ok,I have managed to setup DHCPD, so now eth0 (external card) is running DHCP (because the modem isnt static, and eth1 is STATIC (192.168.1.1).DHCPD is working and from a Windows XP computer I have managed to get the network card to recognize the DHCP server and it assigns itself:
IP - 192.168.1.235
Subnet Mask - 255.255.255.0
Gateway - 192.168.1.1

Everything working just fine! Except that despite this, no packets are routing to the client pc... the usual test of firing up internet explorer to Google fails and I cannot ping 192.168.1.1 (eth1 on the server).

Whats going wrong?


Oh, and forgive my ignorance, but does the server need to use an XPATCH network cable intead of the usual, because I read somewhere on this forum that someone was doing it this way.

run

/sbin/ifconfig eth0

to find out whether an ip address is assigned.

you would need a crossover cable if you are connecting 2 computers directly - not through a hub or switch.

do you want your DHCP server to act as a router or something like that? Gateway has nothing to do with DHCP, you can use gateway even with static adress.
Search 'bout NAT.

There's something wrong with your schema.
Look like you want to do something like that :
INTERNET
|
|
|
Eth0(DHCP)
LINUX BOX
Eth1
|
|
|
WinXP Box

This will NEVER work, your WinXP box will never talk on the internet and the DHCP is useless in that case since it will only accept request from internet.

DHCP != Gateway

Ya, so I dont get it then...

I understand that my ETH1 needs to be static, however doesnt the DHCP server assign the IP's to the client pc's then? I think Internet connection sharing in Win XP and 2000 works like this.

However, what I have been able to do, once I installed DHCPD, is run the INTERNET CONNETCION SHARING utility from the Mandrake Control Center and this seems to be working fine, as from the client pc (Win XP) it seems to be picking up the IP, Subnet and Gateway addresses fine (in this case, 192.168.1.235, 255.255.255.0, 192.168.1.1 respectively). However, it was still not working and before I read your post, I suspected it was something to do with my IPTABLES setup. Now Im not really sure.

Erg... If only I were a bit smarter and more knowledgable...

ETH0 is a DHCP client to our broadband provider. The modem changes IP ever so often, so it is not static. I figured that I didnt need a crossover, I thought I knew this much, but was curious after I read the other post.

This is the scheme that I had in mind, let me know if this is flawed:

----------------
|Internet/Modem|
----------------
^
|
v
Eth0 (DHCP client)
------------------
| Linux Box |
------------------
Eth1 (Static IP)
^
|
v
-------- <---> Eth0 | WinXP/2000 Client (DHCP Client)
|Switch| <---> Eth0 | Linux Client (DHCP
-------- <---> etc...

Well, this is how I thought it worked... erm, so am I wrong? Have I been holding the wrong end of the stick, because I havent done anything like this before and I havent been able to find any documentation on the internet that doesnt assume some level of previous knowledge or else it has too much theory and lacks in practical examples.

Thanks so much for your time.

hehehe well you'll learn quick I bet
I really dunno Mandrake connection sharing btw, but I really don't trust it. Habitually when your computer does all the configuration for you, you should be ready for serious problem.

1-Ok so, don't run a DHCP server listening to eth0, it will not does anything.Just make sure that your eth0 interface get his adress from your ISP with DHCP (as a client)

2-A static ip to eth1 is something very importan, or your client will not be able to find this box without human (your) intervention.

3-You might want to set up a DHCP server listening to eth1 so every client on that side of the box will get a ip automatically. Or you can assign each client a static dhcp. The good point of setting a DHCP server here is that your client will configure themselves without any help from you, and you will be able to pass them extra configuration (like where is the DNS server, where is the router, what's the default route). The bad point is that their Ip will be dynamic. May be annoying.

4-As you tought, you need you to enable several setting 'bout iptables and 'bout your kernel.
First, try this :
cat /proc/sys/net/ipv4/ip_forward
If it complain 'bout "no such files or directory" you'll be good for a kernel recompilation. If not, make sure the return value is "1", if it's zero, you may activate it with:
echo "1" > /proc/sys/net/ipv4/ip_forward
this allow the linux kernel to forward trafic. Very important if you want to share connection (/proc is a virtual fs where kernel variable are saved, echoing a new value change the kernel reaction to a certain situation on-the-fly)

5-Iptables need some config too. I'll not give you a complete iptables script but just some line that are a MUST.
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

ok, this is very minimal, but it's a start.
The first line set the default "answer" to FORWARD as ACCEPT, so your computer will be able to act has a router in the middle of your network.
The second line NAT connection to outside (this mean that outgoing trafic will be rewrited by linux kernel to have your eth0 adress, then writed back when it will come back to have your eth1 adress)


hummm I'm pretty sure I forgot something but it's a not too bad start. Try it and give me news.

btw, you might want to take a look as these man pages :
man dhcpd.conf
man iptables

this link is nice too :
http://www.linuxgazette.com/issue77/lechnyr.html

thanks half-elf,

actually, i was browsing the internet andfound this page which went along the same lines as what you have said, so hearing it from you reaffirms it.

http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

however, whats thrown me off slightly is when this doc asks you to add routes for internal packets, it assumes with this line that my outbound connection has a static ip, doesnt ip?

============================
Create a route for internal packets:

route add -net 192.168.10.0 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev eth1

Where XXX.XXX.XXX.XXX is the internet gateway defined by your ISP.
============================

Arg... may need to take a step back and look at all the configuring Ive done, because Im starting to lose track which files Ive changed and so forth. Arg... hehe

So yeah. What shall I do about the "route add..." thing?

Well no Iptables expert myself but relied on this procedure and it's done me fine albeit Red Hat orientated you can adjust, i'll repeat it verbatim anyway


As we're talking dynamic address here in red hat you'll, location mandrake may differ

/etc/syconfig/network (whatever the equivalent may be)

comment out gateway
add
GATEWAYDEV=eth0

make sure ipv4_forward is enabled as above in redhat can edit /etc/sysctl.conf

iptables rules:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -s ! 192.168.1.0/24 - DROP

well if your ISP's DHCP isn't too bad, it should give his client (so you) the correct default route (if you want to be sure, just type: route, it will show you route used by your kernel... the default one should be a route to your ISP). If not, you might need to set it by hand (or to build a script that will do it at each boot)

you may need to set a correct default route for client, however. If you don't give them a "router" option with the DHCP, you will need to set it up manually.
So something like :
route add -net YYY.YYY.YYY.YYY netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev eth1

Where YYY.YYY.YYY.YYY is your internal ip range (as example 192.168.0.0)
Where XXX.XXX.XXX.XXX is the linux router box internal interface (eth1)

Oh, should I be worried that IP_TABLES doesnt show up with "LSMOD"... I dont understand why, even if IPTABLES seems to be running just fine... ???

ok, I did the following...

this should hopefully be ok?

in /usr/sbin/network-scripts/, I manually changed two files to read:

ifcfg-eth0
----------
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp

ifcfg-eth1
----------
DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

So as all the changes I make with IFCONFIG needed be done again next time I reboot.

Then I did:

iptables --flush

iptables --table nat --flush

iptables --delete-chain

iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1 dev eth1


So... how does this look?


PS. One thing that bugs me is that I cant PING anything from the linux box... not my external nor internal IP... is this ok?


PSS. When typing ROUTE, I get this:
Destination-Gateway-Genmask-Flags-Metric-Ref-Use-Iface
192.168.0.0 - www.tiger-netwo - 255.255.255.0 - UG - 0 - 0 - 0 - eth1
192.168.0.0 - * - 255.255.255.0 - U - 0 - 0 - 0 - eth1
82.43.184.0 - * - 255.255.248.0 - U - 0 - 0 - 0 - eth0
127.0.0.0 - * - 255.0.0.0 - U - 0 - 0 - 0 - lo
default - 82-43-184-1.cab - 0.0.0.0 - UG - 0 - 0 - 0 - eth0

there's something strange 'bout your route. I don't think you were needing the route you added. You should delete that one, I *think* you can't ping anything because you have two Gateway route (the "G" flag) that cause Linux kernel to drop everything (strange and stupid behave, but anyways). Try without your "route add".
Except that everything look fine, really Your flushing rules are a very good idea


PS : Don't worry about iptables not showed is lsmod, it is probably INCLUDED in your kernel, not compiled as a MODULE. No need to worry 'xcept if it is not working. But recompile your kernel (later when you'lll be ready) FROM SOURCE so you'll be sure

actually you don't need to provide that routing entry (192...) on te linux box.

Correct me if I am incorrect.

half_elf & ppuru,

thank you so much. its working now. hurrrah!

ok, so theres a bit that I still dont understand, but I think everything is looking ok. I have only implemented a simple firewall ruleset, but by the time u have read this, Ive probably shifted to a heavier one.

I think Im starting to get to grips with Linux and all... thanks so much! Hope Linux dominates more, because Windows sucks grapes compared to it!

Take care,
Jose