Page 1 of 2
Bubba behind firewall -- setup routing?
Posted: 07 Oct 2008, 20:47
by shadowbox
I have BubbaII in configuration 6 from the manual:
Internet -> fw/router -> bubbaII
I have changed my LAN address to be on the fw/router network. So all machines on this side of the fw/router can see each other. But how do I get bubbaII to route through the fw/router to the internet?
Do I just add the lines myself to: /etc/networks/interfaces? Or is there someplace in the GUI where I'm missing it?
[I'll probably soon give up on doing things the nice-gui way in favor of my cherished CLI, but I just got this box yesterday, and don't want to hose myself too soon]
Posted: 08 Oct 2008, 02:54
by Binkem
You should set up port forwarding on the firewall/router so that the correct ports there are forwarded to Bubba's ip-address.
Posted: 08 Oct 2008, 07:41
by shadowbox
When I'm on the box (ssh) I can't ping anything on the internet because the packets aren't routed correctly. I believe your solution is for allowing the internet to touch my box behind the firewall -- that's not the case I'm trying to solve -- unless I'm misunderstanding my own problem.
my routing table looks like this:
Code: Select all
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Posted: 08 Oct 2008, 08:03
by Binkem
have you entered the router's address as gateway in the bubba? (or do you use DHCP tot resolve internet adresses)?
Posted: 08 Oct 2008, 09:04
by shadowbox
The gateway is greyed out in on the LAN page if you have a static address.
It seems to me I should be using the WAN port, rather than the LAN port, since I'm not serving DHCP to clients and the WAN config screen has routing and DNS configuration options. I'd set the gateway to my router's address.
Maybe the picture in the manual is wrong.
Posted: 08 Oct 2008, 09:20
by Binkem
If you connect the wan port to the lan you cannot log in as admin; reversely, if you connect the lan to a router you would still be able to log in as admin from the internet. something for the BUBBA-team to think about?
Posted: 08 Oct 2008, 10:10
by shadowbox
sounds like manually adding the routes to the /etc/networks/interfaces file is the way to go.
Posted: 08 Oct 2008, 14:47
by Binkem
It's just a guess, but you might try setting the gateway on your WAN-settings. This gateway-address is copied to the LAN-tab on my bubba. Might just work (or not)
Posted: 09 Oct 2008, 09:51
by pa
I think that the usecase of having a static IP on LAN and _not_ using B2 as a router has not been concidered and tested enough.
Is using dhcp on LAN not an option for you?
If not, you need to edit the interfaces file and add under the eth1 section:
gateway 192.168.1.xx
where 192.168.1.xx is the IP address of your router.
/PA
Posted: 09 Oct 2008, 16:28
by shadowbox
Yes, that's just what I did to get it working (/etc/network/interfaces)
Code: Select all
iface eth1 inet static
address 192.168.1.99
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 1.1.1.23
dns-search mydomain.com
I've never really understood why anyone would use DHCP for their relatively static LAN; and certainly never why they would want their server's address allocated dynamically. But ah well. I wasn't planning to use the Bubba interface for very long anyway.
Posted: 10 Oct 2008, 14:18
by trencarbe
can you ping other web sites and get answer with this configuration in /etc/network/interfaces?
Posted: 10 Oct 2008, 14:20
by shadowbox
yes. and can ssh from the internet to my bubba (mostly a function of the 3rd party router, of course)
btw: the DNS server and the domain name are bogus.
Posted: 10 Oct 2008, 14:36
by trencarbe
strange! here below is my setup in /etc/network/interfaces, but I cannot ping the outside world!
I can ping back and forth in my network, but nothing more than that. I get error message:
Code: Select all
bubba:~$ ping www.google.com
connect: Network is unreachable
My network setting:
Code: Select all
bubba:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.254
iface eth0 inet static
netmask 255.255.255.0
address 192.168.10.100
My BubbaTwo is behind the router (192.168.1.254), connected to a switch. The Bubba itself is connected on the LAN network plug.
Suggestions on what is wrong??
Posted: 10 Oct 2008, 15:49
by shadowbox
what does "netstat -rn" give you?
Posted: 12 Oct 2008, 12:53
by trencarbe
It gives me:
Code: Select all
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
And /etc/network/interfaces:
Code: Select all
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
iface eth0 inet dhcp
But why??