Bubba behind firewall -- setup routing?

shadowbox · Post by **shadowbox** » 07 Oct 2008, 20:47

I have BubbaII in configuration 6 from the manual:

Internet -> fw/router -> bubbaII

I have changed my LAN address to be on the fw/router network. So all machines on this side of the fw/router can see each other. But how do I get bubbaII to route through the fw/router to the internet?

Do I just add the lines myself to: /etc/networks/interfaces? Or is there someplace in the GUI where I'm missing it?

[I'll probably soon give up on doing things the nice-gui way in favor of my cherished CLI, but I just got this box yesterday, and don't want to hose myself too soon]

Post by **Binkem** » 08 Oct 2008, 02:54

You should set up port forwarding on the firewall/router so that the correct ports there are forwarded to Bubba's ip-address.

shadowbox · Post by **shadowbox** » 08 Oct 2008, 07:41

When I'm on the box (ssh) I can't ping anything on the internet because the packets aren't routed correctly. I believe your solution is for allowing the internet to touch my box behind the firewall -- that's not the case I'm trying to solve -- unless I'm misunderstanding my own problem.

my routing table looks like this:

Code: Select all

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

Post by **Binkem** » 08 Oct 2008, 08:03

have you entered the router's address as gateway in the bubba? (or do you use DHCP tot resolve internet adresses)?

shadowbox · Post by **shadowbox** » 08 Oct 2008, 09:04

The gateway is greyed out in on the LAN page if you have a static address.

It seems to me I should be using the WAN port, rather than the LAN port, since I'm not serving DHCP to clients and the WAN config screen has routing and DNS configuration options. I'd set the gateway to my router's address.

Maybe the picture in the manual is wrong.

Post by **Binkem** » 08 Oct 2008, 09:20

If you connect the wan port to the lan you cannot log in as admin; reversely, if you connect the lan to a router you would still be able to log in as admin from the internet. something for the BUBBA-team to think about?

shadowbox · Post by **shadowbox** » 08 Oct 2008, 10:10

sounds like manually adding the routes to the /etc/networks/interfaces file is the way to go.

Post by **Binkem** » 08 Oct 2008, 14:47

It's just a guess, but you might try setting the gateway on your WAN-settings. This gateway-address is copied to the LAN-tab on my bubba. Might just work (or not)

pa · Post by pa » 09 Oct 2008, 09:51

I think that the usecase of having a static IP on LAN and _not_ using B2 as a router has not been concidered and tested enough.
Is using dhcp on LAN not an option for you?

If not, you need to edit the interfaces file and add under the eth1 section:

gateway 192.168.1.xx

where 192.168.1.xx is the IP address of your router.

/PA

shadowbox · Post by **shadowbox** » 09 Oct 2008, 16:28

Yes, that's just what I did to get it working (/etc/network/interfaces)

Code: Select all

iface eth1 inet static
        address 192.168.1.99
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 1.1.1.23
        dns-search mydomain.com

I've never really understood why anyone would use DHCP for their relatively static LAN; and certainly never why they would want their server's address allocated dynamically. But ah well. I wasn't planning to use the Bubba interface for very long anyway.

trencarbe · Post by **trencarbe** » 10 Oct 2008, 14:18

can you ping other web sites and get answer with this configuration in /etc/network/interfaces?

shadowbox · Post by **shadowbox** » 10 Oct 2008, 14:20

yes. and can ssh from the internet to my bubba (mostly a function of the 3rd party router, of course)

btw: the DNS server and the domain name are bogus.

trencarbe · Post by **trencarbe** » 10 Oct 2008, 14:36

strange! here below is my setup in /etc/network/interfaces, but I cannot ping the outside world!

I can ping back and forth in my network, but nothing more than that. I get error message:

Code: Select all

bubba:~$ ping www.google.com
connect: Network is unreachable

My network setting:

Code: Select all

bubba:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eth1 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        gateway 192.168.1.254

iface eth0 inet static
        netmask 255.255.255.0
        address 192.168.10.100

My BubbaTwo is behind the router (192.168.1.254), connected to a switch. The Bubba itself is connected on the LAN network plug.

Suggestions on what is wrong??

shadowbox · Post by **shadowbox** » 10 Oct 2008, 15:49

what does "netstat -rn" give you?

trencarbe · Post by **trencarbe** » 12 Oct 2008, 12:53

It gives me:

Code: Select all

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

And /etc/network/interfaces:

Code: Select all

# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eth1 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.254

iface eth0 inet dhcp

But why??