<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
It apparently defaults to /32 when one neglects to specify a
netmask.<br>
<font face="Arial"><br>
We seem to have moved past dhcp... Take this private so as not to
bother others with non-dhcp related issues?<br>
<br>
Many thanks to all!!! Much appreciated!!!<br>
<br>
</font>
<div class="moz-cite-prefix">On 01/27/2018 06:31 PM, Bill Shirley
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:066eb2fd-26f8-21b1-4611-bb1572b0689a@c3po.polymerindustries.biz">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Also in the entries you've shown: FOUR, SEVEN, and EIGHT are<br>
using /32 which I think should be /24 I would think. EIGHT is a<br>
rule for the bridge, do you need that?<br>
<br>
Bill<br>
<br>
<div class="moz-cite-prefix">On 1/27/2018 9:24 PM, Bill Shirley
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e37dd491-5172-063f-1550-4a037d751c2a@c3po.polymerindustries.biz">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
You're looking in the wrong table. You want 'iptables -t nat'.<br>
You need an entry something like:<br>
<font color="#993300"><tt>iptables -t nat -A POSTROUTING -o
enp6s0 -s 10.1.1.0/24 -j MASQUERADE</tt><tt><br>
</tt></font><br>
I don't craft my iptables by hand; I use Shorewall.<br>
<br>
Bill<br>
<br>
<div class="moz-cite-prefix">On 1/27/2018 7:52 PM, A wrote:<br>
</div>
<blockquote type="cite"
cite="mid:66a74aef-f743-2a52-2b8e-ba09b676e9ef@bak.rr.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 01/27/2018 04:22 PM, Bill
Shirley wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ed27b87d-2c4f-ea0a-8f8d-513ed6824b6b@c3po.polymerindustries.biz">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
I don't know if it is affecting anything but you still have
the bridge defined<br>
in /etc/network/interfaces. Also, you still have wlp2s0 on
10.1.1.0/24. Do<br>
you want to define the wireless?<br>
</blockquote>
<br>
Yes. I just finished responding to your prior email. I need
to run out for a few minutes before it gets dark. Back in 30.<br>
<br>
<blockquote type="cite"
cite="mid:ed27b87d-2c4f-ea0a-8f8d-513ed6824b6b@c3po.polymerindustries.biz">
<br>
So 'blue' is to use 'yellow' to get to the internet. Do you
have iptables on<br>
'yellow' set up to masquerade for 10.1.1.0/24 <br>
</blockquote>
<br>
This is what I have at the moment so far. I see an error with
FOUR. Back in 30.<br>
<br>
<br>
-A PREROUTING -i enp6s0 -p tcp -m multiport --dports 80,443 -j
DNAT --to-destination 10.1.1.1<br>
-A FORWARD -i enp6s0 -o wlp2s0 -m conntrack --ctstate
RELATED,ESTABLISHED -m comment --comment THREE -j ACCEPT<br>
-A FORWARD -d 10.1.1.0/32 -i enp4s5 -o enp6s0 -m comment
--comment FOUR -j ACCEPT<br>
-A FORWARD ! -d 10.1.1.0/32 -o enp6s0 -m comment --comment
SEVEN -j ACCEPT<br>
-A FORWARD -d 10.1.1.0/32 -o br0 -m conntrack --ctstate
RELATED,ESTABLISHED -m comment --comment EIGHT -j ACCEPT<br>
<br>
<blockquote type="cite"
cite="mid:ed27b87d-2c4f-ea0a-8f8d-513ed6824b6b@c3po.polymerindustries.biz">
<br>
Bill<br>
<br>
<div class="moz-cite-prefix">On 1/27/2018 7:10 PM, A wrote:<br>
</div>
<blockquote type="cite"
cite="mid:090d96e6-1ccb-60e4-7353-9e099b87cf08@bak.rr.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p><font face="Arial">I meant to include the current
/etc/network/interfaces. Below. However, in the
meantime I'm getting different results. Perhaps due
to the fact that I changed "static" to "manuel". I
also <b>deleted</b> the bridge. Now, both machines
can ping each other on the wired interface, and
yellow can still ping the 'Net. Blue cannot ping the
Internet.<br>
</font></p>
<p><font face="Arial">It's unclear if the bridge-utils is
truly out of the picture, despite the tools reporting
so. I suspect this may still be an issue that will
come back later when I retry.<br>
</font></p>
<p><font face="Arial">PING blue (10.1.1.14) 56(84) bytes
of data.<br>
64 bytes from blue (10.1.1.14): icmp_seq=1 ttl=64
time=0.353 ms<br>
</font></p>
<p><font face="Arial">ping google.com<br>
PING google.com (172.217.11.78) 56(84) bytes of data.<br>
64 bytes from lax17s34-in-f14.1e100.net
(172.217.11.78): icmp_seq=1 ttl=56 time=23.4 ms<br>
</font></p>
<p><font face="Arial"># ping yellow<br>
PING yellow (127.0.1.1) 56(84) bytes of data.<br>
64 bytes from yellow (127.0.1.1): icmp_seq=1 ttl=64
time=0.088 ms<br>
^C<br>
--- yellow ping statistics ---<br>
1 packets transmitted, 1 received, 0% packet loss,
time 0ms<br>
rtt min/avg/max/mdev = 0.088/0.088/0.088/0.000 ms<br>
</font></p>
<p><font face="Arial"># ping router<br>
PING yellow (10.1.1.1) 56(84) bytes of data.<br>
64 bytes from yellow (10.1.1.1): icmp_seq=1 ttl=64
time=0.077 ms<br>
^C<br>
--- yellow ping statistics ---<br>
1 packets transmitted, 1 received, 0% packet loss,
time 0ms<br>
rtt min/avg/max/mdev = 0.077/0.077/0.077/0.000 ms<br>
<br>
</font></p>
<p><font face="Arial"><br>
</font></p>
<p><font face="Arial">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`<br>
</font></p>
<p><font face="Arial">/etc/network/interfaces:</font><br>
</p>
<br>
auto lo<br>
iface lo inet loopback<br>
dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95<br>
dns-search FQDN<br>
<br>
auto enp6s0<br>
<br>
iface enp6s0 inet dhcp<br>
dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
<br>
dns-search FQDN<br>
<br>
<br>
auto enp4s5<br>
allow-hotplug enp4s5 <br>
iface enp4s5 inet manuel<br>
gateway 10.1.1.1<br>
network 10.1.1.0<br>
netmask 255.255.255.0 <br>
broadcast 10.1.1.255<br>
<br>
# Before we can change the address we have to bring
the face down<br>
pre-up ip link set enp4s5 down<br>
<br>
# I don't know if I can use two ups. I don't know the
right way to do this.<br>
up ip address 0.0.0.0 dev enp4s5<br>
up ip link set enp4s5 up<br>
down ip link set enp4s5 down<br>
<br>
<br>
allow-hotplug wlp2s0 <br>
iface wlp2s0 inet manuel<br>
gateway 10.1.1.1<br>
network 10.1.1.0<br>
netmask 255.255.255.0 <br>
broadcast 10.1.1.255<br>
<br>
# I don't know if I can use two pre-ups. I don't know the
right way to do this.<br>
pre-up ip link set wlp2s0 down<br>
pre-up ip address 0.0.0.0 dev wlp2s0<br>
up ip link set wlp2s0 up<br>
down ip link set wlp2s0 down<br>
<br>
wireless-mode master<br>
wireless-essid XXXXXXXXXXXXXX<br>
wireless-channel 1<br>
wpa-ssid XXXXXXXXXXXXXX<br>
wpa-psk
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br>
gateway 10.1.1.1<br>
<br>
<br>
<br>
auto br0<br>
iface br0 inet static<br>
address 10.1.1.1<br>
network 10.1.1.0<br>
netmask 255.255.255.0<br>
broadcast 10.1.1.255<br>
bridge-ports enp4s5 wlp2s0<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 01/27/2018 03:20 PM, A
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f1884f9f-9043-f84f-9e27-8c06c41b40e7@bak.rr.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 01/27/2018 01:28 PM,
Simon Hobson wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<div>
<div>A <<a href="mailto:publicface@bak.rr.com"
moz-do-not-send="true">publicface@bak.rr.com</a>>
wrote:</div>
<br>
<blockquote type="cite">
<div text="#000000" bgcolor="#FFFFFF">I did
originally have two separate subnets with a /28
CIDR, but I was unable to reach the Internet
from blue and someone suggested I have one
subnet in order to act as a typical home router.
