[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Struggling with "snatty" beast



I am struggling with a real beast, and it is the AXIS 82's second Ethernet
port :)

My attempts at getting a simple nat (snat) iptables implementation to work
is failing and I believe that there may be some issue with eth1.

When I perform:
	ifconfig eth1 hw ether "00:40:86:63:10:A0"

I get the error:
	"SIOCSIFHWADDR: Device or resource busy"

In dmesg:

	eth0 initialized
	eth0: changed MAC to 00:40:8C:CD:00:00
	rtl8150.c: eth1: rtl8150 is detected
	eth0: changed MAC to 00:40:8C:63:10:A0
	00:40:8C:63:10:<7>eth0: no IPv6 routers present
	eth1: no IPv6 routers present
	eth0: changed MAC to 00:40:8C:63:10:A0

It seems as if eth1 is not getting its MAC address set during the init
phase.  Could this be the problem here?

Basically, if I issue /etc/init.d/net.eth1 restart, things seem to work.  If
I issue /etc/init.d/net.eth1 stop and then /etc/init.d/net.eth1 start, I get
a failure.  Only restart works properly (or so it appears).

Here's the configuration for the AXIS 82:

eth0      Link encap:Ethernet  HWaddr 00:40:8C:63:10:A0
          inet addr:192.168.1.90  Bcast:192.168.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1596 errors:0 dropped:0 overruns:0 frame:1
          TX packets:655 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:107253 (104.7 kiB)  TX bytes:88628 (86.5 kiB)
          Interrupt:17 DMA chan:1

eth1      Link encap:Ethernet  HWaddr 00:40:8C:63:10:A1
          inet addr:192.168.0.90  Bcast:192.168.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7200 (7.0 kiB)  TX bytes:3070 (2.9 kiB)

I don't have a default gateway set for eth1.  Should I?  If so, what should
it be set to?  eth0's default gateway is the router I use for the internal
lan, which is at 192.168.1.1


When I start udhcpd (the AXIS dhcp server) I see in ./var/log/messages:

Jul 30 14:19:06 AxisProduct udhcpd: udhcp server (v0.9.8) started
Jul 30 14:19:06 AxisProduct udhcpd: SIOCGIFADDR failed, is the interface up
and configured?: Cannot assign requested address
Jul 30 14:19:21 AxisProduct udhcpd: udhcp server (v0.9.8) started
Jul 30 14:20:30 AxisProduct udhcpd: sending OFFER of 192.168.0.20
Jul 30 14:20:30 AxisProduct udhcpd: sending ACK to 192.168.0.20

It appears that the client gets the ip (from eth1), but I am worried about
that SIOCGIFADDR error.


The client, connected to the AXIS 82 eth1 port, is configured as follows:

eth1      Link encap:Ethernet  HWaddr 00:50:BA:F7:A4:5F
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::250:baff:fef7:a45f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17526 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7755 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7173794 (6.8 Mb)  TX bytes:930848 (909.0 Kb)
          Interrupt:10 Base address:0x2400

eth2      Link encap:Ethernet  HWaddr 00:E0:29:3E:63:22
          inet addr:192.168.1.80  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:29ff:fe3e:6322/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9250 errors:0 dropped:0 overruns:0 frame:0
          TX packets:226 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:678206 (662.3 Kb)  TX bytes:24750 (24.1 Kb)
          Interrupt:11 Base address:0x2800

The client's eth1 is connected to the internal lan.  The axis eth0 port is
connected to the internal lan.  The client's eth2 is connected to the AXIS
82's eth1 port via a switch (this is isolated from the intenal lan).  The
internal lan is on the 192.168.1 subnet.  The ip address between the AXIS 82
and the client's eth2 is is on the 192.168.0 subnet.

The client does not have any iptables filtering enabled:

/sbin/iptables -t nat -L
	Chain PREROUTING (policy ACCEPT)
	target     prot opt source               destination

	Chain POSTROUTING (policy ACCEPT)
	target     prot opt source               destination

	Chain OUTPUT (policy ACCEPT)
	target     prot opt source               destination


Strangely, I am able to ping the axis's eth0 address (192.168.1.90) from the
client side:
	ping -c 2 192.168.1.90 -I eth2

And I get packets back just fine.  What's VERY strange about this is that
the ping gets through, even tho I have not loaded iptables at all for the
test.  (I run a script that totally clears any existing iptables to be
certain).

With my iptables command issues (below) any attempt to ping outside the
AXIS's eth0 adapter fails with "destination host unreachable".

Here's the iptables command I am issuing to establish snat on the AXIS 82:

	iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source
192.168.1.90
	echo 1 > /proc/sys/net/ipv4/ip_forward

Here's what iptables -t nat -L says:

	Chain PREROUTING (policy ACCEPT)
	target     prot opt source               destination

	Chain POSTROUTING (policy ACCEPT)
	target     prot opt source               destination
	SNAT       all  --  anywhere             anywhere
to:192.168.1.80
	SNAT       all  --  anywhere             anywhere
to:192.168.1.90

	Chain OUTPUT (policy ACCEPT)
	target     prot opt source               destination


Here's the client routing table:

/sbin/route
	Kernel IP routing table
	Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
	192.168.1.0     *               255.255.255.0   U     0      0
0 eth1
	192.168.1.0     *               255.255.255.0   U     0      0
0 eth2
	169.254.0.0     *               255.255.0.0     U     0      0
0 eth2
	default         192.168.1.1     0.0.0.0         UG    0      0
0 eth1

And here's the AXIS 82 routing table:

	Kernel IP routing table
	Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
	192.168.1.0     *               255.255.255.0   U     0      0
0 eth0
	192.168.0.0     *               255.255.255.0   U     0      0
0 eth1
	default         192.168.1.1     0.0.0.0         UG    0      0
0 eth0


It seems to me that with the thing wide open I should easily get through,
and that I should not get through to eth0 (from a client connected on eth2
on a different subnet) when I have no snat loaded.

Any ideas out there?

Ps: Does anyone know why it takes several hours for a message to finally
appear on this reflector?


Mark Richards