LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-06-2005, 08:57 AM   #1
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Rep: Reputation: 15
Exclamation Bridging cant make it...


i m using Fedora to do the bridging..
http://bridge.sourceforge.net/howto.html

even i had follow the step, why my laptop still cant access the internet via the bridged PC( FEDORA with Eth0 and eth1)?

what ip should i set for my laptop(WINDOW platform)?


INTERNET------>ROUTER------->PC (Fedora with eth0(connect router) & eth1(connect laptop))---------->laptop (connect to eth1)

WHY LAPTOP cant access internet??
i really dono....help..
 
Old 01-06-2005, 11:15 AM   #2
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
Do you have forwarding enabled at the PC?
 
Old 01-06-2005, 11:44 AM   #3
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
No. But after i enable it, it still the same...
i enable it using this command:

echo 1 > /proc/sys/net/ipv4/ip_forward

any other probability?
or..maybe my internet connection is too slow??
my connection estimate is 100 kbps.
 
Old 01-06-2005, 11:47 AM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
have you enabled masquerading?
 
Old 01-06-2005, 12:01 PM   #5
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
yes..by using this command...

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

but still the same ...

any other problem??can u include the command for me also , so i wont make a mistake during typing the commands.
Thanks......
 
Old 01-06-2005, 12:03 PM   #6
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
I guess you have to masquerade traffic going out to eth0 instead.
 
Old 01-06-2005, 12:16 PM   #7
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
i have masquerade traffic going out to eth0. but should i disable masquerade for eth1?? what is the command to do that???

even i have masquerade traffic going out to eth0, the result still the same.....
 
Old 01-06-2005, 12:20 PM   #8
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
you are asking too much at once.

You delete iptables rules with -R instead of -A

Simply write the rule you sent to iptables and replace the -A with -R.

You don't have to masquerade traffic going out to eth1 (if it's a point to point connection).

What is iptables's FORWARD policy? (iptables -L FORWARD).
 
Old 01-06-2005, 12:34 PM   #9
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
First of all....THANK...for guiding me alot....i will try my best (with ur guide)

u mean i just type this to delete the rules??
iptables -t nat -R POSTROUTING -o eth1 -j MASQUERADE <<<<<<---is it correct?

-R require a rule member....

the Forward POlicy is Chain FORWARD (policy ACCEPT).

(p/s : sorry if i ask some stupid question....caz i just start to learn it...and u r so kind...)
 
Old 01-06-2005, 12:43 PM   #10
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
Don't worry. Ur just a newbie (no pun intended ).

so..... your FORWARD policy is accept.

I think I'll need your iptables rules as a whole. Can you copy the output of iptables -L and iptables -t nat -L here?
 
Old 01-06-2005, 12:44 PM   #11
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
and yes.,.... because iptables will look for the rule with that syntax to delete it. Did I say -R?

It's -D. Oops!
 
Old 01-06-2005, 01:01 PM   #12
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
[root@jin root]# iptables -L
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

[root@jin root]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 01-06-2005, 01:08 PM   #13
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
sorry...
jst now i restart the PC
so at the iptables -t nat -L part..
there should be :

......
....
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
 
Old 01-06-2005, 01:10 PM   #14
joirnange
Member
 
Registered: Dec 2004
Distribution: Fedora
Posts: 88

Original Poster
Rep: Reputation: 15
It look like .............

[root@jin root]# iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

[root@jin root]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 01-06-2005, 01:12 PM   #15
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
And the default gw of the linux box is the PC, right?

OK.... here's the deal:

When you ping something, say... your isp's ip address, packets will go to your gateway (cause it will be outside of your scope, right?). The server will take those packages through this chains:

PREROUTE... ACCEPT.
If you had enabled forward (cat 1 > /proc/sys/net/ipv4/ip_forward), the packet will go on to the next chain.
FORWARD (they are ment to go to another host): ACCEPT.
POSTROUTING: ACCEPT.
and then the packet goes out to the lan..... BUT the packet didn't change it's source address. It should have been changed to the PC's so that the packet is handled the PC (remember your laptop is not reachable in the LAN). Why did this happen? There's no MASQUERADE rule in the POSTROUTING chain (according to what you wrote).

Last edited by eantoranz; 01-06-2005 at 01:15 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WAG54G and Bridging cherif Linux - Networking 5 08-30-2005 07:07 AM
wireless bridging Damon Spector Linux - Wireless Networking 2 03-24-2005 09:12 PM
Bridging connections Infernal211283 Linux - Networking 2 01-20-2005 03:23 AM
Bridging networks alexr186 Linux - Software 0 08-06-2004 07:57 PM
Bridging? JapaneseKamikaz Linux - Networking 0 03-11-2003 04:30 AM


All times are GMT -5. The time now is 12:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration