Share internet connection/make a small server
Antonio Olivares
olivares14031 at yahoo.com
Thu Sep 1 11:53:53 UTC 2005
--- Jeff Vian <jvian10 at charter.net> wrote:
> On Wed, 2005-08-31 at 17:16 -0700, Antonio Olivares
> wrote:
> >
> > --- Jeff Vian <jvian10 at charter.net> wrote:
> >
> > > On Wed, 2005-08-31 at 12:20 -0700, Antonio
> Olivares
> > > wrote:
> > > >
> > > > --- Antonio Olivares <olivares14031 at yahoo.com>
> > > wrote:
> > > >
> > > > >
> > > > >
> > > > > --- Alexander Dalloz <ad+lists at uni-x.org>
> wrote:
> > > > >
> > > > > > Am Di, den 30.08.2005 schrieb Antonio
> Olivares
> > > um
> > > > > > 15:02:
> > > > > >
> > > > > > > > Make sure you have forwarding set on
> on
> > > the
> > > > > > gateway
> > > > > > > > host:
> > > > > > > >
> > > > > > > > $ cat /proc/sys/net/ipv4/ip_forward
> > > > > > > >
> > > > > > > > must print out "1" (without quotes).
> If it
> > > > > does
> > > > > > not,
> > > > > > > > then activate it in
> > > > > > > > /etc/sysctl.conf and run "sysctl -p".
> Make
> > > too
> > > > > > sure
> > > > > > > > the gateway does NAT
> > > > > > > > by an iptables rule like:
> > > > > > > >
> > > > > > > > iptables -A POSTROUTING -o eth0 -j
> > > MASQUERADE
> > > > > > > >
> > > > > > > > [eth0 should be in your case the
> outgoing
> > > > > > device]
> > > > > > >
> > > > > > > eth0 is the incoming connection should
> eth1
> > > be
> > > > > the
> > > > > > > outgoing. I'm a little confused but
> getting
> > > > > > there.
> > > > > >
> > > > > > The device given with -o <device> has to
> be
> > > the
> > > > > > public net device.
> > > > > >
> > > > > > > [root at rio ~]# cat
> > > /proc/sys/net/ipv4/ip_forward
> > > > > > > 1
> > > > > >
> > > > > > Ok.
> > > > > >
> > > > > > > [root at rio ~]# iptables -A POSTROUTING -o
> > > eth0 -j
> > > > > > > MASQUERADE
> > > > > > > iptables: No chain/target/match by that
> name
> > > > > >
> > > > > > Sorry, my fault. Above should have been
> for
> > > the
> > > > > NAT
> > > > > > table (by default
> > > > > > iptables takes the filter table):
> > > > > >
> > > > >
> > > > >
> > > > === message truncated ===
> > >
> > > > I'm trying continually to solve this issue and
> I
> > > have
> > > > tried with a windows2000 machine and I get
> this
> > > >
> > >
> > > Reading thru what you have below, this seems to
> most
> > > certainly be a
> > > routing/firewalling/masquerading issue on the
> linux
> > > box.
> > >
> > > >From the windows box try this and let us know
> the
> > > results.
> > > 1. ping 192.168.100.1
> >
> > [olivares at rio floppy]$ cat ping1
> >
> > Pinging 192.168.100.1 with 32 bytes of data:
> >
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> >
> > Ping statistics for 192.168.100.1:
> > Packets: Sent = 4, Received = 4, Lost = 0 (0%
> > loss),
> > Approximate round trip times in milli-seconds:
> > Minimum = 0ms, Maximum = 0ms, Average = 0ms
> >
> >
> > > 2. ping 10.154.19.136
> >
> > [olivares at rio floppy]$ cat ping2
> >
> > Pinging 10.154.19.136 with 32 bytes of data:
> >
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> >
> > Ping statistics for 10.154.19.136:
> > Packets: Sent = 4, Received = 4, Lost = 0 (0%
> > loss),
> > Approximate round trip times in milli-seconds:
> > Minimum = 0ms, Maximum = 0ms, Average = 0ms
> >
> >
> > >
> > > 3. If both those work, then try a ping to
> > > 10.154.19.130
> >
> > [olivares at rio floppy]$ cat ping3
> >
> > Pinging 10.154.19.130 with 32 bytes of data:
> >
> > Request timed out.
> > Request timed out.
> > Reply from 10.154.19.136: Destination host
> > unreachable.
> > Request timed out.
> >
> > Ping statistics for 10.154.19.130:
> > Packets: Sent = 4, Received = 1, Lost = 3 (75%
> > loss),
> > Approximate round trip times in milli-seconds:
> > Minimum = 0ms, Maximum = 0ms, Average = 0ms
> > [olivares at rio floppy]$
> >
>
> Ok, this clearly shows that it is likely you are
> having problems with
> NAT (masquerading) &/or routing/firewalling. Your
> windows machine can
> connect to and see both interfaces on the Linux
> server but cannot get
> beyond that. I assume your Linux box has full access
> to the internet
> when I say this.
>
> Check out the basic firewall rules for doing ip
> forwarding and
> masquerading. In your case eth1 is the LAN and eth0
> is the WAN.
>
> I do not have a basic setup available for FC
> firewalling since my
> firewall machine is running RH7.3 with ipchains and
> FC uses iptables.
> (My firewall machine is an old P3 with only 32mb
> memory and cannot run
> any version of FC.)
>
> I will try to set up a list of rules that are basic
> and will handle what
> you need and send a sample to you. Others may beat
> me to it, and
> welcome if they do.
>
> To see what you currently have as iptables rules,
> try "iptables -L" and
> send that.
> Also send the contents of /etc/sysconfig/iptables
>
=== message truncated ===
[olivares at rio ~]$ iptables -L
bash: iptables: command not found
[olivares at rio ~]$ su -
Password:
[root at rio ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere
anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere
anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251
udp dpt:5353
ACCEPT udp -- anywhere anywhere
udp dpt:ipp
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
[root at rio ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*mangle
:PREROUTING ACCEPT [4991:3431359]
:INPUT ACCEPT [4887:3424427]
:FORWARD ACCEPT [96:6000]
:OUTPUT ACCEPT [4459:969407]
:POSTROUTING ACCEPT [4475:971455]
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4467:969967]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any
-j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp
--dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with
icmp-host-prohibited
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*nat
:PREROUTING ACCEPT [759:76421]
:POSTROUTING ACCEPT [4:288]
:OUTPUT ACCEPT [394:23805]
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
[root at rio ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root at rio ~]#
Thanks for all your help and suggestions. It will
work. It is just a matter of finding where things are
stopping.
Best Regards,
Antonio
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
More information about the fedora-list
mailing list