Re: Share internet connection/make a small server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:

> On Wed, 2005-08-31 at 17:16 -0700, Antonio Olivares
> wrote:
> > 
> > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:
> > 
> > > On Wed, 2005-08-31 at 12:20 -0700, Antonio
> Olivares
> > > wrote:
> > > > 
> > > > --- Antonio Olivares <olivares14031@xxxxxxxxx>
> > > wrote:
> > > > 
> > > > > 
> > > > > 
> > > > > --- Alexander Dalloz <ad+lists@xxxxxxxxx>
> wrote:
> > > > > 
> > > > > > Am Di, den 30.08.2005 schrieb Antonio
> Olivares
> > > um
> > > > > > 15:02:
> > > > > > 
> > > > > > > > Make sure you have forwarding set on
> on
> > > the
> > > > > > gateway
> > > > > > > > host:
> > > > > > > > 
> > > > > > > > $ cat /proc/sys/net/ipv4/ip_forward
> > > > > > > > 
> > > > > > > > must print out "1" (without quotes).
> If it
> > > > > does
> > > > > > not,
> > > > > > > > then activate it in
> > > > > > > > /etc/sysctl.conf and run "sysctl -p".
> Make
> > > too
> > > > > > sure
> > > > > > > > the gateway does NAT
> > > > > > > > by an iptables rule like:
> > > > > > > > 
> > > > > > > > iptables -A POSTROUTING -o eth0 -j
> > > MASQUERADE
> > > > > > > > 
> > > > > > > > [eth0 should be in your case the
> outgoing
> > > > > > device]
> > > > > > > 
> > > > > > > eth0 is the incoming connection should
> eth1
> > > be
> > > > > the
> > > > > > > outgoing.  I'm a little confused but
> getting
> > > > > > there.
> > > > > > 
> > > > > > The device given with -o <device> has to
> be
> > > the
> > > > > > public net device.
> > > > > >  
> > > > > > > [root@rio ~]# cat
> > > /proc/sys/net/ipv4/ip_forward
> > > > > > > 1
> > > > > > 
> > > > > > Ok.
> > > > > > 
> > > > > > > [root@rio ~]# iptables -A POSTROUTING -o
> > > eth0 -j
> > > > > > > MASQUERADE
> > > > > > > iptables: No chain/target/match by that
> name
> > > > > > 
> > > > > > Sorry, my fault. Above should have been
> for
> > > the
> > > > > NAT
> > > > > > table (by default
> > > > > > iptables takes the filter table):
> > > > > > 
> > > > > 
> > > > > 
> > > > === message truncated ===
> > > 
> > > > I'm trying continually to solve this issue and
> I
> > > have
> > > > tried with a windows2000 machine and I get
> this
> > > > 
> > > 
> > > Reading thru what you have below, this seems to
> most
> > > certainly be a
> > > routing/firewalling/masquerading issue on the
> linux
> > > box.
> > > 
> > > >From the windows box try this and let us know
> the
> > > results.
> > > 1. ping 192.168.100.1
> > 
> > [olivares@rio floppy]$ cat ping1
> > 
> > Pinging 192.168.100.1 with 32 bytes of data:
> > 
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > Reply from 192.168.100.1: bytes=32 time<10ms
> TTL=64
> > 
> > Ping statistics for 192.168.100.1:
> >     Packets: Sent = 4, Received = 4, Lost = 0 (0%
> > loss),
> > Approximate round trip times in milli-seconds:
> >     Minimum = 0ms, Maximum =  0ms, Average =  0ms
> > 
> > 
> > > 2. ping 10.154.19.136
> > 
> > [olivares@rio floppy]$ cat ping2
> > 
> > Pinging 10.154.19.136 with 32 bytes of data:
> > 
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > Reply from 10.154.19.136: bytes=32 time<10ms
> TTL=64
> > 
> > Ping statistics for 10.154.19.136:
> >     Packets: Sent = 4, Received = 4, Lost = 0 (0%
> > loss),
> > Approximate round trip times in milli-seconds:
> >     Minimum = 0ms, Maximum =  0ms, Average =  0ms
> > 
> > 
> > > 
> > > 3. If both those work, then try a ping to
> > > 10.154.19.130 
> > 
> > [olivares@rio floppy]$ cat ping3
> > 
> > Pinging 10.154.19.130 with 32 bytes of data:
> > 
> > Request timed out.
> > Request timed out.
> > Reply from 10.154.19.136: Destination host
> > unreachable.
> > Request timed out.
> > 
> > Ping statistics for 10.154.19.130:
> >     Packets: Sent = 4, Received = 1, Lost = 3 (75%
> > loss),
> > Approximate round trip times in milli-seconds:
> >     Minimum = 0ms, Maximum =  0ms, Average =  0ms
> > [olivares@rio floppy]$ 
> > 
> 
> Ok, this clearly shows that it is likely you are
> having problems with
> NAT (masquerading) &/or routing/firewalling.  Your
> windows machine can
> connect to and see both interfaces on the Linux
> server but cannot get
> beyond that. I assume your Linux box has full access
> to the internet
> when I say this.
> 
> Check out the basic firewall rules for doing ip
> forwarding and
> masquerading.  In your case eth1 is the LAN and eth0
> is the WAN.
> 
> I do not have a basic setup available for FC
> firewalling since my
> firewall machine is running RH7.3 with ipchains and
> FC uses iptables.
> (My firewall machine is an old P3 with only 32mb
> memory and cannot run
> any version of FC.)
> 
> I will try to set up a list of rules that are basic
> and will handle what
> you need and send a sample to you.  Others may beat
> me to it, and
> welcome if they do.
> 
> To see what you currently have as iptables rules,
> try "iptables -L" and
> send that.
> Also send the contents of /etc/sysconfig/iptables
> 
=== message truncated ===

[olivares@rio ~]$ iptables -L
bash: iptables: command not found
[olivares@rio ~]$ su -
Password:
[root@rio ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere            
anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere            
anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere     
      icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251  
      udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere     
      udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere     
      state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere     
      reject-with icmp-host-prohibited
[root@rio ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*mangle
:PREROUTING ACCEPT [4991:3431359]
:INPUT ACCEPT [4887:3424427]
:FORWARD ACCEPT [96:6000]
:OUTPUT ACCEPT [4459:969407]
:POSTROUTING ACCEPT [4475:971455]
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4467:969967]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any
-j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp
--dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with
icmp-host-prohibited
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
# Generated by iptables-save v1.2.11 on Wed Aug 31
07:52:24 2005
*nat
:PREROUTING ACCEPT [759:76421]
:POSTROUTING ACCEPT [4:288]
:OUTPUT ACCEPT [394:23805]
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Aug 31 07:52:24 2005
[root@rio ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@rio ~]#  

Thanks for all your help and suggestions.  It will
work.  It is just a matter of finding where things are
stopping.

Best Regards,

Antonio   




		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux