# Hub networking question

## Canuck

I've recently picked up a Netgear EN104 4-port hub and am trying to use it for connecting both my machines to the internet.  My ISP gives me two dynamic addresses and I use easydns to make them pseudo-static.  It's an ADSL connection so although I get the two addresses, the modem they supply only has one connection (I don't understand that one).

My problem is that the machines cannot connect to each other.  Each machine can be reached from the internet side without any problems, but all attempts to establish a connection from one machine to the other, in either direction, are unsuccessful.

sample results:

--- ping statistics ---

3 packets transmitted, 0 received, 100% packet loss, time 2011ms

The IP address resolves correctly and I get the same results (nothing) if I use the fully qualified domain name or the explicit IP address.  Local attempts to connect to the web server are also unsuccessful, with lynx just waiting while trying to connect, and the same lack of results comes from trying a ssh connection.  All attempts to reach either machine from the internet are successful.

As I understand things, a hub should broadcast the same information to all ports, so this should work.  But obviously it doesn't or I wouldn't be writing this.

Does anyone have any suggestions?

Thanks

----------

## themaxx

i dont know if this helps, but i'll try:

if i understand you correctly, you connected your modem and your 2 computers directly to the hub, so both computers can connect to the internet. i dont think this is a good solution because both computers would get the same ip this way (the one your modem gets, when you connect to the internet) and thus cant connect to the other pc, because it has the same ip. (dont really know if i'm correct here...)

if you dont want to spend the money on a hardware-router you should at least get a third network adapter, put it in one of the computers and use this computer as router for the other one. would help alot i think...

edit: and give your pcs static ip's. should work then. only the one network adapter connected to the dsl-modem should have dhcp enabled.

----------

## Canuck

 *Quote:*   

>  i dont think this is a good solution because both computers would get the same ip this way (the one your modem gets, when you connect to the internet) and thus cant connect to the other pc, because it has the same ip. (dont really know if i'm correct here...) 
> 
> 

 

Thanks for the suggestion, but each machine does indeed have its own unique address as assigned by my ISP.  I believe that you're thinking of a router scenario, in which case the router obtains an IP from the ISP and then does NAT (Network Address Translation) to allow multiple machines to be connected with private addresses.

I don't want to use one of my machines as a router because that would defeat what I'm trying to do, i.e. - I want the machines independent of each other with unique addresses.  Currently they are independent of each other but they also can't reach one other, although either one can be reached by any machine on the internet.

Basically I want my old machine to be a mail and web server and my new machine to be whatever I happen to want it to be at the moment without disrupting anything.  I know I could do this by making the old machine a router as well and put the new machine behind it, but then reaching my new machine from a remote location becomes a hassle.  Besides, my ISP gives me two IP addresses so I want to use them and it's all working well except that the machines can't talk to one another.

I've done the PC as a router/firewall/web/print/NFS server thing before but now I want to do something different using a hub instead.  Perhaps I need to assign a second, private IP address to each of the network cards?  I'm not sure this will go over well on the ISP side though...  Maybe I really need a switch instead of a hub?  I'm not sure.

Any other suggestions?

Thanks

----------

## themaxx

another idea: have you contacted your isp and tried to get information from their side? at least they supplied the modem and made 2 ip addresses availabe to you. so they should know, how to get this working... except they think you should use both ip adresses on one computer (for handling two webservers on one machine for example or different services on different domains...). 

to your idea with the switch: i dont think this would work. as far as i understand the differences between a hub and a switch it is only a matter of getting different speed networks to work better together.

for example if you have an ethernet network with 2 computers and a fast ethernet network with 2 computers you could transfer data between the 2 fast ethernet computers with 100 mbit while transfering data between the ethernet computers with 10 mbit without slowing down the two fast ethernet computers to 10 mbit, like a hub would do.

and yes. i was thinking of a router scenario. perhaps its just me not knowing enough about how tcp/ip works, but i think you already have such a scenario. you have ONE connection to the internet but you have TWO ip's  . you already route traffic through one connection to two different machines, dont you? 

now a question to understand your situation better: how do the two ip-addresses get assigned to your pcs? do you do that manually or via dhcp? does your dsl modem assign the addresses to your pcs or does the gateway from the isp do that?

another question: do you use the dns-server of your isp? if you do the problem could be, that your pcs when trying to contact the other one send a request to that dns-server, which gives back the location of the pc itself (the dsl-modem in this case)... but i think i made a mistake there... from the outside the connection to your pcs work, right? so this shouldnt be the problem.  but now the problem is: if any machine on the internet can reach your 2 machines - why cant they while being linked to the internet reach the other one through the internet?

hm. this is rather interesting though i fear i cant be of much help to you. sorry.

you said something about giving the network-adapters alias-ips. i think it would be worth a try. if they are private, they shouldnt make problems on the internet (though you might want to ask your isp about that), but should work over the hub without asking any dns-servers or stuff... 

okay.. thats it. i dont think i got better ideas... sorry for not being very helpful.

[edit:]

just found something interesting. is not exactly the same problem like your, but perhaps it could help:

https://forums.gentoo.org/viewtopic.php?t=129335&highlight=

----------

## fimblo

Could be wrong, but it sounds like your ISP has turned on proxy-arp on the router closest to you. (unless your two puters are on two separate subnets...)

When you try to connect to another unit on your subnet, your computer does the following:

1) if src ip and destination ip are on the same subnet (by using the netmask), go to point 2. Otherwise, send to default gateway.

2) look in the local arp table to see if there is an entry there which maps the destination ip with the corresponding MAC address of the destination network interface card (NIC). If its there, create an ethernet frame with the internet packet as the payload and send it down the wire.

3) otherwise create an arp request, which in essence just asks everyone on the subnet if anyone has this IP number. If someone does, they reply with their MAC address, which you put in your arp table. Then your puter can happily send the data down the wire.

What Proxy-arp does is this: if any unit on the subnet has this option turned on (eg. the ISP router), then this unit will reply that it has the ip number you arped for and sends its MAC address to you even if in reality, some other puter has it. The consequence is that everything sent in the network will be sent to the router. I suppose you can see this as a level-2 default gateway functionality...

you can try to get around this by adding an entry in the ARP table yourself (as root):

```
arp -s <ip number of other puter> <mac address of other puter>
```

then try to ping it or something. If this works, it was a proxy-arp problem. If it doesnt, well.. its something else  :Smile: 

btw themaxx: a switch and a hub are different, but in another way:

a hub works on level 1, its a totally stupid unit which is in reality just a multi-port repeater. If you send a signal into one of the hubs ports, it just repeats the entire frame to all other ones. (So in this case your ARP request is sent to both your other computer and the ISPs router)

a switch works on level 2, i.e. it understands mac addresses. It sniffs the header of the ethernet frames, hunting for MAC addresses and where they come from. It keeps this information in a little table so that it knows that MAC address aa:bb:cc:dd:ee:ff is somewhere down port x. After a very short while it knows where every host is on the subnet and can then "route" ethernet frames. Its a multi-port bridge, I guess you could call it.

So another (more expensive) way to test if the ISPs router is running proxy-arp is to put in a switch. As long as you connect the two computers to it first, so that their mac addresses are registered , then the cable from the ISP, the switch should forward traffic correctly. But then, this depends on the switch, so perhaps this is a bad way to test...

But I guess the absolutely easiest way to figure this out is to phone them  :Wink: 

hope this helped!

/fimblo

----------

## Derringer

As fimblo states, something is wrong on your ISP end.  If your two machines are getting unique IP addresses, reachable by the Internet, then why is the router you are hitting with a request from your machine not being bounced back to your hub?  The problem is with whatever machine your ISP is designating as the gateway.  That machine *should* be bouncing those requests back to your hub if it is working properly, and it is not.  

As Fimblo alludes to in a specific case which could be the problem, your machines are not getting properly serviced by the gateway.  Something is misconfigured here, and your ISP needs to give you answers.

----------

## jmoeller

Well, I don't think jumping all over your ISP will help you out that much.   :Smile: 

themaxx had the right idea.  You should go to your ISP, tell them how you want to set your network up, and how this will work with two addresses.

----------

## lame

This isn't so much a "problem" with the ISP as the way it's configured.  Calling them up to complain will result in no help.  The ISP I work for is setup this way, and any issues similar to this basically get a standard "not-supported" response.

Adding a static route as fimblo mentioned is your best bet.

----------

## themaxx

 *Quote:*   

> btw themaxx: a switch and a hub are different, but in another way:
> 
> a hub works on level 1, its a totally stupid unit which is in reality just a multi-port repeater. If you send a signal into one of the hubs ports, it just repeats the entire frame to all other ones. (So in this case your ARP request is sent to both your other computer and the ISPs router)
> 
> a switch works on level 2, i.e. it understands mac addresses. It sniffs the header of the ethernet frames, hunting for MAC addresses and where they come from. It keeps this information in a little table so that it knows that MAC address aa:bb:cc:dd:ee:ff is somewhere down port x. After a very short while it knows where every host is on the subnet and can then "route" ethernet frames. Its a multi-port bridge, I guess you could call it.
> ...

 

thanks very much for this clarification! it's very appreciated.

if you woudln't mind you could answer this quick question for me:

did i just mix up "switch" and "switched hub"?

tia

----------

## Derringer

 *lame wrote:*   

> This isn't so much a "problem" with the ISP as the way it's configured.  Calling them up to complain will result in no help.  The ISP I work for is setup this way, and any issues similar to this basically get a standard "not-supported" response.
> 
> Adding a static route as fimblo mentioned is your best bet.

 

I agree on the static route, but I guess I'm just a purist.  If they are offering '2 IPs', they should go the distance and really offer them.  I know its a concession, but it just bothers me =/

----------

## jmoeller

 *lame wrote:*   

> This isn't so much a "problem" with the ISP as the way it's configured.  Calling them up to complain will result in no help.  The ISP I work for is setup this way, and any issues similar to this basically get a standard "not-supported" response.
> 
> Adding a static route as fimblo mentioned is your best bet.

 

Eh.  Fine point.   :Smile: 

Probably just having the defualt gateway set to the ISP's gateway should work, as long as the machines' subnets are set to the same as the ISP.

Still, though, the problem with reaching the other computer shouldn't happen.  You've set up DNS for them, right?  What happens when you do a name lookup on the DNS address?  Do you get the right IP address?  Have you tried connecting using the IP addresses directly?

Proxy arp or not, if they're on the same hub, they should be talking to each other.

----------

## Derringer

jm: Thinking about it, I couldn't understand either how that other machine isn't just picking up those requests right off the hub, but it could be my understanding of Gateways or the way these two IPS are configured.

If the DHCP client is giving these two machines a gateway address, the outgoing packets are going to be destined there before being routed, correct?  Or should the other machine pick off that packet before it even gets to the gateway ?  Slight bit of confusion on my part, but I thought it was the former.  (I have not used an old-school non-switching hub in a long time though, so that could be tainted my memory).

Only other thing I can think of is that somehow the DHCP server is giving him two seperate subnets, which would seem very, very strange, but could cause one to not see the other.  I actually saw this on a cable modem ISP setting things up for a buddy one time.  He had purchased 1 additional IP, and the DHCP server was giving each machine a different subnet mask.  The only issue here was that the two machines had to go outside the local network of 100mb and to the gateway before coming back, so local network traffic was severely slowed.

----------

## jmoeller

If they're on the same subnet, and the same hub, they should be talking to each other locally, period.  

Say the router picks up the arp request before the other station.  Then it might proxy-arp for it, but will then ignore the packet, since its destination net is the same as its source net.  But once that other station sends any traffic at all, its IP address will be associated with its mac address in both the router and the first station.  The router then will not proxy-arp for it, and will still ignore it, since it's destined for the same net.

Now, if, like you said, that the two are getting different subnets, then the router would have to route between them.

The best way to tell what's going on is to run ifconfig on both machines and see if their subnets match.  If they do, then traceroute would be the next step.  There shouldn't be any hops between the two machines.

-EDIT-  Traceroute's often more useful than ping because you can see the path of the packet.  Also, when you do ping, watch the lights on your hub.  Do they light up for both machines?

