# Problems when setting static IP on a network

## heitorpb

Hi, recently I installed Gentoo on my computer and I'm having a problem to set a static IP to it. I prefer a static IP here because its easiers to me manage files among the computers.

When using DHCP it works fine, but when I set the net.eth0 manually I lost internet connection.

Here I have a internet 'routed' modem at 192.168.1.254.

It connetcs directly to a router at 192.168.1.1 (I'll call it R1)

And another router (R2) is connected to R1, R2 is 192.168.2.1

Modem:

```

[b]TCP/IP Settings[/b]

Default Gateway:   200.204.210.254
```

R1:

```

Subnet Mask:   255.255.255.0

Default Gateway:   192.168.1.254     

DNS Server:   192.168.1.254
```

R2:

```

Subnet Mask :    255.255.255.0

Default Gateway :    192.168.0.1

DNS :    192.168.1.254 192.168.0.1
```

I don't know if this is useful:

```

$uname -a

Linux dino 2.6.35-gentoo-r4 #2 Fri Sep 17 21:55:18 BRT 2010 i686 AMD Athlon(tm) XP 1600+ AuthenticAMD GNU/Linux

```

```
$ sudo /etc/init.d/net.eth0 restart

 * Service net.eth0 stopping

 * Service netmount stopping

 * Service sshd stopping

 * Service netmount stopped

 * Service sshd stopped

 * Stopping eth0

 *   Loading networking modules for eth0

 *     modules: apipa arping ccwgroup iptunnel macchanger macnet rename ifconfig system dhcpcd ip6to4

 *   Bringing down eth0

 *     Stopping dhcpcd on eth0 ...                                        [ ok ]

 *     Shutting down eth0 ...                                             [ ok ]

 * Service net.eth0 stopped

 * Service net.eth0 starting

 * Starting eth0

 *   Loading networking modules for eth0

 *     modules: apipa arping ccwgroup iptunnel macchanger macnet rename ifconfig system dhcpcd ip6to4

 *       ifconfig provides interface

 *       dhcpcd provides dhcp

 *   Configuring eth0 for MAC address xx:xx:xx:xx:xx:xx ...               [ ok ]

 *   Configuration not set for eth0 - assuming DHCP

 *   Bringing up eth0

 *     dhcp

 *       Running dhcpcd ...

eth0: dhcpcd 4.0.15 starting

eth0: broadcasting for a lease

eth0: offered 192.168.2.100 from 192.168.2.1

eth0: acknowledged 192.168.2.100 from 192.168.2.1

eth0: checking 192.168.2.100 is available on attached networks

eth0: leased 192.168.2.100 for 10800 seconds                              [ ok ]

 *       eth0 received address 192.168.2.100/24

 * Service net.eth0 started

 * Service sshd starting

 * Service netmount starting

 * Service netmount started

 * Service sshd started

```

```
$ sudo ifconfig

eth0      Link encap:Ethernet  HWaddr 00:14:2a:1a:07:48  

          inet addr:192.168.2.100  Bcast:192.168.2.255  Mask:255.255.255.0

          inet6 addr: fe80::214:2aff:fe1a:748/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:467207 errors:0 dropped:0 overruns:0 frame:0

          TX packets:663293 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:86756360 (82.7 MiB)  TX bytes:562646631 (56.5 MiB)

          Interrupt:10 Base address:0x4000 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:108407 errors:0 dropped:0 overruns:0 frame:0

          TX packets:108407 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:12199376 (11.6 MiB)  TX bytes:12199376 (11.6 MiB)

```

I've tried on /etc/init.d/net.eth0:

```

config_eth0=( "192.168.2.102 netmask 255.255.255.0" )

routes_eth0=( "Default via 192.168.1.254" )  #also tried this line with 192.168.0.1

```

But but it lost internet connection.

How can I set a static ip for this computer?? An IP like 192.168.2.100?

Another simple question:

As you can see I use SSH to manage files among computers inside my network, but I can't acces my computer from outside my network. All that I have to do is to 'unlock' the port 22 in the modem, R1 and R2?

I am still a noob at Gentoo, I hope you help me   :Very Happy: 

ps: sorry for my bad english.

----------

## cach0rr0

can you connect via dhcp, and then post the contents of:

```

route -n

```

and as far as SSH from the outside goes, you'll have to forward port 22 on all routers (so cable modem=>R1(forward to 22 on R2 IP) => R2 (forward to 22 on your PC's IP) => PC

----------

## lma1980

I would just want to point out that based on your mask for R2. I dough that your default gateway on the LAN would be 192.168.0.1.

hence this configuration line is basically false :

 *Quote:*   

> routes_eth0=( "Default via 192.168.1.254" )  #also tried this line with 192.168.0.1

 

Using this line as a reference:

 *Quote:*   

> config_eth0=( "192.168.2.102 netmask 255.255.255.0" )

 

The proper configuration would be :

```
routes_eth0=( "Default via 192.168.2.1" )  # try 192.168.2.254 if my first guess didn't compute as expected.
```

I have tendency to evaluate against Network calculator : a little google search for IP calculator would give you one but here one I like (http://www.subnetmask.info/.

You may want to read a bit about subnet, IP mask and IP range calculation. It did help me understand basic routing principals.

----------

## heitorpb

Here is my route -n:

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0

```

When I tried with 

```
routes_eth0=( "Default via 192.168.2.1" )  # try 192.168.2.254, also tried 192.168.2.0
```

I got:

```
*   Bringing up eth0

 *     192.168.2.102                                                      [ ok ]

 *   Adding routes

 *     Default via 192.168.2.254 ...

Default: Unknown host                                                     [ !! ]

 * Service net.eth0 started
```

Then I lost internet connection

Lma1980, I didn't understand the site subnetmask.info

----------

## cach0rr0

 *heitorpb wrote:*   

> 
> 
> When I tried with 
> 
> ```
> ...

 

notice the output of net.eth0 starting up. It still tries default via 192.168.2.254, instead of 192.168.2.1

'Default' should be 'default'

lower case

your default route should indeed be 192.168.2.1, as is shown via route -n when you get an IP via DHCP.

----------

## krinn

what a complicate network for nothing 

Just set R2 to 192.168.1.9 and disable its dhcp

Then you just set your eth0 to route "default via 192.168.1.1"

and set eth0 to be 192.168.1.100 (well anyone you wish except 192.168.1.1 192.168.1.9 and 192.168.1.254)

And put 192.168.1.1 as your nameserver if you wish get DNS from it.

This way your linux will also valid a metric of 2 (because you'll have 2 hop).

This is valid if R2 is just a router used as a switch, but considering your questions, i really doubt you have a so big network that you need to passthru 2 different network with more than 255 hosts  :Smile: 

And you need to forward port 22 on R1 to 192.168.1.100 

You don't need to ask R2 to forward to port 22 as when R2 will see the datas the header will already tell him it's for 192.168.1.100:22

----------

## heitorpb

 *cach0rr0 wrote:*   

> notice the output of net.eth0 starting up. It still tries default via 192.168.2.254, instead of 192.168.2.1
> 
> 'Default' should be 'default'
> 
> lower case
> ...

 

Now my net.eth0 is:

```
config_eth0=( "192.168.2.100 netmask 255.255.255.0" )

routes_eth0=( "default via 192.168.2.1" )

```

And I get this when I restart eth0:

```
 ...

*   Bringing up eth0

 *     192.168.2.100                                                      [ ok ]

 *   Adding routes

 *     default via 192.168.2.1 ...                                        [ ok ]

 * Service net.eth0 started

```

It seems ok, but I lost 'some' internet conectivity.

I can access http://www.google.com.br/ but I can't access gentoo.or, I got 

 *Quote:*   

> Unable to load page
> 
> Problem occurred while loading the URL http://gentoo.org/
> 
> Cannot resolve hostname

 

Krinn, your tip didn't work, I got access only to R2.

And my network is not big, 6 computers, R1 and R2 have 4 lan ports each.[/glep]

----------

## cach0rr0

see if you can traceroute to 4.2.2.2 (you may need to emerge traceroute first - I personally prefer 'mtr' over standard traceroute actually)

Right now you're having DNS resolution issues. 

It *looks* like connectivity is now fine, but the traceroute to 4.2.2.2 will show you if you're getting out successfully (e.g. things are being routed where they need to go)

If things are indeed being routed where they need to go, all that's left is setting your nameservers in /etc/resolv.conf, testing to make sure things work, and then committing those changes by adding a dns_servers_eth0 setting to your /etc/conf.d/net  :Smile: 

----------

## robdd

Hi heitorpb,

Just sticking my nose in - I don't have any advice to offer on your DNS problems, but if you are a n00b then maybe you need some advice about setting up ssh access to your systems from the Internet:

Suggestion 1: DON'T use port 22. Pick a high numbered port, e.g. 54321, and either map that port in your firewall to port 22 on your local machine, or just change the ssh conf file on your local machine to listen on that port. There are compromised machines on the Net that continually scan IP addresses looking for an open port 22. If they find one then they start a dictionary-based attack to try to get in. Even if your ssh config. is secure it is a pain in the a***, because it uses up bandwidth on your Internet link. A few years ago we saw attacks like this on our office ssh server, and it generated heaps of IP traffic and slowed down our old ADSL-1 link.

Suggestion 2: You should certainly disallow root login via ssh. And it is highly desireable to set up your ssh server to only allow login using a matching public/private key pair. If you disallow password-based login then a dictionary-based attack can NEVER succeed. It means you have to carry around an ssh key on a USB stick or something, but it's so much more secure.

If you have any questions on how to set this stuff up don't hesitate to ask.

Regards,

Rob.

----------

## heitorpb

I added a "nameserver 192.168.2.1" to /etc/resolv.conf and it seems to work! Thanks for the patience and the help!!

I can traceroute:

 *Quote:*   

> $ traceroute 4.2.2.2
> 
> traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 60 byte packets
> 
>  1  192.168.2.1 (192.168.2.1)  0.398 ms  0.201 ms  0.287 ms
> ...

 

Is this correct?? Only *?

And what about adding a dns_servers_eth0 setting to my /etc/conf.d/net?? I have to add it?

Rob, yes, I'm a n00b. THank you for this advice about ssh.

But how can I configure to use the a higher port? How I disallow root login?

----------

## cach0rr0

that is definitely not a working setup. Unless, that is, you're dropping ICMP packets somewhere in the picture. 

