quote:

---

> Network terminology gets real confusing, when you have more than one
> NIC in your Linux box.
>
> eg:
> The /etc/hosts file is said to contain IP address to hostname
> translation.
> But IP-addresses are linked 1-1 to interfaces (eth0, eth1 etc) if you
> have 2 NICs.
> Only when you have one NIC, there is a 1-1 relation to the host.
>
> So hosts gives each interface card an FQDN...
>
> any comment ?
>
> frgr
> Erik
>
>

---

quote:

---

>€®ik wrote:
>The way you are stating that there is a 1-1 relationship to an interface
>is a little ambiguous. Interface and NIC are not quite the same thing.
> You can have multiple interfaces on a single NIC for example the first
>interface on your first NIC is eth0 and the second is eth0:1 the third
>eth0:2 and so forth. So yes there is a 1-1 relationship between IPs and
>interfaces but not NICs.
>
>The /etc/hosts file gives you name to IP and IP to name resolution if
>the hosts entry in the /etc/nsswitch.conf file has the files parameter.
>
>So if you have the following in your host file:
>192.168.1.10 pcname.yourdomain.com pcname annothername
>
>You can refer to the interface that has the IP address 192.168.1.10 as
>pcname.yourdomain.com or pcname or annothername. So I do not know what
>you are trying to say by stating "hosts gives each interface card an
>FQDN" all it does is allows you to associate any legal name to an IP
>address for your local computer.
>
>I usually only refer to a FQDN when I am talking about name resolution
>via DNS and not with a host file.
>
>Charles LaCour

---

quote:

---

>Network terminology gets real confusing, when you have more than one
>NIC in your Linux box.
>
>eg:
>The /etc/hosts file is said to contain IP address to hostname
>translation.
>But IP-addresses are linked 1-1 to interfaces (eth0, eth1 etc) if you
>have 2 NICs.
>Only when you have one NIC, there is a 1-1 relation to the host.
>
>So hosts gives each interface card an FQDN...
>
>any comment ?
>
>frgr
>Erik
>

---

quote:

---

> On Tue, 25 Nov 2003 13:31:05 -0800, the right honourable Charles
> LaCour <calacour@cox.net> wrote:
>
>
> I didn't know about multiple IP addresses for a NIC...
> ok...
> thing is, a host is not an interface and not a NIC. So why call the
> file "hosts" ? it's about interfaces... not hosts...

---

quote:

---

> things like this make reading up on comp-stuff much harder..
>
> ok, computerists are unequal to linguists too, but language is our
> primary medium of communication, IRL and on-line...

---

quote:

---

> frgr
> Erik

---

quote:

---

> On Tue, 25 Nov 2003 09:23:28 +0100, the right honourable €®ik <>
> wrote:
>
>
> also:
>
> in ifcfg-eth0 one write features of the interface, as the name
> suggests.
> Why write the network's GATEWAY in it too ? the gateway is a feature
> of a subnet, is it not ?

---

quote:

---

> al these naming things make life uneasy... for me at least..
>
>
> Erik

---

quote:

---

> On Tue, 25 Nov 2003 13:31:05 -0800, the right honourable Charles
> LaCour <calacour@cox.net> wrote:
>
>
>
>
> I didn't know about multiple IP addresses for a NIC...
> ok...
> thing is, a host is not an interface and not a NIC. So why call the
> file "hosts" ? it's about interfaces... not hosts...
>
> things like this make reading up on comp-stuff much harder..
>
> ok, computerists are unequal to linguists too, but language is our
> primary medium of communication, IRL and on-line...
>
>
>
> frgr
> Erik

---

quote:

---

> On Tue, 25 Nov 2003 09:23:28 +0100, the right honourable €®ik <>
> wrote:
>
>
>
>
> also:
>
> in ifcfg-eth0 one write features of the interface, as the name
> suggests.
> Why write the network's GATEWAY in it too ? the gateway is a feature
> of a subnet, is it not ?
> al these naming things make life uneasy... for me at least..
>
>
> Erik

---

quote:

---

>
>No, it gives a FQDN hostname (if wanted a shortname too) an IP address.

---

quote:

---

>Well, you will not changer terminology as it is old as computers and nets.

---

quote:

---

>defines what gateway the interface should use not the gateway for the
>network. The GATEWAY entry in the etc/sysconfig/network-scripts/ifcfg-*

---

quote:

---

>files should match with what the actual gateway is on the network that
>the interface is on.
>

---

quote:

---

>The /etc/sysconfig/network-scripts/ifcfg-* files define the information
>that the interface needs to have to be able to communicate. For example
>the combination of the ipaddr and the netmask tells what IPs are on the
>same logical network segment as the interface (if it needs to be sent to
>a router or not). The gateway is defined to tell an interface how to
>get to IP addresses that are not on its subnet. So if you have an IP
>address of 192.168.1.10 and a netmask of 255.255.255.0 and a gateway of
>192.168.1.1 the following are true:
> - For the interface to communicate to 192.168.1.* there is nothing
>special it needs to do.
> - For the interface to communicate to any address that is not in the
>192.168.1.* range of addresses it will communicate through the gateway
>192.168.1.1.

---

quote:

---

>
>
> What is an FQDN hostname ?
> Fully Qualified Domain Name hostename
> does not sound right.

---

quote:

---

> Erik

---

quote:

---

>
>
> So they need not be the same ?
>
>
>
>
>
> So they must be the same ?
> or can there be many gateways on a net ? yes there can be, because a
> net can be connected to many other nets.
>
>
>
>
>
> so: itself ?
>
>
> but in the 2-NIC situation:
> eth0 is 10.0.0.150/8
> eth1 is 192.168.0.1/28
> eth0 is connected to my alcatel-modem (out to the internet) which has
> 10.0.0.138.
> eth1 is connected to a switch with some other machines (192.168.0.x)
> plugged in.
> what would be the gateway for eth0 and eth1 ?
> you suggest that for eth1 it would be 10.0.0.150 if i'm correct....
>
> but my book says, for this 2-NIC situation, neither eth0 or eth1 needs
> a gateway definition. One only needs a gateway definition for a
> default route (which would be along the 10.0.0.150 line, to the
> outside)
> This would be gateway 10.0.0.138.
>
> and for the machines behind the switch ? what would be their gateway ?
> 192.168.0.1 ?
>
> All books describe a 1-NIC situation. 2-NIC setups are difficult to
> find...
>
> thanks anyway for your enlightenment.
>
> I'm very language-sensitive. I always find, that using the right words
> help tremendously to clarify things.
>
> frgr
> Erik
>

---

quote:

---

>The GATEWAY entry in the ifcfg-* file needs to be set to the IP address
>for the gateway for the network the inerface is on.
>
>Yes, there can be many gatways on a network but it depends on the
>network topology but there is usually a single default gateway on a network.
>
>The Linux box you are setting up knows bout the 10.0.0.150/8 and
>192.168.0.1/28 networks and has no need to have a gateway defined co
>comunicate on them. If you need to comunicate with a network that is on
>the other side of a router you need to define the gateway.
>
>If there is a router on your 192.168.0.1/28 network that conects to
>another network then you would need to set the GATEWAY on the eth1
>interface to that router otherwise it is not neded.
>
>The eth0 interface would need to have the GATEWAY entry set to your ISPs
>default router for that network.
>
>The computers on the 192.168.0.1/28 netwoek other than the Linux one
>should have the gateway set to 192.168.0.1.

---

quote:

---

>
>
> thank you for your input.
>
> If i understand correctly:
>
> there is no other router on the 192.168.0.0 network, so my linux box
> needs no gateway definition on the eth1 (192.168.0.1) interface
>
> my eth0 (10.0.0.150) does need a gateway definition of 10.0.0.138
> because it is directly connected to my modem/router (10.0.0.138) (and
> to nothing else) which goes out on the ADSL line to my ISP.
>
> a box that is "bridging" two nets, does itself need no gateway
> definition on any interface.
>
> Only the other computers on both nets need a gateway.
>
> That is why eth0 needs 10.0.0.138 as a gateway definition: 10.0.0.150
> needs to send packets, not destined for any interface on its net,
> out some interface on the 10.0.0.0 net, out into the world.
>
> Right now I have a SUSE linux machine in the same position and it has
> for routing table the following, which works well:
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 eth0
>
> I'm trying to get a RH9 machine up and running and it works different
> from the SUSE network software.
> I still can't figure out how to set up RH9...
>
> So now I'll try out your suggestions.
>
> frgr
> Erik
>
>
>

---

quote:

---

>Here is a quick diagram that should fit your network from what you have
>said.
> ----- -----
> | | N1 | |
> | I |---------| A |
> | | | |
> ----- -----
> |
> |N2
> |
> ----- N3 -----
> | | ----- | |
> | C |--| s |--| B |
> | | ----- | |
> ----- | | -----
> | |
> | |
> ----- | | -----
> | | | | | |
> | D |---+ +---| E |
> | | | |
> ----- -----
>
>
>I - The internet
>A - Your modem/router
>B - Your Linux server
>C,D,E - Other computers on your internal network.
>s - Switch/Hub for your internal network
>N1 - Your ISP's network
>N2 - The network segment between your Linux PC and your modem/router
>(10.0.0.150/8 addresses 10.0.0.0 to 10.255.255.255)
>N3 - Your internal network (192.168.0.1/28 addresses 192.168.0.0 to
>192.168.0.15)
>
>Your Linux server (B) can communicate on N2 and N3 without a gateway, if
>it needs to comunicate with N1 it has to do so through the gateway (A)
>between N1 and N2.
>
>The computers C, D and E can comunicate with anything on the N3 network
>without a gateway but if they need to comunicate with something on N2 or
>N1 then they need to have their gateway defined as the IP address of the
>interface of B that is on the N3 network.
>
>Looking at your routing table if your internal network is acctually
>192.168.0.1/28 then your route for 192.168.0.0 has the wrong net mask.
>A /28 netmask is equivilant to 255.255.255.240 limiting you to 14 usable
>IP adresses on that network. If you truely want a 255.255.255.0 net
>mask that would be equivilant of /24. The route for 10.0.0.0 is has a
>an issue with its net mask as well if you want a /8 subnet mask it
>should be 255.0.0.0. Other than that the routing table looks good!
>
>
>Take a look at the file /usr/share/doc/initscripts-*/sysconfig.txt for
>all of the parameters in the configuration files under the
>/etc/sysconfig directory.
>
>The ifcfg-* files should look something like this:
>
>/etc/sysconfig/network-scripts/ifcfg-eth0
>GATEWAY=10.0.0.138
>ONBOOT=yes
>TYPE=Ethernet
>IPADDR=10.0.0.150
>DEVICE=eth0
>BOOTPROTO=none
>NETMASK=255.0.0.0
>USERCTL=no
>PEERDNS=yes
>
>/etc/sysconfig/network-scripts/ifcfg-eth1
>ONBOOT=yes
>TYPE=Ethernet
>IPADDR=192.168.0.1
>DEVICE=eth1
>BOOTPROTO=none
>NETMASK=255.255.255.240
>USERCTL=no
>PEERDNS=yes

---

quote:

---

>
>
>
> i'm thinking of hanging myself.....
>
> I still can't get the machine working as I want it to.
> Maybe you can help me out. here are some of the configuration files I
> have now:
> /etc/sysconfig/network-scripts/ifcfg-eth0:
> NAME=alcatel
> DEVICE=eth0
> BOOTPROTO=none
> IPADDR=10.0.0.150
> NETMASK=255.0.0.0
> ONBOOT=yes
> GATEWAY=10.0.0.138
> PEERDNS=yes
> USERCTL=no
> TYPE=Ethernet
>
> /etc/sysconfig/network-scripts/ifcfg-eth1:
> NAME=lima
> DEVICE=eth1
> BOOTPROTO=none
> GATEWAY=192.168.0.1
> NETMASK=255.255.255.240
> IPADDR=192.168.0.1
> ONBOOT=yes
> TYPE=Ethernet
> PEERDNS=yes
> USERCTL=no
>
> /etc/sysctl.conf:
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
>
>
> Also I did:
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> The route table (route -n)
>
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.0.0 0.0.0.0 255.255.255.240 U 0 0
> 0 eth1
> 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0
> 0 eth0
>
> I can ping 10.0.0.150 and 192.168.0.1.
> But nothing further: not 10.0.0.138 and no 192.168.0.3, which should
> both be reachable.
> Looks to me, there is a problem with the gateway definitions.
> But how must I change which file to get a GW definition in the route
> table ?
>
> in /etc/sysconfig/network-scripts I have no extra route definitions.
>
> You say, the netmask for the 192.168 net would be a problem. I don't
> understand: if I need only 14 IP addresses on that net (192.168.0.1 to
> 0.14) I could do that ... I think...
> 192.168.0.15 would be the broadcast address and 192.168.0.0 would be
> the net number.
> right ?
>
> frgr
> Erik

---

quote:

---

>
>Can any of the other computers on the 192.168.0.* network ping each
>other? Are there any other Linux PCs on the 192.168.0.*? If so run the
>command "tcpdump host 192.168.0.1 and arp" as root and then try to ping
>it from the PC you are having the network problems. Do you see anything
>from the tcpdump command?
>
>Charles LaCour

---

quote:

---

> here is no need for the GATEWAY line in your ifcfg-eth1 file.
>
>
>
>
>
> from a Windows XP machine (192.168.0.3) , I can ping around to an
> intel netport printserver (192.168.0.10) and one other winXP machine.
> But i cannot ping to 192.168.0.1 (Request timeout).
> Maybe the ping can go out to 0.1, but it cannot return...
> Looks like the problem really is in the setup of the 0.1 RH9-machine.
>
> So I simplified the situation:
> I reinstalled the original firewall machine in between the modem and
> the internal net. It's a SUSE 8.1 machine, called tango, and it does
> its job well.
>
> In the internal net I now have a few WIN machines and two RH9 linux
> machines, called lima and charlie.
> from the Win machines I can ping everything except the RH9 boxex. from
> tango, I can ping the windows machines.
> the RH9 machines don't seem to be there when pinging: I can't ping to
> them and not from them: network unreachable.
> tcpdump on tango does not blink an eye...
> tcpdump on tango does report well when pinging from Windows machines.
>
> on charlie and lima (RH9) , ifconfig reports correctly.
>
> I have the distinct impression, something is wrong with the building
> up of the route table.
> I don't suppose the RH firewall would hold things up, would it ?
>
>
> frgr
> Erik

---

quote:

---

>It looks like there is something odd going on here. Please run the
>following commands on the Linux machines and include the results in a reply.
>
>ipchains -L
>ifconfig -a
>netstat -rn
>arp -a
>
>Please run the following from a command prompt on the Win XP PC.
>
>ipconfig /all
>route print
>arp -a
>

---

quote:

---

>
>
> ipchains -L is "unknown command"
>
> ifconfig -a gives the normal output. addresses are ok:
> (remember:
> - eth1 is unplugged here, eth0 is used
> - I use mask 255.255.255.0 for the 192-net
> )
> ****************************************
****************
>
>
> eth0 Link encap:Ethernet HWaddr 00:04:76:20:DF:DA
> inet addr:192.168.0.8 Bcast:192.168.0.255
> Mask:255.255.255.0
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:232 errors:0 dropped:0 overruns:0 carrier:232
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 b) TX bytes:13920 (13.5 Kb)
> Interrupt:9 Base address:0xf800
>
> eth1 Link encap:Ethernet HWaddr 00:60:97:B8:90:3D
> BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> Interrupt:11 Base address:0xf400
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:227 errors:0 dropped:0 overruns:0 frame:0
> TX packets:227 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:25396 (24.8 Kb) TX bytes:25396 (24.8 Kb)
>
>
>
>
> ****************************************
****************
> netstat -m is unknown option,
> but netstat -M gives "no support for ip_masquerade on this system"
>
> arp -a gives nothing, it just returns to the prompt.
>
> on the Windows system, I get the following info for the three commands
> you suggested:
>
> ****************************************
**********************************
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : echo
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : Yes
>
> Ethernet adapter Local Area Connection 4:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Sitecom PCI Fast 10/100
> Ethernet Adapter LN-020
> Physical Address. . . . . . . . . : 00-50-BF-99-8F-70
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.1
> DNS Servers . . . . . . . . . . . : 195.121.1.34
> 195.121.1.66
> ========================================
===================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x50002 ...00 50 bf 99 8f 70 ...... Sitecom PCI Fast 10/100 Ethernet
> Adapter LN-020 - Packet Scheduler Miniport
> ========================================
===================================
>
> ========================================
===================================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3
> 20
> 66.125.134.118 255.255.255.255 192.168.0.1 192.168.0.3
> 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3
> 20
> 192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3
> 20
> 224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3
> 20
> 255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3
> 1
> Default Gateway: 192.168.0.1
> ========================================
===================================
> Persistent Routes:
> None
>
> Interface: 192.168.0.3 --- 0x50002
> Internet Address Physical Address Type
> 192.168.0.1 00-10-a7-0c-03-a3 dynamic
>
> ****************************************
****************************************

---

quote:

---

>There were 2 parameters on the netstat command the first was r for route
>and the second was n for numeric not a single m.
>
>Try the folowing commands on the Linux PC and let me know what you get:
>arp -s 192.168.0.3 00:50:BF:99:8F:70
>arp -a
>ping 192.168.0.3
>
>What I am having you do is manually entering the MAC and IP address of
>the Win XP PC in your ARP cache and then pining the IP address. This
>should bypass the IP to MAC address resolution that is done using the
>broadcast address. I am trying to narow down where the problem is.
>When you have done the test type the following to remove the static entry:
>arp -d 192.168.0.3
>
>Charles LaCour

---

quote:

---

> OK, it's much better now.
> Seems I switched the MAC addresses om the eth0 and eth1 cards.
> But it's not all wel yet.
>
> If I put the RH9 machine (LIMA) in between mij internal net
> 192.168.0.0/24 and the ADSL modem (10.0.0.138), then , from the LIMA
> machine I can ping anywhere: to www.yahoo.com (DNS works too), to
> 10.0.0.138, 10.0.0.150 and to any machine on the 192.168.0.0/24 net.
>
> But not from the machine ECHO (192.168.0.3).
> From that one, I can only ping around in the 192.168.0.0/24 net as wel
> as to 10.0.0.150, but not to the modem 10.0.0.138 or beyond.
>
>
> also, if I tracert 10.0.0.138 from ECHO (a WinXP machine), it only
> hops to 192.168.0.1.
>
>
> On the RH9 machine LIMA (192.168.0.1) with tcpdump, I listen to eth1
> for ping traffic (ping 10.0.0.138) from ECHO (192.168.0.3) and I can
> see the ICMP pings coming in.
>
> Listening to eth0 (10.0.0.150), which goes to the modem (10.0.0.138),
> I can see the same ping traffic coming back too, but ECHO reports a
> timeout. So pings get stopped on the way back, I suppose.
>
> Maybe routing doesn't know how to get traffic to 192.168.0.1...
>
> looks like something goes wrong with address translation , does it not
> ?

---

quote:

---

>Be sure you have on your RH9 machine set on ip forwarding and masquerading:
>
>1) in /etc/sysctl.conf
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 1
>2) i.e. in /etc/sysconfig/iptables
> [0:0] -A POSTROUTING -o eth0 -j MASQUERADE
>
>Alexander

---

quote:

---

>
>
>
> Thanx for your attention.
>
> yes, sysctl.conf is ok, and /proc/sys/net/ipv4/ip_forward is 1 too.

---

quote:

---

> the /etc/sysconfig/iptables thing is not set as you said.
> First thing I do when I get the machine working is studying IPTABLES.
>
> where in iptables do I put this line ?

---