gateway/firewall server PCLinuxOS

beejournal · 03-04-2008, 06:48 PM

I have PClinux on dell 260 with 2 nics.

Onboard nic is for internet - got IP fine from provider using their dhcp. 68.x.x.x

Second nic is for lan. I have it connected to a dlink wireless router (#3 lan port - wan port is not used). I believe dhcp on dlink router is disabled (but can't verify). 192.168.1.1

Internal: I have xp on laptop (non wireless) attached to dlink router on lan port #2.

i cannot access internet from laptop. although it appears to get ip from my linux gateway dhcpd within the specified range. but still no internet.

linux gateway runs shorewall and squid. I dont know how to review their configurations or how about some logiles that would have the errors in it.

Any help is appreciated.

initialdrifteg6 · 03-04-2008, 06:59 PM

can you post your DHCP config file and your ifconfig on PClinux on dell 260.

what ip address is your laptop getting?
check to see if the DHCP server on the dlink is disabled. i believe that your PClinux on dell 260 should be plugged into the switch side of the dlink instead of the WAN port. the four WAN ports on your dlink is the switch.

beejournal · 03-04-2008, 07:50 PM

eth0 Link encap:Ethernet HWaddr 00:0xx:xx:xx
inet addr:68.x.x.x Bcast:255.255.255.255 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81776 errors:0 dropped:0 overruns:0 frame:0
TX packets:18732 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:18780639 (17.9 MiB) TX bytes:3053370 (2.9 MiB)
Base address:0xec40 Memory:ff8c0000-ff8e0000

eth1 Link encap:Ethernet HWaddr 00:50:xx:xx:xx:xx
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5036 errors:0 dropped:0 overruns:0 frame:0
TX packets:286 errors:0 dropped:0 overruns:0 carrier:187
collisions:0 txqueuelen:1000
RX bytes:1584026 (1.5 MiB) TX bytes:45263 (44.2 KiB)
Interrupt:20 Base address:0x6c00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:211 errors:0 dropped:0 overruns:0 frame:0
TX packets:211 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15798 (15.4 KiB) TX bytes:15798 (15.4 KiB)

ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0 {
# default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;

option domain-name "hsd1.md.comcast.net.";
option domain-name-servers 68.xx.xx.xx ; (same as eth0)

range dynamic-bootp 192.168.1.16 192.168.1.20;
default-lease-time 21600;
max-lease-time 43200;
}

my winxp laptop picks up an address 192.168.1.19
192.168.1.1 is the default gateway

i have no idea what the address of the dlink router/switch.

Thanks

initialdrifteg6 · 03-04-2008, 08:14 PM

try unplugging the dlink and reconnect your computers. if they get an ip address still then your dlink router is still active.

here's my dhcp config:

ddns-updates off;
ddns-update-style interim;
authoritative;
shared-network local {
subnet 192.168.0.0 netmask 255.255.255.0 {
deny unknown-clients;
range 192.168.0.2 192.168.0.10;
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 74.128.1.33 , 74.128.1.31;
option broadcast-address 192.168.0.255;
host MacbookPro {
hardware ethernet 00:19:e3:aa:84:aa;
}
host iPhone {
hardware ethernet 00:1c:b3:aa:a3:aa;
}
host blacknight {
hardware ethernet 00:14:6c:aa:9a:aa;
}
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.110;
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.0.1;
allow unknown-clients;

}

beejournal · 03-04-2008, 09:21 PM

im confused... if i unplug the dlink it wont assign anything.
do you mean turn off /turn on reconnect local pc's?

Since my laptop is getting an address within the specified range of dhcpd.conf, can I assume dhcp on my linux gateway is working fine?

how about squid? during setup i chose to use linux gateway (dell 260) as transparent proxy via squid. Is there an interface for squid?

thanks again.

initialdrifteg6 · 03-04-2008, 10:04 PM

is the 192.168.1.1 assigned to your NIC?

my network is 192.168.0.0 (yours 192.168.1.0)
i have my eth1 assigned to 192.168.0.1
my wireless access point is assigned to 192.168.0.2

if the DHCP is disabled on the dlink then your router IP (NIC) needs to be different than your dlink IP

beejournal · 03-04-2008, 11:09 PM

Yes. 192.168.1.1 is eth1

Is there a way to get dlink address or just talk to it (as to verify config) without tearin down current setup. i know i can get back to previous setup ie. internet -> modem -> dlink -> pc . im sure that will give me back control of wirless access point. Then assign a static ip in the range 192.168.1.16...20 (see my dhcpd.conf).
just to rewire again...? say it aint so

i can ping internet sites! no http

aside... obviously i do have a few local wireless systems too and would really like to get this design to work. however this thread might be done.

gracious

beejournal · 03-05-2008, 07:46 PM

how'd i forget this one... eth1 is lan

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

then wireless,
temporary chnged eth1 to 192.168.0.2 (match subnet to that of dlink router). change ip on dlink to my preferred local ip.

initialdrifteg6 · 03-06-2008, 01:56 AM

Quote:

Originally Posted by beejournal

Yes. 192.168.1.1 is eth1

Is there a way to get dlink address or just talk to it (as to verify config) without tearin down current setup. i know i can get back to previous setup ie. internet -> modem -> dlink -> pc . im sure that will give me back control of wirless access point. Then assign a static ip in the range 192.168.1.16...20 (see my dhcpd.conf).
just to rewire again...? say it aint so

i can ping internet sites! no http

aside... obviously i do have a few local wireless systems too and would really like to get this design to work. however this thread might be done.

gracious

if you're able to ping sites, but not resolve them through their domain names, then it sounds like a DNS issue rather than your DHCP. all your dhcp server is doing is assigning IP addresses to your NICs. you really don't need a DHCP server is you're assigning static IPs. I would check to see if your DNS servers are correct. check my DHCP config file to see where i have placed the DNS server addresses.

beejournal · 03-07-2008, 09:21 AM

i was able to ping using hostnames too like yahoo.com,etc. so i think dns was ok. besides i saw the comcast dns ips in /etc/resolv. it does this automagically right?

This setup is functioning. However, any clue why my local pc's have no
access to internet after couple of hours? I noticed this first with wireless laptop on lan(xp). ipconfig showed it still had the same address. ping even stopped working at this point. From windows i clicked
repair connection. it seemed to bounce everything and was connected again.

any way to prevent this? i see the lease time on my dhcp - 6hours.
Well, maybe i was working that long.... don't remember.

tx.

beejournal · 04-04-2008, 11:09 PM

anyone know how to learn if this fwall/rtr is catching all the reply info from the internet?

On my lan pc's(linux), i keep getting my ISP's "your opersystem is not supported by ISP installation wizard. Please call..."

setup..
1 wired laptop w/ fc4
1 wirelss laptp w/ opnsuse 10
fwall pclos
dlink 524 used as switch and i guess wap for my home network.

my wireless works great on other networks.

tx