[nzlug] Networking 101 question

Michal Ludvig michal at logix.cz
Sun Sep 9 23:19:31 NZST 2007 

Patrick Connolly wrote:

> Now, I'm trying to connect via cross-over cable a laptop running Mepis
> 6.5 to a desktop running Fedora Core 6, the latter being connected to
> an ADSL D-link modem DSL-302.  I never managed to get DHCP working on
> that setup, but the modem does work with static address (and a fixed
> IP address).
> 
> 
> On the desktop, ifconfig gives this:
> 
> $ ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:11:2F:9F:56:97
>           inet addr:10.1.1.3  Bcast:10.1.1.255  Mask:255.255.255.0
> 
> eth1      Link encap:Ethernet  HWaddr 00:10:4B:6F:2F:F4
>           inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
> 
> and on the laptop, 
> 
> 
> $ ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:90:F5:4B:B2:B5
>           inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

> That doesn't quite show all the settings.  The laptop's gateway
> address is 192.168.0.1 (cf eth1 above).
> 
> There's probably many better ways of doing it, and I'd certainly like
> to improve on this one. 

Having two distinct address spaces in your setup is overkill. I would
bind both NICs on desktop to a bridge which means that instead of acting
as a router your desktop will act as a switch, thus making both eth0 and
eth1 segments appear as a single network:

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1

Then use br0 as your main network device, i.e. run dhcp client daemon on
br0 and not on eth0 or eth1.

>From now on the laptop will practically be on the same network as the
ADSL router is and will get some 10.1.1.x address from it.

Note that you won't need any routing and NATing on the desktop anymore.

> However, I can't
> ping 192.168.0.2 from 192.168.0.1 and I'd like to rectify that.  If I
> use DHCP on the laptop's network, it allocates 192.168.0.31 but trying
> to ssh to that one from 192.168.0.1 also results in no response.  

I suspect a firewall dropping PINGs on the desktop (some over-paranoid
RFC-noncompliant firewalls do). Can you enable logging of dropped
packets in your firewalling software? The run ping and check 'dmesg'
output to see what's being blocked. I don't use firestarter so I can't
help you with its setup (I prefer to use vim to configure my firewalls,
only then I really know what's there). Most firewalls have a concept of
"trusted" vs "untrusted" networks though. Try setting eth1 as a trusted
interface, that should disable all firewalling on it. Alternatively, to
test this hypothesis, run as root:

iptables -I INPUT -i eth1 -j ACCEPT

That says: Make the very first rule that all packets that come to the
box over interface eth1 are accepted.

If things still don't work run tcpdump on each interface of each machine
and see how the packets travel across the LAN and where they disappear.

HTH,

Michal

More information about the NZLUG mailing list