So I reconfigured everything and it's now borked
worse than it was. Said person disappeared
shortly after of course.<br>
<br>
There is no commercial router. Yellow is the
router, gateway, access point, dhcp server, dns
server, firewall (iptables) and more.<br>
</div>
</blockquote>
</div>
<br>
<div>OK, so this box is your gateway, AP, etc, etc. In
that case I believe that your setup is fundamentally
broken - you have TWO SEPARATE networks (one wired,
one wireless) running the same subnet. </div>
</blockquote>
<br>
Yes, that's how I was told to set it up by a helpful
individual. I was told since it was one subnet, no
routing would be needed. The wireless & wired
interfaces would be bridged. Seemed reasonable. It
sounds like you are suggesting exactly the same thing so
"fundamentally broken" seems a bit harsh.<br>
<br>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<div>Thus devices on the wired network cannot talk to
devices on the WiFi and vice-verca.</div>
<div><br>
</div>
<div>Bear in mind that I've not used WiFi in this
manner (I'm used to using external APs), so I am
unsure of some of the details. If you want to run a
single unified network then you will need to create
a bridge, and put the wired and wireless adapters
into that bridge - and put your address 10.1.1.1/24
onto the bridge. You will then have one network, and
the bridge software will pass packets between them,
as well as keeping track of which clients are in
which network segment.</div>
</blockquote>
<br>
I removed the bridge because I was unable to reach the
Internet from yellow (nor blue). And that is how things
stand now. Bridge up, Internet down. Bridge down,
Internet up. <br>
<br>
<br>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<div><br>
</div>
<div>As far as (almost) all software on your box is
concerned, you just deal with one interface (the
bridge, eg br0). What I am unsure about is how dhcpd
behaves in this case - hopefully someone who's run
this setup can comment ? I would hope that it would
use the bridge interface in the same manner as it
would use a "real" one, but there can be some subtle
differences.</div>
</blockquote>
<br>
I had it working with the bridge at one point - each box
could ping the other on both wired & wireless, but
blue couldn't reach the Internet. Lets see if we can
put it back.<br>
<br>
.... blue now receives an IP of .14; neither machine can
ping the other, though each can ping its own assigned
IP.<br>
<br>
# brctl show<br>
bridge name bridge id STP enabled
interfaces<br>
br0 8000.7085c23b1324 no
enp4s5<br>
enp6s0<br>
<br>
<br>
$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc
noqueue state UNKNOWN group default qlen 1000<br>
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: enp4s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc pfifo_fast master br0 state UP group default
qlen 1000<br>
link/ether c8:3a:35:da:42:72 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5<br>
valid_lft forever preferred_lft forever<br>
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc pfifo_fast master br0 state UP group default
qlen 1000<br>
link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff<br>
inet [xx.xx.xx.xx]/20 brd 255.255.255.255 scope
global enp6s0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::7285:c2ff:fe3b:1324/64 scope link <br>
valid_lft forever preferred_lft forever<br>
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu
1500 qdisc noqueue state DOWN group default qlen 1000<br>
link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0<br>
valid_lft forever preferred_lft forever<br>
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc noqueue state UP group default qlen 1000<br>
link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.1/24 brd 10.1.1.255 scope global br0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::7285:c2ff:fe3b:1324/64 scope link <br>
valid_lft forever preferred_lft forever<br>
<br>
# ip route<br>
default via 174.xx.yy.1 dev enp6s0 <br>
10.1.1.0/24 dev enp4s5 proto kernel scope link src
10.1.1.1 <br>
174.xx.yy.0/20 dev enp6s0 proto kernel scope link src
174.xx.bb.zz <br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org" moz-do-not-send="true">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org" moz-do-not-send="true">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org" moz-do-not-send="true">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org" moz-do-not-send="true">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org" moz-do-not-send="true">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
</body>
</html>