How to make NethServer work in Gateway/Server mode
1,185 views
Skip to first unread message
Jeff Folk
Oct 12, 2014, 4:10:44 PM10/12/14
to neths...@googlegroups.com
Pardon the newb question. I have a fresh interactive install with 2 NICs, and can't for the life of me get the green zone to talk to the internet through the red zone.
I have Eth0 set as LAN, and Eth1 set as internet, both show a link. I can ping the Red interface from the LAN interface, but can't ping the gateway address set in the internet interface (eth1). What's more, ifconfig doesn't show that eth1 has the IP address set in the GUI:
eth0 Link encap:Ethernet HWaddr 00:14:D1:2D:D1:1A
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::214:d1ff:fe2d:d11a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3261 errors:0 dropped:0 overruns:0 frame:0
TX packets:1646 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:395445 (386.1 KiB) TX bytes:355067 (346.7 KiB)
eth1 Link encap:Ethernet HWaddr 00:16:76:DF:D6:11
inet6 addr: fe80::216:76ff:fedf:d611/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1529 errors:0 dropped:0 overruns:0 frame:0
TX packets:549 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:166212 (162.3 KiB) TX bytes:194749 (190.1 KiB)
I also get the following error when making changes in network configuration of Nethserver GUI:
Task completed with errors
- S70network-start #5 (code 256)
- Anyone have any ideas? Nethserver looks very promising to my needs in replacing my current SME server machine, but I really need it setup as a server/gateway.
Filippo Carletti
Oct 13, 2014, 4:18:55 AM10/13/14
to Jeff Folk, neths...@googlegroups.com
> I have Eth0 set as LAN, and Eth1 set as internet, both show a link. I can
> ping the Red interface from the LAN interface, but can't ping the gateway
> address set in the internet interface (eth1). What's more, ifconfig doesn't
> show that eth1 has the IP address set in the GUI:
Could you please provide the output of "db networks show eth1"?
> ping the Red interface from the LAN interface, but can't ping the gateway
> address set in the internet interface (eth1). What's more, ifconfig doesn't
> show that eth1 has the IP address set in the GUI:
Here's mine:
eth1=ethernet
bootproto=none
device=eth1
gateway=x.x.x.225
hwaddr=00:90:0B:2B:F7:BB
ipaddr=x.x.x.226
netmask=255.255.255.248
nm_controlled=yes
onboot=yes
peer_dns=n
peerdns=yes
persistent_dhclient=n
role=red
uuid=5b8e62f7-43a7-4244-a4ec-5d7a6bfee976
I've experienced the same "ping problem", it turned out to be caused
by snort ips enabled but not running.
--
Ciao,
Filippo
Jeffrey Folk
Oct 13, 2014, 8:24:42 AM10/13/14
to neths...@googlegroups.com
On Oct 13, 2014, at 3:18 AM, Filippo Carletti wrote:
Could you please provide the output of "db networks show eth1"?
Here's mine:
eth1=ethernet
bootproto=none
device=eth1
gateway=x.x.x.225
hwaddr=00:90:0B:2B:F7:BB
ipaddr=x.x.x.226
netmask=255.255.255.248
nm_controlled=yes
onboot=yes
peer_dns=n
peerdns=yes
persistent_dhclient=n
role=red
uuid=5b8e62f7-43a7-4244-a4ec-5d7a6bfee976
And here's mine, very similar:
eth1=ethernet
bootproto=none
gateway=108.77.214.38
hwaddr=00:16:76:df:d6:11
ipaddr=108.77.214.35
netmask=255.255.255.248
peerdns=yes
persistent_dhclient=n
role=red
Jeffrey Folk
Oct 13, 2014, 8:31:52 AM10/13/14
to neths...@googlegroups.com
On Oct 13, 2014, at 3:18 AM, Filippo Carletti wrote:
I've experienced the same "ping problem", it turned out to be caused
by snort ips enabled but not running.
Have interesting things going on with DNS, as well:
Filippo Carletti
Oct 13, 2014, 9:01:57 AM10/13/14
to Jeffrey Folk, neths...@googlegroups.com
> Have interesting things going on with DNS, as well:
Next steps:
# config show dns
dns=configuration
NameServers=192.168.1.254
role=resolver
(usually NameServer is a public dns like google's 8.8.8.8)
What about snort ips? Is it enabled?
# config show firewall
--
Ciao,
Filippo
Jeff Folk
Oct 13, 2014, 2:05:30 PM10/13/14
to Filippo Carletti, neths...@googlegroups.com
On Oct 13, 2014, at 8:01 AM, Filippo Carletti wrote:
>> Have interesting things going on with DNS, as well:
>
> Next steps:
> # config show dns
> dns=configuration
> NameServers=192.168.1.254
> role=resolver
>
> (usually NameServer is a public dns like google's 8.8.8.8)
dns=configuration
>> Have interesting things going on with DNS, as well:
>
> Next steps:
> # config show dns
> dns=configuration
> NameServers=192.168.1.254
> role=resolver
>
> (usually NameServer is a public dns like google's 8.8.8.8)
NameServers=108.77.214.38,8.8.8.8
role=resolver
Was wondering why the server was adding my own domain to the end of every query
>
> What about snort ips? Is it enabled?
> # config show firewall
It isn't.
> What about snort ips? Is it enabled?
> # config show firewall
firewall=configuration
ExternalPing=enabled
Policy=permissive
WanMode=balance
event=nethserver-firewall-base-save
nfqueue=disabled
tc=Simple
Jeff Folk
Oct 13, 2014, 9:30:50 PM10/13/14
to neths...@googlegroups.com
So, I think I have figured this out. The Gateway functionality won't work on a static LAN, which is what I was trying to do. Creating a DHCP pool on the green interface makes it all work. Guess I'll have to figure some other way to wedge this into my network to replace the current SME Server.
Filippo Carletti
Oct 14, 2014, 3:21:06 AM10/14/14
to Jeff Folk, neths...@googlegroups.com
On Tue, Oct 14, 2014 at 3:30 AM, Jeff Folk <macw...@gmail.com> wrote:
> So, I think I have figured this out. The Gateway functionality won't work on
> a static LAN, which is what I was trying to do. Creating a DHCP pool on the
> green interface makes it all work.
I have many networks with static ip working flawlessly.
> So, I think I have figured this out. The Gateway functionality won't work on
> a static LAN, which is what I was trying to do. Creating a DHCP pool on the
> green interface makes it all work.
I believe the problem is elsewhere.
Could you share (in a zipfile) /etc/shorewall?
I noticed that your primary dns is your default gateway: is it a name resolver?
Jeff Folk
Oct 14, 2014, 8:15:19 AM10/14/14
to neths...@googlegroups.com
Actually… What it was (as I blush in shame), was a duplicate IP. My documentation had .34 and .35 as available in my pool, when in actuality .33 and .34 were available. You would think that I could keep 5 addresses straight.
Thanks for the help, and sorry for the noise. User error after all.
Alessio Fattorini
Oct 14, 2014, 8:27:19 AM10/14/14
to neths...@googlegroups.com
On 14/10/2014 14:15, Jeff Folk wrote:
> Thanks for the help, and sorry for the noise. User error after all.
Hi Jeff,
> Thanks for the help, and sorry for the noise. User error after all.
User error happens :-) welcome on NethServer community and thanks for
accepting my invite to join us
--
Alessio Fattorini - @ale_fattorini
Nethesis srl - Pesaro (Italy)
Davide Principi
Oct 14, 2014, 10:20:56 AM10/14/14
to Alessio Fattorini, NethServer English
Il 14/ott/2014 14:27 Alessio Fattorini <alessio....@nethesis.it> ha scritto:
>
> On 14/10/2014 14:15, Jeff Folk wrote:
>
> > Thanks for the help, and sorry for the noise. User error after all.
>
> Hi Jeff,
> User error happens :-) welcome on NethServer community and thanks for
> accepting my invite to join us
>
Programmer's errors happen too :))
Ciao,
Davide Principi
Reply all
Reply to author
Forward
0 new messages