First off, I'd like to point out that I'm a long time user of SEQ (a few years), but this is my first post (certainly my first question). I started out relatively new to Linux, and was able to get up and running on my own using information from the boards. I'm living proof that the search function does work, and should be used often.

That said, I'm a bit stumped at the moment, and my search on both the forums and the internet have not helped me at all. I've recently changed my network configuration because I've added a hard drive to my linux box and set it up as a Win2k dual boot. I purchased a Linksys switch, which now connects to the cable modem. The dual boot machine is now connected to the switch through one of the NIC's, which is eth1 in Linux. eth0 is connected to my non-switching Netgear hub. My thought was that I would have both comps connected to the Linksys switch when both running Windows (as one would do if running EQ on both machines). If I wanted to run SEQ, I'd switch the Windows box to the hub, change my network settings appropriately, and it would just work. This is not working with the current configuration.

Right now, I cannot even ping the internet from the Linux box, much less forward packets. eth0, which is connected to the hub (i.e. internal network) is still assigned a static IP of 192.168.1.20. eth1, which is connected to the switch, is getting it's address from DHCP. The difference is that the DHCP server is different: before, I was getting the address directly from the ISP, and was receiving an external address. Now, the DHCP server is the Linksys switch, and eth1 is getting an internal network address of 192.168.1.10. The Linksys switch has an internal IP of 192.168.1.1, so I'm positive there are no conflicts. So basically, I have two separate internal networks, one between the switch and the Linux box, and one between the Linux box and the Win box.

My guess is that the Linux box is, at this point, severely confused about where it should be getting internet information. My question is: can this configuration even work? What should I do? My first thought was that it's a problem in my rc.firewall configuration, but I'm not sure. Thoughts?

PS - Linux box is running RedHat 9 (2.4.x kernel), so I'm using iptables instead of ipchains

Subnet masking

This is a pretty indepth networking question for me to try and answer at the moment as I'm very tired.

Basic answer is that if your subnect mask aren't set properly the 192.168.1.10 and 192.168.1.20 are considered to be on the same network and could cause some serious confusion on your linux box (or any box for that matter). The default subnect mask for 192.168.x.x networks is 255.255.255.0 Meaning that everying on the last octact is grouped to the same logical network (more or less it assumes everything on the 192.168.1.x are on the same wiring segment, becaue the addresses match for the first three octets).

I would suggest changing eth1 to be hardcoded 192.168.2.x if you are going to be using a IPMasq setup. While double NATing works, most folks try and avoid it when possible.

Another possability is to turn your linux box into a bridge rather than a NAT/PAT router (using IPMasq), but I was never able to get that functioning when I tried years ago.

Also I would consider setting up a DHCP server to look at Eth1 so that when you move your EQ machine between hub and switch you just have to refresh the DHCP assigned IP address to get it going again.


But like I said, that is a really fast overview. After I have got some sleep (maybe a day or two) if you haven't got a better answer I will try and elaberate.


Here is are some basic links to get you started
http://www.webopedia.com/TERM/S/subnet_mask.html
http://www.learntosubnet.com/

And here is an interesting subnet calculater
http://www.telusplanet.net/public/sparkman/netcalc.htm


Granted it might have nothing to do with that, but based on the information you privided this is my first guess.

~ TK

Here's how I'd lay it out (I know the drawing sucks).

Internet
|
------Hub
| |
| Linksys
| | |
---SEQ EQ


In this situation the Linux box has one NIC (eth1) connected to the Linksys Router which is it's default route, and one NIC (eth0) connected to the hub. eth0 won't need to have an IP or any configuration at all. When SEQ puts it into Promiscuous mode it will be able to see all the traffic across the hub. With the hub sitting where it is it will be able to see all the EQ traffic in and out of your network. This setup requires no changes to your network topology or configuration on the EQ machine, whether you are using SEQ or not.

Hrm... that might work, S_B_R, but I'm not sure. My thought has always been that the cable modem itself isn't really a network device (not posessing an IP address), and plugging it directly into the hub won't do anything, since the hub is dumb. Will the packets from the cable modem be broadcast over the hub? And can a NIC w/o an IP address still receive those broadcast packets? Also, consider me a doof for not knowing what promiscuous mode is.

I'm pretty sure I understand the diagram, btw. Very well done. :)

Originally posted by DumdumDaTroll
Will the packets from the cable modem be broadcast over the hub?

Yes, the packets will be broadcast over the hub.


And can a NIC w/o an IP address still receive those broadcast packets?

Traffic between devices actually occurs with MAC addresses. IP addresses are map to MAC addresses through a process called ARP (Address Resolution Protocol) but an IP address is not necessary for a device to listen or (in the case of the cable modem) bridge traffic from one medium to another.


Also, consider me a doof for not knowing what promiscuous mode is.

Promiscuous mode is a state where a NIC will receive and accept all the packets it can hear on the wire. Typically NICs will only accept packets destined for their MAC address and will ignore malformed packets such as runts and giants. Promiscuous mode lets you accept all that traffic, typically for diagnosing problems.

Monster

Thanks monster69, I couldn't have said it any better myself. ;)

Well said, monster69, and well received. I'll try it out when I get home this afternoon. Thanks for the Networking 102 primer. :D

As far as setting up the SEQ box, per S_B_R's setup, what then needs to change in my network device configuration? eth1 (connected to internet) will still be configured as obtaining an IP from the switch's DHCP service, which will turn out to be 192.168.1.10. How does eth0 (packet sniffing device) need to be configured? Or does it matter, so long as I have eth1 set up as my default route?

As root:
ifdown eth0
ifconfig eth0 promisc up
That's it. (eth0 is the sniffing NIC)

Thanks for your help, everything is working as expected. Hopefully readers with similar questions will get use out of this thread. Thanks a million!