LARTC - Nov 2002 - Linking two networks

Hi there

I just had a data line installed between my home and the office. I''ve
managed to connect the two sides successfully with ppp and the gateways
on both sides can see each other. I want the hosts behind the
gateways to see each other as well and although this is discussed in
some howtos I couldn''t get this right and need some help with the
routing.

Here''s my setup:

    At home I have a 192.168.2.0 network and at the office I have a
    192.168.1.0 network.

    The gateway at home is 192.168.2.10 and at the office it is
    192.168.1.10.

    My routing table at home looks like this:

Destination  Gateway      Genmask         Flags Metric Ref Use Iface
192.168.1.10 0.0.0.0      255.255.255.255 UH    0      0     0 ppp0
192.168.2.0  0.0.0.0      255.255.255.0   U     0      0     0 eth0
192.168.1.0  192.168.1.10 255.255.255.0   UG    0      0     0 ppp0
0.0.0.0      0.0.0.0      0.0.0.0         U     0      0     0 ppp0

    My routing table at work looks like this:

Destination  Gateway      Genmask         Flags Metric Ref Use Iface
192.168.1.1  0.0.0.0      255.255.255.255 UH    0      0     0 eth1
192.168.2.10 0.0.0.0      255.255.255.255 UH    0      0     0 ppp0
196.x.y.51   0.0.0.0      255.255.255.255 UH    0      0     0 eth0
196.x.y.48   0.0.0.0      255.255.255.240 U     0      0     0 eth0
192.168.2.0  192.168.2.10 255.255.255.0   UG    0      0     0 ppp0
192.168.1.0  0.0.0.0      255.255.255.0   U     0      0     0 eth1
127.0.0.0    0.0.0.0      255.0.0.0       U     0      0     0 lo
0.0.0.0      196.44.35.49 0.0.0.0         UG    0      0     0 eth0

    Here eth0 is connected to my ISP and eth1 is connect to the local
    lan.

Now if I am logged in at 192.168.1.10 (the gateway at the office) and
try to ping a host behind the gateway at home (eg. 192.168.2.2) then it
looks like the packets make it to that host but 192.168.2.2 cannot
locate host 192.168.1.10 and can therefor not send the echo reply.

192.168.2.2 has 192.168.2.1 as gateway.

Any ideas what might be wrong?

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Roch?!
> I just had a data line installed between my home and the office.
I''ve
> managed to connect the two sides successfully with ppp and the gateways
> on both sides can see each other. I want the hosts behind the
> gateways to see each other as well and although this is discussed in
> some howtos I couldn''t get this right and need some help with the
> routing.
> 
> Here''s my setup:
> 
>     At home I have a 192.168.2.0 network and at the office I have a
>     192.168.1.0 network.
> 
>     The gateway at home is 192.168.2.10 and at the office it is
>     192.168.1.10.
> 
>     My routing table at home looks like this:
> 
> Destination  Gateway      Genmask         Flags Metric Ref Use Iface
> 192.168.1.10 0.0.0.0      255.255.255.255 UH    0      0     0 ppp0
> 192.168.2.0  0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 192.168.1.0  192.168.1.10 255.255.255.0   UG    0      0     0 ppp0
> 0.0.0.0      0.0.0.0      0.0.0.0         U     0      0     0 ppp0
You don''t need to add a route to get to 192.168.1.0/24 since you your
default gw will route packets to that network anyway. You are also use
192.168.1.10 as a gateway to get onto the 1/24 network which won''t work
(you
can''t use a machine on the network which you want to reach as a
gateway).
You want to be using 192.168.2.10 as a gateway to get onto the 1/24 network.

Also, you can use unnumbered ppp. Just do this:

On your home gateway''s eth0 assign 192.168.2.10 and on your
office''s side,
assign 192.168.1.10 to eth1. Then use unnumbered ppp on both sides and make
sure that ip forwarding is enabled on the office gw.

On your office side, you''ll have

pppd ... 192.168.1.10:192.168.2.10

and on your home side, you''ll have

pppd ... defaultroute :

Of course, you probably have /etc/ppp/* with the pon/poff scripts in which
case you need to add above to your /etc/ppp/peers/* scripts

-- 

Regards
 Abraham

QOTD:
	"I used to jog, but the ice kept bouncing out of my glass."

