View Single Post
  #8  
Old 3rd February 2009, 21:20
jeff_k jeff_k is offline
Junior Member
 
Join Date: Jan 2009
Location: San Diego, CA USA
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

tech.gsr, there are a few things to sort out...

Right now, it appears that you have Linux1 running DHCP for clients on the eth0 interface. This means any boxes that are connected to a switch connected to eth0 that are set up to allow their IP address to be assigned by a DHCP server will get assigned an IP address. Right now, according to ifconfig, you do not have DHCP running on the eth1 interface. This is why Linux2 is not able to get an IP address. dhcpd in linux runs on the interface or interfaces that you define in the config file, and right now it is only set up to run on eth0 of Linux1. You should be able to have it run on eth1 as well as eth0, or you could set it up to only run on eth1, if it is not serving up IP addresses to clients on eth0.

I believe that you have Linux2 configured to get its IP address from a DHCP server. However, eth0 of Linux2 is connected to eth1 of Linux1, and this interface needs to be providing DHCP if you want Linux2 to get an IP address in this manner. The thing to consider is that networking is set up to work on only one interface at a time, until you set up routes to bridge the interfaces. If you are planning on having more than one machine connected to eth1 of Linux1, then set up dhcpd to serve eth1 for the 192.168.2.x subnet. When this is set up, when you run ifconfig on Linux1, you will see that the broadcast address will be 192.168.2.255, with a subnet mask of 255.255.255.0 (this means it can talk to any IP address in the 192.168.2.x subnet). Once your DHCP server is set up for that subnet, then Linux2 (or any other box connected to eth1) will be able to get an IP address assigned.

In the firestarter menus, I believe you should be able to check whether you want it to enable the DHCP server for a given address (I am not where I can confirm this at the moment). Also, in the menus, you have the ability to identify which interfaces you want it to manage, and you want to make sure that you do not enable "pan0" as one to manage, or else firestarter may not start (since it cannot configure the firewall rules for this interface properly).

I think that your configuration is a bit unusual; you could set up a small network to use a Linux box as the router and NAT (network address translation). You appear to be trying to do this twice (perhaps, I am not sure your exact goal). Here is my setup:
internet (cable modem)<-->eth1--Linux1--eth2<-->switch<-->multiple PCs

Linux1 is set up to provide NAT and DHCP services (among other things). I get a single IP address to the outside world from my ISP: to the internet, I appear as 1.2.3.4 (for example). My internal network is 192.168.0.x. Each PC has an IP address, assigned by Linux1 via eth2. Linux1 has an IP address on that subnet of 192.168.0.101.
If I try to ping a machine outside my network, for example if 192.168.0.102 tries to ping www.google.com, my NAT routes the ping request from eth2 to eth1 and outward, but it appears as if it is coming from 1.2.3.4. It does this because the firewall is performing a NAT of 192.168.0.102 to 1.2.3.4, and when (if) the ping comes back from google, then it will go to the eth1 interface toward 1.2.3.4, and the firewall will know to translate and route that back to 192.168.0.102.

In order for your ping to work, you will need to add routes for your various subnets, to make sure that you can actually traverse the path you are intending to traverse. You do this with the 'route add' command, but before going there, I go back to my previous question:
Is your plan to use Linux1 as your firewall/router and move your Win XP boxes to the subnet connected to eth1? That would become much simpler than what you have set up, because right now you have a router which is performing NAT, and you could get rid of that entirely and not have that extra layer in your network path to the internet.
Reply With Quote