Firewall & Routing - help!

Tom Diehl tdiehl at rogueind.com
Fri Jun 11 04:07:44 UTC 2004 

On Thu, 10 Jun 2004, Kevin F. Berrien wrote:

> Jeff Vian & others wrote:
> 
>  > IIRC, the /etc/sysconfig/network file is used at boot, but not used 
> when doing a network restart, so that may be why the
>  > change in 'boot' vs 'network restart' routing.
> 
> Well, my network file has nothing regarding the gateway, except for 
> GATEWAYDEV=eth0, as recommended here.  I removed that line, rebooted, 
> and still could get to the internet.  The only constant factor in 
> getting to the internet is the default route I see when I boot or route 
> add -net default gw 192.168.50.1 dev eth0  (not network restart).

If you configure it correctly you do not have to add it by hand. To test
it do ifdown eth0 ; ifup eth0 Assuming eth0 is the connection to the internet.

>  > NOZEROCONF=yes in /etc/syconfig/network will remove the route for
>  > 169.254.0.0.
> 
> Tried it, didn't work.  Now that its been explained what the 169.254.0.0 
> route is, I'm not really concerned.

Since you do not show the output of ip ro, ip addr, ifconfig or route it is
kind of hard to say what is going on. Let me assure NOZEROCONF=yes does work.
You have to restart the interface that the 169.* route is on.

> All in all, its not a show stopper, but a). I'd like to be able to 

No it is not, it is just UGLY.

> restart the network and have things working correctly, b). its just not 
> right, and I can't leave it alone! <grin>.  Plus I'm learning from all 
> this... thanks again to everyone for help and suggestions.  Here are my 
> various scripts, etc...
> 
> /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=choke
> GATEWAYDEV=eth0
> NOZEROCONFIG=yes

You spelled it wrong. it is NOZEROCONF= and if you put it in
/etc/sysconfig/network you only need it in 1 place for all of the interfaces.
IOW take it out of ifcfg-eth* and put it in network.

> # 3Com Corporation|3c905B 100BaseTX [Cyclone]
> DEVICE=eth0
> BOOTPROTO=none
            ^^^^
            ^^^^
Not sure about this. For sure static will work.

> BROADCAST=192.168.50.255
> HWADDR=:XX:XX:XX:XX
          ^^^^^^^^^^
          ^^^^^^^^^^

What is this? Either put in the correct value or rm it entirely?

> IPADDR=192.168.50.48
> NETMASK=255.255.255.0
> NETWORK=192.168.50.0
> ONBOOT=yes
> TYPE=Ethernet
> USERCTL=no
> PEERDNS=no
> GATEWAY=192.168.50.1

You set the gateway here and then... See below.

> 
> /etc/sysconfig/network-scripts/ifcfg-eth1
> # DEC|DECchip 21041 [Tulip Pass 3]
> DEVICE=eth1
> BOOTPROTO=none
> BROADCAST=192.168.5.255
> HWADDR=XX:XX:XX:XX
          ^^^^^^^^^^
          ^^^^^^^^^^
Same question as above.

> IPADDR=192.168.5.200
> NETMASK=255.255.255.0
> NETWORK=192.168.5.0
> ONBOOT=yes
> TYPE=Ethernet
> USERCTL=no
> PEERDNS=no
> GATEWAY=

It looks like you are setting your default route to ""

> 
> /etc/sysconfig/network-scripts/routes-eth1 (i didn't create this)
> GATEWAY0=192.168.50.48
> NETMASK0=255.255.255.0
> ADDRESS0=192.168.50.0

AFAIK these are wrong. There are supposed to be routes in there.
If you are not adding static routes (and until you get the basics working
you should not be) the file is not needed.

If you want to fix this show the output of "ip add" and ip ro. Then we can
see what is going on. Fixing this kind of stuff is simple but you have
to troubleshoot it logically or it will never work.

Also suggest you whack the GATEWAY= statments out of ifcfg-eth* and put
1 GATEWAY=ip-addr-of-your-gateway statment in /etc/sysconfig/network.
Barring that use system-config-network to set it up. It will "just work"
assuming you feed it the correct information. :-) If it for some reason still
does not work show the output of "ip ro" and "ip add" Also what show the
output of iptables -L. If there are rules in there turn off iptables until
you get basic networking working.

Make your /etc/sysconfig/network look something like this:
NETWORKING=yes
HOSTNAME=sylvester.rogueind.com
GATEWAY=192.168.0.1
NOZEROCONF=yes

The above works.

(sylvester pts2) # ip ro
192.168.1.0/24 dev eth2  scope link
192.168.0.0/24 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.0.1 dev eth1
(sylvester pts2) # ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:00:c0:d0:49:80 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:5a:7a:57:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.8/24 brd 192.168.0.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:03:6d:18:c0:b2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth2
(sylvester pts2)

Notice, no zeroconf address? :-)

HTH,

Tom

More information about the fedora-list mailing list