___________________________________________________
 Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
 P.O. Box 3472, Matieland, Stellenbosch, 7602
 Cell: +27 82 565 4451 Http: http://www.frogfoot.net
 Email: abz@frogfoot.net

On Sat, 30 Nov 2002 13:53:57 +0200
Abraham van der Merwe <abz@frogfoot.net> wrote:

Thanks for the advice :-)
> You don''t need to add a route to get to 192.168.1.0/24 since you
your
> default gw will route packets to that network anyway. You are also use
> 192.168.1.10 as a gateway to get onto the 1/24 network which won''t
> work (you can''t use a machine on the network which you want to
reach
> as a gateway). You want to be using 192.168.2.10 as a gateway to get
> onto the 1/24 network.
Mmm, thought I had something upside down.
> 
> Also, you can use unnumbered ppp. Just do this:
> 
> On your home gateway''s eth0 assign 192.168.2.10 and on your
office''s
> side, assign 192.168.1.10 to eth1. Then use unnumbered ppp on both
> sides and make sure that ip forwarding is enabled on the office gw.
I don''t quite follow how to set up unnumbered ppp. Should I just omit
the local_ip:remote_ip in my ppp options file at home?
> 
> On your office side, you''ll have
> 
> pppd ... 192.168.1.10:192.168.2.10
> 
> and on your home side, you''ll have
> 
> pppd ... defaultroute :
> 
> Of course, you probably have /etc/ppp/* with the pon/poff scripts in
> which case you need to add above to your /etc/ppp/peers/* scripts
At the moment I have no scripts in place - I''m doing it manually to see
what works and what I should eventually put in the scripts. I only have
/etc/ppp/options on both sides.

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Roch?!
> > On your home gateway''s eth0 assign 192.168.2.10 and on your
office''s
> > side, assign 192.168.1.10 to eth1. Then use unnumbered ppp on both
> > sides and make sure that ip forwarding is enabled on the office gw.
> 
> I don''t quite follow how to set up unnumbered ppp. Should I just
omit
> the local_ip:remote_ip in my ppp options file at home?
That is correct. See, ppp is a point-to-point protocol, so traffic can only
go in two directions anyway, so you can tell ppp not to use any kind of
layer 3 routing and just send packets to the other side automatically.

In Linux you do that by just specifying local_ip:remote_ip on the server
side and : on the client side.
> > Of course, you probably have /etc/ppp/* with the pon/poff scripts in
> > which case you need to add above to your /etc/ppp/peers/* scripts
> 
> At the moment I have no scripts in place - I''m doing it manually
to see
> what works and what I should eventually put in the scripts. I only have
> /etc/ppp/options on both sides.
Ok, so this (otoh so don''t blame me if it doesn''t work *g*) in
your inittab
should do the job:

------------< snip <------< snip <------< snip <------------
# At office
S0:23:respawn:/usr/sbin/pppd /dev/ttyS0 115200 modem noauth crtscts persist \
192.168.1.10:192.168.2.10 nodetach >>/var/log/leased.log

# At home
S0:23:respawn:/usr/sbin/pppd /dev/ttyS0 115200 noauth lock debug crtscts
defaultroute persist nodetach >>/var/log/leased.log
------------< snip <------< snip <------< snip <------------

-- 

Regards
 Abraham

A morsel of genuine history is a thing so rare as to be always valuable.
-- Thomas Jefferson

___________________________________________________
 Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
 P.O. Box 3472, Matieland, Stellenbosch, 7602
 Cell: +27 82 565 4451 Http: http://www.frogfoot.net
 Email: abz@frogfoot.net

Thanks for your help.

I will try this later this afternoon and let you know. I think I
understand a bit more about routing and networks now.

On Sat, 30 Nov 2002 14:37:09 +0200
Abraham van der Merwe <abz@frogfoot.net> wrote:
> Hi Roch?!
> 
> > > On your home gateway''s eth0 assign 192.168.2.10 and on
your office''s
> > > side, assign 192.168.1.10 to eth1. Then use unnumbered ppp on
both
> > > sides and make sure that ip forwarding is enabled on the office
gw.
> > 
> > I don''t quite follow how to set up unnumbered ppp. Should I
just omit
> > the local_ip:remote_ip in my ppp options file at home?
> 
> That is correct. See, ppp is a point-to-point protocol, so traffic can only
> go in two directions anyway, so you can tell ppp not to use any kind of
> layer 3 routing and just send packets to the other side automatically.
> 
> In Linux you do that by just specifying local_ip:remote_ip on the server
> side and : on the client side.
> 
> > > Of course, you probably have /etc/ppp/* with the pon/poff scripts
in
> > > which case you need to add above to your /etc/ppp/peers/* scripts
> > 
> > At the moment I have no scripts in place - I''m doing it
manually to see
> > what works and what I should eventually put in the scripts. I only
have
> > /etc/ppp/options on both sides.
> 
> Ok, so this (otoh so don''t blame me if it doesn''t work
*g*) in your inittab
> should do the job:
> 
> ------------< snip <------< snip <------< snip
<------------
> # At office
> S0:23:respawn:/usr/sbin/pppd /dev/ttyS0 115200 modem noauth crtscts persist
\
> 192.168.1.10:192.168.2.10 nodetach >>/var/log/leased.log
> 
> # At home
> S0:23:respawn:/usr/sbin/pppd /dev/ttyS0 115200 noauth lock debug crtscts
> defaultroute persist nodetach >>/var/log/leased.log
> ------------< snip <------< snip <------< snip
<------------
> 
> -- 
> 
> Regards
>  Abraham
> 
> A morsel of genuine history is a thing so rare as to be always valuable.
> -- Thomas Jefferson
> 
> ___________________________________________________
>  Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
>  P.O. Box 3472, Matieland, Stellenbosch, 7602
>  Cell: +27 82 565 4451 Http: http://www.frogfoot.net
>  Email: abz@frogfoot.net
> 
> 

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Abraham
> Ok, so this (otoh so don''t blame me if it doesn''t work
*g*) in your inittab
> should do the job:
> 
> ------------< snip <------< snip <------< snip
<------------
> # At office
> S0:23:respawn:/usr/sbin/pppd /dev/ttyS0 115200 modem noauth crtscts persist
\
> 192.168.1.10:192.168.2.10 nodetach >>/var/log/leased.log
Instead of re-assigning 192.168.1.10 to eth1 at
the office I just set loc_ip:rem_ip in my ppp options to
192.168.1.1:192.168.2.1 because to many hosts already point to
192.168.1.1 as their gateway. I think this boils down to the same thing.

This works partially. I have one host behind 192.168.2.1 (gateway at
home) with the ip 192.168.2.2. I had to add a route to 192.168.1.1
(gateway at the office) before 192.168.2.2 could see 192.168.1.1:

    route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1

So now 192.168.2.2 can see 192.168.1.1 as gateway, but the hosts on the
192.168.1.0 network at the office can''t reach the 192.168.2.0 network
at
home.

I tried to ping 192.168.2.1 from 192.168.1.2 (a host behind the
192.168.1.1 gateway) and got no response so I investigated with tcpdump.

On 192.168.1.1 the output of tcpdump -i eth1 is:

10:20:43.432529 < 192.168.1.2 > 192.168.2.1: icmp: echo request (DF)
10:20:44.432621 < 192.168.1.2 > 192.168.2.1: icmp: echo request (DF)
10:20:45.432556 < 192.168.1.2 > 192.168.2.1: icmp: echo request (DF)
10:20:46.432560 < 192.168.1.2 > 192.168.2.1: icmp: echo request (DF)

So no "echo reply", then I did a tcpdump -i ppp0 to see if these
packets
actually reach the ppp device and they don''t.

This is how the routing table at the office looks like now:

Destination Gateway      Genmask         Flags Metric Ref Use Iface
192.168.1.1 0.0.0.0      255.255.255.255 UH    0      0     0 eth1
192.168.2.1 0.0.0.0      255.255.255.255 UH    0      0     0 ppp0
196.x.y.51  0.0.0.0      255.255.255.255 UH    0      0     0 eth0
196.x.y.48  0.0.0.0      255.255.255.240 U     0      0     0 eth0
192.168.2.0 192.168.1.1  255.255.255.0   UG    0      0     0 ppp0
192.168.1.0 0.0.0.0      255.255.255.0   U     0      0     0 eth1
127.0.0.0   0.0.0.0      255.0.0.0       U     0      0     0 lo
0.0.0.0     196.44.35.49 0.0.0.0         UG    0      0     0 eth0


-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Ignore me previous post, my firewall was toasting me ;-)

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/