```

[root@gw ~]# traceroute 4.2.2.2

traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 52 byte packets

 1  * * *

 2  ge-3-25-ur01.royalton.tx.houston.comcast.net (68.85.249.21)  8.942 ms  6.745 ms  8.143 ms

 3  po-11-ur02.royalton.tx.houston.comcast.net (68.85.244.90)  8.144 ms  7.637 ms  6.425 ms

 4  po-14-ar02.royalton.tx.houston.comcast.net (68.85.244.93)  9.417 ms  5.912 ms  6.381 ms

 5  po-112-ar02.royalton.tx.houston.comcast.net (68.85.245.158)  35.575 ms  11.477 ms  10.691 ms

 6  te-0-0-0-4-cr01.dallas.tx.ibone.comcast.net (68.86.90.149)  16.262 ms te-0-1-0-1-cr01.dallas.tx.ibone.comcast.net (68.86.91.53)  15.371 ms te-0-0-0-4-cr01.dallas.tx.ibone.comcast.net (68.86.90.149)  18.807 ms

 7  xe-11-2-0.edge3.Dallas1.Level3.net (4.71.198.13)  15.771 ms  15.332 ms  16.724 ms

 8  ae-41-90.car1.Dallas1.Level3.net (4.69.145.195)  17.125 ms ae-31-80.car1.Dallas1.Level3.net (4.69.145.131)  17.480 ms ae-41-90.car1.Dallas1.Level3.net (4.69.145.195)  16.670 ms

 9  vnsc-bak.sys.gtei.net (4.2.2.2)  14.529 ms  15.734 ms  16.243 ms

```

With the gateway set appropriately, and name servers added to /etc/resolv.conf, are you 100% certain your network is operational? It should be, but your traceroute is disconcerting. 

For setting your dns_servers_eth0, see /etc/conf.d/net/example. (i think the syntax is just dns_servers_eth0=("4.2.2.2") for example)

As far as doing key-based authentication for SSH, see this doc: http://www.gentoo.org/doc/en/articles/openssh-key-management-p1.xml

I use ssh keys, posted my sshd_config here, but there's loads of other discussion in that thread which is worth reading - https://forums.gentoo.org/viewtopic-t-846216-highlight-.html#6438661

----------

## heitorpb

Well, I can browse the internet, use emesene, I tested a ramdom torrent and it is working.

ACording to the /etc/conf.d/net.example the sintax is dns_servers_eth0="192.168.0.2 192.168.0.3"

But what IP should I use there?

Thanks for the links about SSH, I'll read them, If I dont understand I'll ask   :Very Happy: 

----------

## cach0rr0

 *heitorpb wrote:*   

> 
> 
> ACording to the /etc/conf.d/net.example the sintax is dns_servers_eth0="192.168.0.2 192.168.0.3"
> 
> But what IP should I use there?
> ...

 

whatever DNS servers you trust  :Wink: 

Personally I use 8.8.8.8  8.8.4.4 and 4.2.2.2

Those are publicly accessible DNS servers that have been reliable and speedy. 

You can probably use your ISP's DNS servers, or, your router IP (whenever you were using DHCP, /etc/resolv.conf should have been populated with a name server - you can use that one)

Any old reliable name server should do the trick, and setting that in /etc/conf.d/net ensures you have a name server configured when you start up the box.

----------