----------

## jmoeller

I thought of something else, too.  You might want to put a sniffer program on each machine (like ethereal), and record traffic as you ping/traceroute.  When you ping on one machine, record raffic on the other.  Does the second machine see it?  Do the same thing the other way around.  When you ping the first machine from the second, does the first machine see it?  Does the second machine see the reply from the first?

If they're just not resonding, do you have some kind of firewall set up?

These are just ideas, but it should be a good way to determine if the machines are seeing each other.

----------

## fimblo

sorry guys, but I think I didnt make myself clear- If the routers ISP claims that it has every IP number in the world by sending its MAC address to all your ARP queries, there is no way communication between two computers can happen (assuming the network protocol runs over ethernet).

You dont have to complicate the picture with talk of dns, firewalls, etc, since all of those applications run over ip. 

 :Exclamation: 

EDIT: oops, sorry about the agressive nature of this post, I didnt mean to be so definitive. jmoeller- your explaination could be the right thing, but I'd like to add that if you set proxy-arp can be configured together with a level-3 gateway configuration, making it not bother at all about the local subnet... in which case it is a black hole, which is great if all you want to do is connect the outside world...  :Smile: 

----------

## jmoeller

Actually, I don't mean to cause problems, but your information is incorrect.  I actually ran an experiment by turning on proxy arp on my router, just to confirm it.  

I cleared the arp cache on one of my stations, and when it ARPed for the other station, only the other station responded.  The router DID NOT respond (I did a trace just to be sure).

Proxy ARP is not the problem here.  The two stations should still be able to talk to each other, if on the same hub, proxy arp or not.

I gave those ideas about troubleshooting, because this is how I have experience troubleshooting routing problems from my old job.  Running a sniffer, looking at the DNS issues, firewalls, etc. are all important.

-EDIT-

I didn't see your edit.  It's okay, we all want the correct info out there.   :Smile:   It just sems silly to me that an ISP would set a configuration that would cripple communication on a local subnet, so I wanted to be sure to get the right info out there.

----------

## ARC2300

Just out of curousity, do you know what your subnet is?

If it's 255.255.255.254, you're not going to be able to communicate to the other computer like it was on your LAN.

That subnet mask will only allow for you to communicate with your own IP address and no one else's.  A lot of ISP's do this so that:

A)  You can't run a huge LAN on their network

B)  When Joe User connects with an MS machine, it makes it a little harder to find him.  Windows uses NetBIOS to communicate machine names by default, and if you have a subnet of 255.255.255.254, your NetBIOS name can't be broadcast out since it can't traverse subnets (or routers, however you'd like to look at it).

At least from reading the thread, that seems to be the issue to me.

Also, as just because two computers have the same subnet doesn't mean they'll talk.

192.168.0.1 and 192.168.1.1 both have a subnet of 255.255.255.0, but you won't get them to talk unless you have a router stuck between them.

Also, of course a sniffer will pick up traffic that's going through a hub.  Hubs simply regenerate a signal and broadcast it out to whatever is hooked up to it.  Hence why a hub is extremely insecure.  Anyone hooked up to it can see anything you're sending.  Or at least that way my understanding from my networking and MCSE classes.

From personal experience, I had two computers hooked up to a hub, then a cable modem.  I couldn't get them to talk to each other no matter what I tried.  Purchased a router, and things went just fine then.

----------

## jmoeller

 *ARC2300 wrote:*   

> If it's 255.255.255.254, you're not going to be able to communicate to the other computer like it was on your LAN.

 

Fine point here.  I hadn't even thought of that.  But it still goes along the same lines of finding out what subnet each machine is on, which is a point I made before.

 *ARC2300 wrote:*   

> Also, as just because two computers have the same subnet doesn't mean they'll talk.
> 
> 192.168.0.1 and 192.168.1.1 both have a subnet of 255.255.255.0, but you won't get them to talk unless you have a router stuck between them.

 

Unfortunately, on this point, I have to get the right information out again.

First off, I think you mean subnet mask of 255.255.255.0.  If 192.168.0.1 and 192.168.1.1 both have that subnet mask, then no, they are not on the same subnet.  With a mask of 255.255.255.0 they have subnetworks of 192.168.0.0 and 192.168.1.0, respectively.

