TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:8792] Multiple Ethernet Woes



> I've got a 3c509, and a 3c590(Vortex Card).  The machine boots, and the kernel
> recognizes the cards and sets them up as eth0 and eth1.  Then it assigns IP
> addys to them.
> 
> Well, the long and short is that eth1 does not see machines on the subnet its
> assigned to, let alone any others...
>
> Its been suggested that my route tables were setup incorrectly, but I posted
> them a while back and nobody seemed to think they were the problem....
> 
> So, we have a firewall machine with only one working card....appearantly...and I
> have to get this firewall installed by friday...
> 
> Somebody please help me *begging*

(/me digs through the list archives..)

| Ok, here's the route table....
|
| Kernel IP routing table
| Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
| 205.218.57.25   0.0.0.0         255.255.255.255 UH    0      0      0   eth0
| 192.168.6.49    0.0.0.0         255.255.255.255 UH    0      0      0   eth1
| 192.168.6.0     0.0.0.0         255.255.255.0   U     0      0      0   eth1
| 205.218.57.0    0.0.0.0         255.255.255.0   U     0      0      0   eth0
| 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0      0   lo
| 0.0.0.0         205.218.57.17   0.0.0.0         UG    0      0      0   eth0

Okay..  Lemme straighten this out.  It looks like 205.218.57.25 is the
external address, which apparently works fine.  It is net-connected, and it's
router is 205.218.57.25

You have an internal (masqueraded?) network behind this box with the subnet
192.168.6.0.  The IP of your box on that network is 192.168.6.49 (kind of an
odd number to pick, IMHO).

You say you can't ping from this box to anything on the 192.168.6.49 network? 
Hmm..  I would guess that card is broken, misconfigured, or that the cabling
on your network may be less-than-optimal..

If you _can_ ping those hosts, I would make sure you have masquerading set up
properly.

On a RedHat system, edit /etc/sysconfig/network and change

FORWARD_IPV4=false

to 

FORWARD_IPV4=true

Then, add the necessary ipchains rules to your /etc/rc.d/rc.local or similar
file (wherever you want to put it, basically)  Something like

ipchains -P forward DENY
ipchains -A forward -s 192.168.6.0/24 -j MASQ

Though it's been a while since I've done that..
-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Veni Vidi Visa: I came, 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   I saw, I did a little  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  shopping. 
[ Mike Hicks | http://umn.edu/~hick0088 | mailto:hick0088@tc.umn.edu ]