Host Unreachable
    From swift.airforce-one.org (192.168.1.3): icmp_seq=8 Redirect Host(New nexthop: 192.168.1.254)

    --- google.com ping statistics ---
    9 packets transmitted, 0 received, +6 errors, 100% packet loss, time 8010ms
    , pipe 3

    Here is slick's routing table:

    root@slick:~# route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
    loopback * 255.0.0.0 U 0 0 0 lo
    default 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
    default swift.airforce- 0.0.0.0 UG 0 0 0 wlan0

    and here is swift's routing table:

    root@swift:~# route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    82.230.24.0 * 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 * 255.255.255.0 U 0 0 0 ath0
    default 192.168.1.254 0.0.0.0 UG 0 0 0 ath0
    default 82.230.24.254 0.0.0.0 UG 0 0 0 eth0

    Any help? Thanks!

    --
    Fabrice DELENTE

  2. Re: Activating routing

    On 07 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in article
    <48c3d037$0$13984$426a34cc@news.free.fr>, Fabrice Delente wrote:

    >I have two machines, slick and swift. They communicate over a WIFI
    >link (both are set in Ad-Hoc mode), using addresses 192.168.1.3 for
    >swift and 192.168.1.4 for slick. I can ssh from one to the other
    >without trouble.
    >
    >swift is connected to the internet through an ethernet cable to a DSL
    >modem.
    >
    >I'd like it to act as a router for slick.


    >PING google.com (64.233.187.99) 56(84) bytes of data.
    >From swift.airforce-one.org (192.168.1.3): icmp_seq=1 Redirect Host(New
    >nexthop: 192.168.1.254)


    Yup - routing table is wrong.

    >Here is slick's routing table:


    >root@slick:~# route
    >Kernel IP routing table
    >Destination Gateway Genmask Flags Metric Ref Use Iface
    >192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
    >loopback * 255.0.0.0 U 0 0 0 lo
    >default 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
    >default swift.airforce- 0.0.0.0 UG 0 0 0 wlan0


    The 'default' route in a routing table means "if NOTHING else works,
    use this". So google isn't on 192.168.1.0/24 and not on 127.0.0.0/8,
    so use the default.... WHICH default? You have two, and there can
    only be one.

    >root@swift:~# route
    >Kernel IP routing table
    >Destination Gateway Genmask Flags Metric Ref Use Iface
    >82.230.24.0 * 255.255.255.0 U 0 0 0 eth0
    >192.168.1.0 * 255.255.255.0 U 0 0 0 ath0
    >default 192.168.1.254 0.0.0.0 UG 0 0 0 ath0
    >default 82.230.24.254 0.0.0.0 UG 0 0 0 eth0


    Same problem - two "if nothing else works, use this" - so which one to
    use?

    The rule is that the gateway has to be DIRECTLY attached. So given the
    apparent setup of

    slick <----> swift <----> DSL_Modem <----> ISP <----> world

    slick should have swift as default, AND NOTHING ELSE.
    swift should have the DSL Modem as default AND NOTHING ELSE
    DSL_Modem should have ISP as default AND NOTHING ELSE
    The ISP setup is not your problem (and may be a lot more complicated).

    So - who is 192.168.1.254, and how did that enter the picture?

    Old guy

  3. Re: Activating routing

    Moe Trin wrote:
    > So - who is 192.168.1.254, and how did that enter the picture?


    I entered it myself, out of despair and because I had read about it on a
    page somewhere.

    I'll try the modifications you suggest, thanks!

    --
    Fabrice DELENTE

  4. Re: Activating routing

    Fabrice Delente wrote:
    > Moe Trin wrote:
    >> So - who is 192.168.1.254, and how did that enter the picture?


    > I entered it myself, out of despair and because I had read about it on a
    > page somewhere.


    > I'll try the modifications you suggest, thanks!


    In addition to Moe's excellent advice be sure ip forwarding is enabled
    on swift:

    corncob:~# cat /proc/sys/net/ipv4/ip_forward
    1
    corncob:~#

    That can be done at runtime in a script or with sysctl.

    --
    Clifford Kite
    /* The generation of random numbers is too important to be left
    to chance. */

  5. Re: Activating routing

    Clifford Kite wrote:
    > In addition to Moe's excellent advice be sure ip forwarding is enabled
    > on swift:
    >
    > corncob:~# cat /proc/sys/net/ipv4/ip_forward
    > 1


    Yes, I did that too, but still can't access the internet from slick... Is
    there anything else to configure (I have enable "Advanced route" in the
    kernel options)?

    Thanks.