And yes, with 255.255.255.0, 192.168.0.1 and 192.168.1.1 would have to have a router between them.  But that still goes back to finding out the subnets of each host.

-edited for original inaccuracy-

----------

## ARC2300

Thank you for illustrating my point.

If the person doesn't know to even possibly look at a subnet mask, then asking them to look at a subnet is simply going to get you a blank look.

I made the same mistake before I took networking classes of thinking a subnet/subnet mask were the same thing, and I finally figured it out when a CCNP explained it to me.

 *Quote:*   

> First off, I think you mean subnet mask of 255.255.255.0. If 192.168.0.1 and 192.168.1.1 both have that subnet mask, then no, they are not on the same subnet. They're both on the same class B network of 192.168.0.0, but that has a mask of 255.255.0.0. With a 24-bit mask (255.255.255.0), they have subnetworks of 192.168.0.0 and 192.168.1.0, respectively.
> 
> And yes, with 255.255.255.0, 192.168.0.1 and 192.168.1.1 would have to have a router between them. But that still goes back to finding out the subnets of each host.

 

Please, explain yourself farther.  You seem to be trying to show that supernetted class C is a subnet of a class B.  For someone that has no idea what super/sub netting really does, that's confusing as hell.

Anyways, whatever the case, unless you're heavy into network knowledge, 90% of people don't distinguish between subnet and subnet mask.  The same as the difference between hacker and cracker.  You seem to know, I believe that I know, but the person who can't get their computers talking obviously doesn't know the difference.  

Also, just a last point, in order to find out which subnet the person was on, that said person would have to know how to figure out what the heck the mask meant and how many hosts it was masking out.  To me, that's not something an ordinary (even Linux using) computer person knows how to figure out.   :Confused: 

Anyways, before I confuse myself more, just check that your subnet mask isn't 255.255.255.254 before running around trying to catch your tail when it's already been bobbed off.   :Confused: 

And pardon my ramblings, as it's midnight and I'm half asleep.

----------

## jmoeller

Blah.  Yes, you're right, they're both class C's.  I'll edit my post to prevent confusion.   :Embarassed: 

But my point still stands.  192.168.0.1 and 192.168.1.1 aren't on the same subnet.  The problem with confusing subnet and subnet mask is things just like this.  They're different subnets, but their subnet masks are the same.  This is why I like to educate people about this so that they are less confused.

 *ARC2300 wrote:*   

> Also, just a last point, in order to find out which subnet the person was on, that said person would have to know how to figure out what the heck the mask meant and how many hosts it was masking out. To me, that's not something an ordinary (even Linux using) computer person knows how to figure out.

 

Ummm.... I'd like you to see my third post on this thread, but I'll save you some time:

 *jmoeller wrote:*   

> Now, if, like you said, that the two are getting different subnets, then the router would have to route between them. 
> 
> The best way to tell what's going on is to run ifconfig on both machines and see if their subnets match. If they do, then traceroute would be the next step. There shouldn't be any hops between the two machines.

 

As you can see, I explained how to find the subnet information out.  And for this example, it doesn't matter "how many hosts it was masking out", just whether or not they match!  Even if the original poster (whom I suspect by now has lost interest) or anyone else didn't understand, they could post the results of ifconfig and ask for an explanation.

-EDIT-

Look, I apologize to everyone for my zealousness, but what this all comes down to is that if they are on the same subnet connected to the same hub, they should talk to each other.  If they differ in subnet, then they need a router.

----------

## Hara

Well, Canuck hasn't responded in a while. Also I don't know if we even reached a valid conclusion. I have a network at my apartment from a isp with 4 dynamic ips. The setup is like this

cable-modem -> switch -> 4 comps

We can use the internet just like you said, but connecting to each other is impossible unless I hardcode the IPs to make them have the same netmask and network ID (but than I lose internet).

Basically, you will need a router (or setup a prox) if you want both.

Its pretty much that simple.

The reasons for this is because the way you get your IPs (ISP's dhcp) is somewhat random (IE you won't always be on the same network [as you usually are])

I could be wrong, but after trying to get my network here work like that for 2 weeks, I am sure there is no other way (at least easy way).

----------

## jmoeller

Yeah, it depends upon your ISP, but basically, you're right.  You need to look at what the ISP gives you for addresses.  You can look at this with ifconfig.

Seeing as Canuck's kind of gone away from this issue, I'm done.  We've all been basically saying the same thing, that it depends upon the subnets, and if they differ, router time.

I feel so idiotic for dragging this out.    :Razz:   :Laughing: 

----------

## fimblo

hmm. you were completely right jmoeller- I did my homework and regular implementations of proxy-arp (on Cisco boxes) cannot be configured to steal mac addresses of entities on the local network. I stand corrected  :Smile: 

about the netmask size /31 (255.255.255.254) I reacted there a sec, since originally these were illegal netmasks, but I remembered that they were made legal by the IETF  RFC 3021 in december 2000. 

I didnt know that it was used  :Smile:  The ISP I work for is a backbone AS, so we dont have very many small directly connected networks...

cheers, and fun discussion here- networking is fun   :Wink: 

----------

## madchaz

Well, ok, I didn't read everything, but I got the general idea that most people missed the actual point. 

The reason your 2 computers cannot and actualy should not be able to speak is simple, you're trying to use the internet adress. This means that for your machines to be able to talk directly like that, they would need to have a netmask other then 255.255.255.254(5) and that is what most ISP will give you. Also, it means you have to have a lot of service ports opened on the net you may not want open

What you need to do is give your NICs 2 dif IP adress. One for the ISP (if it uses PPPoE, you don't even need to give it one) and one for your internal network. This way, when they are reaching for the internet, they will go throught your ISP, but will talk to eachother when trying to get services from one another using the (exemple) 192.168.0.x adress

Look in /etc/conf.d/net for how to do that

----------

## themaxx

no offense madchaz, but one of the latest posts just addressed exactly that point (netmask 255.255.255.254). 

to be exact in one of the first posts the original poster suggested to himself to give alias-ip's to the nic's.

perhaps this is the reason why Canuck doesn't reply anymore - the problem is already solved?

----------

## Canuck

Thanks for all the responses, it's great!

To remove the mystery as to why I haven't responded, well I posted on Monday and then on Friday I went snowboarding for the weekend so now it's Monday and I see that things were quite busy over the weekend.

So, I'll have to look at some of the responses in a bit more detail this evening as I'm late for work already.

I'll try to get the output from ifconfig on both machines posted but it will take a bit of juggling as I can't reach the one from the other so that makes putting this information together more difficult.

By the way, are there any comments on using of a second, private IP address for each machine and then just putting them in the hosts file on each machine?  Of course then I'd have to specify the lookup order as 'hosts, dns' but that shouldn't be a problem I would think.

Any comments or suggestions on using this approach?  Does anyone see any possible pitfalls?  I've never used an IP address alias before but I have done the /etc/hosts setup in the past.

Thanks in advance!

Tom

----------

## ARC2300

Hope you had fun snowboarding!!   :Very Happy: 

Jm>  I get what you were saying.  You'll have to pardon moi, as it was around 1am this morning when I read that, and I'd been toying with my comp trying to figure out why ripping DVD's caused XMMS to run like (pardon the language) shit.   :Confused:   Took me about 2 hours to realize I should check DMA.  Anyways. . .

In theory, I would say an alias may work.  What I would do would be to alias the NICs, get a DHCP address real quick, then unhook the hub from the modem in case, for some strange reason, it opens up your system to massive security holes (one never knows).

But I would say that in theory, using a 192.168.x.x address with a 255.255.255.0 subnet mask should do the trick.  BUt then again, I've never had need to alias a NIC.

----------

## Hara

Well,

madchaz seemed to find the hard solution I couldn't find (or actually easy solution, it shouldn't be too difficult). Like he said, you can't network your comps using the ISP assigned addys. (However, I am able to at VERY rare times when the ISP gives us a netID that are equal to each other. [My subnet mask is 255.255.255.0 so this is possible]  :Wink: ).

As for IP aliasing, I never knew it could be used in this manner, so I can't help much. (I'm really going to have to read up on ALL this useful networking stuff  :Very Happy: ). To get it up, you're just going to have to read up on it and tell us the problems as they come.

Because these computers are physically connected to each other, this should work.

----------

