[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Make a DHCP server using Fedora - Help



Antonio Olivares wrote:
--- On Wed, 11/19/08, Les Mikesell <lesmikesell gmail com> wrote:

From: Les Mikesell <lesmikesell gmail com>
Subject: Re: Make a DHCP server using Fedora - Help
To: olivares14031 yahoo com, "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
Date: Wednesday, November 19, 2008, 5:55 AM
Antonio Olivares wrote:
No, there is DNS, and they are the same as the host
machine.  It might be another little thing, maybe the packet
forwarding or Iptables stuff?
Thank you very much for your guidance :)
It is much closer than before.

You have to deal with routing and NAT somewhere.  You might
avoid it if you run a nameserver and squid proxy on the host
and configure the clients to use the proxy.  Otherwise you
need the host to route the packets if you have a NAT gateway
elsewhere, or to route and NAT if nothing but the host knows
about this subnet.

--   Les Mikesell
   lesmikesell gmail com

I added the following and saved them iptables-save


upon reading another page:
http://chwang.blogspot.com/2007/11/making-linux-fedora-core-8-as-gateway.html


The advice to add:
net.ipv4.ip_forward = 1
to /etc/sysctl.conf only takes effect after the next reboot. If you want to change this on the fly you can:
echo 1 > /proc/sys/net/ipv4/ip_forward

it says iptables and has this part:
# Forward all packets from eth1 (internal network) to eth0 (the public internet)
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# Forward packets that are part of existing and related connections from eth0 to eth1
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable SNAT functionality on eth0. a.b.c.d are generally the ip of the eth0
iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source a.

I added everything here except last line "Enable SNAT", I do not know what that means, I know it is close.  I can ping the host machine, it gets an ip, it gets DNS, and all, but cannot surf :(

Anywhere you send packets needs some way to get the response back to the sender. One way to do this is to plan things so all of your private subnets are unique and add routes toward the gateway interfaces for everything else. Another way is to NAT the source address as it goes out the already-known interface. That way the rest of the world does not need to know about your new private subnet. As a packet goes out, the source address of the client will be replaced with the address of the forwarding interface and the host performing this will maintain a table of connections to do the reverse mapping as the reply packets come back. If you tcpdump your eth0 interface now, you'll probably see packets being forwarded out but nothing coming back because the rest of the net/world doesn't know the route back. When you add the SNAT, it will look like the host machine itself to the rest of the world. The argument to -s is the range of original addresses to replace, -o is the outbound interface, and --to-source is the IP of the outbound interface on the host.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]