[Nottingham] Problems configuring second network card

Mike nottingham at mailman.lug.org.uk
Sat Apr 5 02:47:01 2003


On Sat, 2003-04-05 at 01:07, David Luff wrote:
> Hi all,
> 
> I've been running my machine connected to NTL's broadband for a few weeks now using the MonMotha firewall script that was recommended on this list (thanks!).  So far so good.  Now I'm trying to connect another machine (running 'the other operating system') to a second network card in the Linux box to be firewalled using NAT.  Unfortunately I'm having desperate problems configuring the second network card in the Linux box.
> 
> At the moment, eth0 is the card connected to the cable modem, that seems to work OK.
> 
> Here is my /etc/network/interfaces:
> 
> ........................
> 
> # Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
> # /usr/share/doc/ifupdown/examples for more information.
> 
> auto lo
> iface lo inet loopback
> 
> auto eth0
> iface eth0 inet dhcp
> 
> #auto eth1
> #iface eth1 inet static
> #address 192.168.0.1
> #network 192.168.0.0
> #netmask 255.255.255.0
> #broadcast 192.168.0.255
> 
> ........................
> 
> The problem is that if I comment out the eth1 lines (which I put in) the computer siezes up at boot-up on the configuring network section until I press Ctrl-C, at which point it starts without any networking working.  Is there something desperately wrong with what I've configured for eth1 there?
> 
> The other possiblility that occurs to me is that the second card is getting detected wrongly - here's the output from dmesg | grep eth0:
> 
> eth0: RealTek RTL8139 Fast Ethernet at 0xe096f000, 00:4f:4e:01:e9:f1, IRQ 10
> eth0:  Identified 8139 chip type 'RTL-8139A'
> eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
> eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
> eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
> eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
> eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
> 
> and from dmesg | grep eth1:
> 
> eth1: ADMtek Comet rev 17 at 0xec00, 00:50:BF:9D:FE:FC, IRQ 11.
> 
> The thing is, eth1 is according to the box an SMC1244TX and on the board has an RTL8139C chipset.  Does the above look plausible for it?  (eth0 is an RTL8139A as detected).
> 
> And finally, FWIW, here's the configuration section from my MonMotha firewall script that gets run at startup, just in case that's what's causing things to go wrong...
> 
> ................................
> # Main Options
> IPTABLES="/sbin/iptables"
> TCP_ALLOW=""
> UDP_ALLOW="68"
> INET_IFACE="eth0"
> LAN_IFACE="eth1"
> INTERNAL_LAN="192.168.0.0/24 192.168.1.0/24"
> MASQ_LAN="192.168.0.0/24 192.168.1.0/24"
> SNAT_LAN=""
> DROP="REJECT"
> DENY_ALL=""
> DENY_HOSTWISE_TCP=""
> DENY_HOSTWISE_UDP=""
> BLACKHOLE=""
> BLACKHOLE_DROP="DROP"
> ALLOW_HOSTWISE_TCP=""
> ALLOW_HOSTWISE_UDP=""
> TCP_FW=""
> UDP_FW=""
> MANGLE_TOS_OPTIMIZE="FALSE"
> DHCP_SERVER="FALSE"
> BAD_ICMP="5 9 10 15 16 17 18"
> ENABLE="Y"
> 
> # Flood Params
> LOG_FLOOD="1/s"
> SYN_FLOOD="20/s"
> PING_FLOOD="1/s"
> 
> # Outbound filters
> # FIXME: Update config help wiki then remove one-liner help
> ALLOW_OUT_TCP=""				# Internal hosts allowed to be forwarded out on TCP (do not put this/these host/s in INTERNAL_LAN, but do define their method of access [snat, masq] if not a public ip)
> PROXY=""					# Redirect for Squid or other TRANSPARENT proxy. Syntax to specify the proxy is "host:port".
> MY_IP=""					# Set to the internal IP of this box (with the firewall), only needed for PROXY=
> ........................
> 
> Any help with this would be much appreciated - I'm sort of out of ideas at this point (apart from ripping the second network card out and trying a different one!)
> 
> Cheers - Dave
> 

OK 

First off, what does /sbin/ifconfig show (especially for eth1)

Also have you got ip forwarding set up?

ie: what does 

cat /proc/sys/net/ipv4/ip_forward

show (it should be 1) if not echo "1" > /proc/sys/net/ipv4/ip_forward

to test your system out do

/sbin/ifdown eth1

then

bring up eth1 manually (its late - cant remember th options)



_________________________________________
> Nottingham mailing list
> Nottingham@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham