# Destination Host Unreachable



## littlegreenm (Jul 8, 2003)

Hi,

I'm a bit of a newbie with Linux, however I am hoping some genius can help me out with name resolving. etc..

I have been asked to setup a network for our company. There are a number of companies in the building and they all use the gateway 192.168.1.1 / 255.255.255.0 to get out onto the Internet.

I do not want to use the same network mask as I don't want people snooping around out PC's.

I am currently using RH9 with two network cards... one for our own network and one to connect to 192.168.1.1 (the default gateway). The long and the short of it is that I can't get out onto the network when I use the netmask 255.255.255.224. It would be great if somebody can help me out on this.

Just a bit of additional info.
Both network cards are RealTek RTL-8139, SMC EZ Card
eth0 is setup for Network (192.168.206.187 / 255.255.255.0 Gateway is 192.168.206.186)
eth1 is setup for Internet (192.168.206.186 / 255.255.255.0
Gateway is 192.168.1.1

I have setup the Primary DNS to 192.168.*.*

Thanks in advance

Cormac.


----------



## Squashman (Apr 4, 2003)

Your NIC 192.168.206.186 / 255.255.255.0
Gateway 192.168.1.1 / 255.255.255.0 

What do you see wrong with this picture.

Not on the same network. Your External NIC has to be on the same network as the Gateway.


----------



## littlegreenm (Jul 8, 2003)

Thanks for your reply.
I have made the appropriate change to the external card, rebooted the machine to make sure and tried to ping 192.168.1.1 . I was told that the destination host is unreachable.

Any further help would be appreciated. I am including a bit of info, should they be of use to you, or anybody else who wants to join in.

Thanks.

ifconfig is as follows:
eth0 Link encap:Ethernet HWaddr 00:40:F4:6F7:BF 
inet addr:192.168.206.186 Bcast:192.168.206.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2284 errors:0 dropped:0 overruns:0 frame:0
TX packets:210 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100 
RX bytes:200755 (196.0 Kb) TX bytes:24088 (23.5 Kb)
Interrupt:10 Base address:0x4000

eth1 Link encap:Ethernet HWaddr 00:40:F4:6FA:49 
inet addr:192.168.1.187 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1312 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100 
RX bytes:0 (0.0 b) TX bytes:86580 (84.5 Kb)
Interrupt:9 Base address:0x6000

lo Link encap:Local Loopback 
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1078 errors:0 dropped:0 overruns:0 frame:0
TX packets:1078 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0 
RX bytes:94141 (91.9 Kb) TX bytes:94141 (91.9 Kb)

Host file is as follows
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.0	localhost	localhost.localdomain
192.168.1.187	localhost.localdomain	redsky0
192.168.206.186	localhost.localdomain	redsky0
192.168.206.185	redsky3	cormac
192.168.206.184	redsky1	declan
192.168.206.183	redsky2	keelan

A few pings
[[email protected] root]# ping 192.168.206.186
PING 192.168.206.186 (192.168.206.186) 56(84) bytes of data.
64 bytes from 192.168.206.186: icmp_seq=1 ttl=64 time=2.17 ms
64 bytes from 192.168.206.186: icmp_seq=2 ttl=64 time=0.099 ms
64 bytes from 192.168.206.186: icmp_seq=3 ttl=64 time=0.085 ms

[1]+ Stopped ping 192.168.206.186
[[email protected] root]# ping 192.168.1.187
PING 192.168.1.187 (192.168.1.187) 56(84) bytes of data.
64 bytes from 192.168.1.187: icmp_seq=1 ttl=64 time=0.131 ms
64 bytes from 192.168.1.187: icmp_seq=2 ttl=64 time=0.111 ms
64 bytes from 192.168.1.187: icmp_seq=3 ttl=64 time=0.105 ms

[2]+ Stopped ping 192.168.1.187
[[email protected] root]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.187 icmp_seq=1 Destination Host Unreachable
From 192.168.1.187 icmp_seq=2 Destination Host Unreachable
From 192.168.1.187 icmp_seq=3 Destination Host Unreachable


----------



## Squashman (Apr 4, 2003)

Just a quick note. I assume you are using your Linux server as a gateway for your clients to get out of your network. If so you will need to setup NAT (Network Address Translation) on your Linux Server.


----------



## littlegreenm (Jul 8, 2003)

Thanks. I don't really want to set that up until I have to. I'd like to get the linux box connecting to the Internet first. Once I know that is working, then I can start with the client machines.


----------



## Squashman (Apr 4, 2003)

Just a thought here, do you have a firewall running that may be blocking ping requests. I know that Red Hat asks you now if you want a default firewall running after you install. If you set it to high, you may not be able to ping out or nobody may get a ping response from you.

Have you tried pinging your external nic from another machine on that same network.


----------



## littlegreenm (Jul 8, 2003)

I pinged from a client machine and couldn't reach 192.168.1.187 to no avail and vice versa. It looks like it is being blocked.

I checked the GUI firewall and it was knocked off. Is there another type of firewall ... iptables?


----------



## Squashman (Apr 4, 2003)

I dont know what to tell you. You certainly dont have Iptables running. But you can always type *iptables -L* to see the current state of the firewall if you are running iptables. But you are most likely not.

If you are on the same network, you should be able to ping okay. Unless there is a problem with the cable.

How about we figure out if your client machines can ping your internal nic.

You sure you dont have the cables crossed on which nic goes to which network?


----------



## littlegreenm (Jul 8, 2003)

OK... I've made a few changes since I posted last.
I have disabled eth1 and removed the driver. As far as the machine is concerned there is no eth1 or second nic card. I've altered the hosts file, changed the GATEWAYDEV to eth0 in the network file. I have renamed the eth0 to Internet (connection).

I can now surf the web. However, I would idealy like to create a subnet so other's can't view our machines. However, I am unsure how to do this whilse allowing the client machines to use the linux box as a gateway.

1st card = 192.186.1.186/255.255.255.0 Gway = 192.168.1.1

Can I configure the second card like so
2nd card = 10.0.0.1/255.255.255.0 Gway=192.168.1.186
so when I setup the tcp/ip in Windows I point the gateway to 10.0.0.1 .... or am I jumping the gun a bit here.


----------



## Squashman (Apr 4, 2003)

You know you could buy a cheap router for under $30 that would solve this problem.


----------



## soup4you2 (Jul 8, 2003)

Ok....

Hey people i'm new here so be gentle...

I'm more used to the FreeBSD/OpenBSD ways of doing things.. but i'll give this one a shot..

First of all... i'm going to call your external nic rl0 and your internal nic rl1 just because thats the way i'm used to..

so you can browse the net currently off rl0 (external)

so put in rl1 and i'm unsure how redhat does it.. but you need to tell it to give it a static ip upon bringing the network up.

so you should have a ifconfig after all that that looks similar to:


```
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::207:95ff:feae:c61e%sis0 prefixlen 64 scopeid 0x1
        inet xx.xxx.xxx.xxx netmask 0xfffffe00 broadcast 68.100.255.255
        ether xx:xx:xx:xx:xx:xx
        media: Ethernet autoselect (10baseT/UTP)
        status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=3<RXCSUM,TXCSUM>
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::250:4ff:fe03:a2e8%xl0 prefixlen 64 scopeid 0x2
        ether xx:xx:xx:xx:xx:xx
        media: Ethernet autoselect (100baseTX)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
```
please note in this example i'm using 192.168.1.1 as our new internal nic gateway..

so next we need some IPNAT rules like:


```
map rl0 192.168.1.1/24 -> 0/32 portmap tcp/udp auto
map rl0 192.168.1.1/24 -> 0/32
```
inside your firewall you need to add in rules also to pass everything through your loopback..

not clean on ipchains but ipf would be something like:


```
pass in quick on lo0 all
pass out quick on lo0 all
```
then you would also pass your rules for rl0 and rl1 normally you can pass everything out of rl1 but keep rl0 restricted..

another thing is you probbibly want a dhcp server binded to rl1


----------



## littlegreenm (Jul 8, 2003)

I was thinking on a similiar line... I though Linux could act as a router though? 

I'm only in this job a week, so I just want to make sure that getting a router will do the job. I suppose I could always query this forum. 

Thanks for all your help. Any ideas on a decent router?


----------



## soup4you2 (Jul 8, 2003)

linux/unix can and will act as a great router... but you need the provisions to set it up..

it's just been so dam long since i've used regular old linux.. but it can be done..

do some goodle searches for transparent ip masquerading

you answer should lie somewhere in there

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IP-Masquerade-HOWTO.html


----------



## soup4you2 (Jul 8, 2003)

Another suggestion....

Is the only purpose of this machine to act as a router/firewall ??

if so i would suggest using something thats arlready structured for routing.. because it looks like a lot of work..

If the only purpose is to be a router then try using Mandrake multi network firewall

http://www.mandrakesoft.com/products/mnf

(Ack i just promoted mandrake... dont expect that from me too often)


----------



## littlegreenm (Jul 8, 2003)

Unfortunatly not, I'm using the Redhat as a http://server and storage device. I can configure samba using a different IP MASK, and get it working with the client machines, so I am half way there.

Its basically being able to use the external nic to bridge the two networks, if that's possible. Then use the internal nic to route all traffic through the external nic.

Ideally Im looking for a quick and easy solution, which costs nothing.


----------



## Squashman (Apr 4, 2003)

As I always say, Time is Money. If you have never setup Ip masquerading you are in for a treat.


----------



## littlegreenm (Jul 8, 2003)

Is it much easier to setup and quicker to buy a router as opposed to Ip masquerading?


----------



## soup4you2 (Jul 8, 2003)

another article of intrest would probbibly be this one

http://www.flounder.net/ipchains/ipchains-howto.html#7

but overall i think your gonna have to do your kernel which is a pain on linux...


----------