    --
    Fabrice DELENTE

  6. Re: Activating routing

    Fabrice Delente wrote:
    > Clifford Kite wrote:
    >> In addition to Moe's excellent advice be sure ip forwarding is enabled
    >> on swift:
    >>
    >> corncob:~# cat /proc/sys/net/ipv4/ip_forward
    >> 1

    >
    > Yes, I did that too, but still can't access the internet from slick... Is
    > there anything else to configure (I have enable "Advanced route" in the
    > kernel options)?
    >
    > Thanks.
    >


    Use NAT (a.k.a. masquerading) on swift when forwarding packets to/from
    slick. As slick uses the private IP number 192.168.1.4 you can't
    simply forward slicks packets unmodified to the public internet.


    Regards,

    Kees.

    --
    Kees Theunissen.

  7. Re: Activating routing

    Kees Theunissen wrote:
    > Use NAT (a.k.a. masquerading) on swift when forwarding packets to/from
    > slick. As slick uses the private IP number 192.168.1.4 you can't
    > simply forward slicks packets unmodified to the public internet.


    I've looked into the kernel options but didn't find any optin to activate.
    Could you tell me how to do masquerading? Thanks!

    --
    Fabrice DELENTE

  8. Re: Activating routing

    Fabrice Delente wrote:
    > Clifford Kite wrote:
    >> In addition to Moe's excellent advice be sure ip forwarding is enabled
    >> on swift:
    >>
    >> corncob:~# cat /proc/sys/net/ipv4/ip_forward
    >> 1


    > Yes, I did that too, but still can't access the internet from slick... Is
    > there anything else to configure (I have enable "Advanced route" in the
    > kernel options)?


    As pointed out you need IP masquerading or SNAT. I was too focused on
    adding to Moe's suggestions, missed the obvious - that the ethernet has
    a routable IP address, and wound up thinking your modem did NAT.

    SNAT could be done with just

    iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 82.230.24.X

    where 82.230.24.X is your eth0 address.

    The kernel configuration varies, but for 2.6.24.4 here is what you seem
    to need, based on my configuration:

    Networking --->[*] Networking support
    Networking options --->[*] Network packet filtering framework (Netfilter) --->
    Core Netfilter Configuration --->
    Netfilter connection tracking support
    {M} Netfilter Xtables support (required for ip_tables)
    IP: Netfilter Configuration --->
    IPv4 connection tracking support (required for NAT)[*] proc/sysctl compatibility with old connection tracking
    IP Userspace queueing via NETLINK (OBSOLETE)
    IP tables support (required for filtering/masq/NAT)

    The alternative to NETLINK (OBSOLETE) may be

    < > Netfilter netlink interface

    under "Core Netfilter Configuration" but I've not tried it.

    Also bear in mind my configuration is for both NAT and a firewall with a
    dash of traffic control which was first implemented years ago, and has
    been carried forward through several major kernel versions, so I could
    have missed something in all the clutter.

    Here are two links, one to a massive iptables tutorial and the other to
    a firewall script in case you might be interested:

    http://iptables-tutorial.frozentux.n...-tutorial.html
    http://iptables-tutorial.frozentux.n...c.firewall.txt

    --
    Clifford Kite
    /* Those who can't write, write manuals. */

  9. Re: Activating routing

    On 07 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in article
    <48c405bc$0$19340$426a74cc@news.free.fr>, Fabrice Delente wrote:

    >Moe Trin wrote:


    >> So - who is 192.168.1.254, and how did that enter the picture?

    >
    >I entered it myself, out of despair and because I had read about it
    >on a page somewhere.


    OK - delete that, and let's try again. The routing table on "slick"
    should look like this using "/sbin/route -n":

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default 192.168.1.3 0.0.0.0 UG 0 0 0 wlan0

    and the routing table on "swift" should look like this:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    82.230.24.0 * 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 * 255.255.255.0 U 0 0 0 ath0
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default 82.230.24.254 0.0.0.0 UG 0 0 0 eth0

    with the assumption that 82.230.24.254 is the next hop to the world.
    Clifford mentions '/proc/sys/net/ipv4/ip_forward' must be set to '1'
    and you've said that is set. So the next check would be can you
    connect to the world while on "swift"? If that works, try it again
    from "slick" and look at the error messages. You may want to use a
    packet sniffer on "swift" and compare the packets on the wireless
    verses Ethernet side. Are they getting through? As Kees mentions,
    are they masqueraded (192.168.1.0 doesn't exist on the Internet, and
    the packets have to be translated to _appear_ to originate from the
    Ethernet side of "swift". Are there any replies to your traffic?
    Does it make it back through the translation?

    -rw-rw-r-- 1 gferg ldp 708351 Nov 14 2005 IP-Masquerade-HOWTO

    -rw-rw-r-- 1 gferg ldp 17605 Jul 21 2004 Masquerading-Simple-HOWTO

    There are two HOWTOs that should be on your system (or use any search
    engine to find them on the web).

    What distribution/version is this? Try

    cat /etc/*release /etc/*version

    Most important - what are the error messages?

    Old guy

+ Reply to Thread