I'm having problems setting my computer up as a gateway to allow the 2 windows clients to share the internet connection.

I've followed all the guides to correctly set up iptables, but the windows clients only get as far as resolving the hostnames, before timing out.

Everything on the network can ping each other, but the 2 windows clients can't ping any external ip's.

I'm connecting to the net through a speedtouch usb modem using pppoAtm, and i'm running mandrake 9.2rc2.

Any help is appreciated.

Thanks

Can you post the output of this on linux:
cat /proc/sys/net/ipv4/ip_forward
iptables -L
ifconfig

And on windows:
ipconfig /all

> cat /proc/sys/net/ipv4/ip_forward
1

> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

> ifconfig
eth0 Link encap:Ethernet HWaddr 00:A02:A5:C2:EA
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:489 errors:0 dropped:0 overruns:0 frame:0
TX packets:798 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:40854 (39.8 Kb) TX bytes:51097 (49.8 Kb)
Interrupt:11 Base address:0xb000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:582 errors:0 dropped:0 overruns:0 frame:0
TX packets:582 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38323 (37.4 Kb) TX bytes:38323 (37.4 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:81.129.119.214 P-t-P:217.32.65.202 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:751 errors:0 dropped:0 overruns:0 frame:0
TX packets:939 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:531872 (519.4 Kb) TX bytes:78283 (76.4 Kb)



And on windows:
ipconfig /all

Windows 2000 IP Configuration

Host name..................: noodlesluke
Primary DNS Suffix.........:
Node type..................: Mixed
IP Routing Enabled.........: No
WINS Proxy Enabled.........: No

Ethernet adapter local area connection.:

Connection-specific DNS Suffix.........:
Description...........: Realtek RTC8139(A)-based PCI Fast Ethernet Adapter
Physical Address......: 00-A0-D2-A5-C4-BA
DHCP Enabled..........: No
Ip Address............: 192.168.0.2
Subnet Mask...........: 255.255.255.0
Default Gateway.......: 192.168.0.1
DNS Servers...........: 213.120.62.99
213.120.62.100

well create a file /etc/rc.d/rc.nat and put the text below in that file
--------------------------------------------------------------------------
#!/bin/sh

IPTABLES=sbin/iptables

iptables --flush
iptables --table nat --flush

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward
------------------------------------------------------------------

And after making that file, make it executable by
chmod 755 /etc/rc.d/rc.nat
-----------------

Now execute this script !! you must be able to share internet from linux box to other box..

ok i've done that, but my windows clients still can't connect or ping an external ip.

Ive been up all night so maybe im not thinking correctly...

looking at your windows ipconfig /all
your DNS ip's look like external (maybe your isp's) addresses.
Make your 1st DNS entry your gateway's address, so to act as a forwarder.

Try to ping out then..

now u must tell tht r u suing dhcpd or static ip address for your clients.. If dhcpd then post your dhcpd.conf file here.!

This is not very difficult, only we r not getting ur exact prob..

I've tried that and it gets as far as resolving the hostname, and then timing out.

I'm using static ip addresses for the clients.

And i know it's not very difficult, but i'm having problems getting it to work! And i think i've already stated what my exact problem is?

can anyone help?
it's really frustrating... i know it should work.... but it's not and i can't figure out why?

Well!!

I think u must start from scratch now!

do the following on you linux box

1. make sure that ipchains are not running on ur system. Do the following to remove them and activate iptables
--------------------------
chkconfig --del ipchains

chkconfig --add iptables

ipchains -F

service ipchains stop

rmmod ipchains

service iptables start
----------------------------
2. Create the /etc/rc.d/rc.nat script which I had stated earlier
and make that executable and and execute that.
also made an entry to ur startup script /etc/rc.d/rc.local so that it can get execute every u start your pc.(Here i m not sure that where ur rc.local is situated.)
/etc/rc.d/rc.nat

3. Make sure that ur script is executed after starting the computer .. Other wise execute it mannually.

4. Assign ip addresses as follows::
192.168.1.1/255.255.255.0 to your LInux box
192.168.1.2/255.255.255.0 to your one of the win box
192.168.1.3/255.255.255.0 to your another win box

Now in your win box set the gateway to 192.168.1.1 and DNS server of your ISP. You can put primary as your gateway but secondry must be of ur ISP.

Now in your browsers of windoz machine Set them to automatically detect internet configuration under Internet options>Connection>LAN

Well you should be going fine after this..

ok i've tried it exactly as you said... and i'm still running into exactly the same problem.

If i try to ping www.google.com from one of the windows clients this is what i get.

ping www.google.com

pinging www.google.akadns.net [66.102.11.99] with 32 bytes of data.

Request timed out
Request timed out
Request timed out

This is driving me crazy... i'm starting to consider going back to windows cause at least i could get that to work.

if you can resolve a hostname, then you are in fact getting out on the internet because you arent running any DNS servers to be able to resolve for your clients. This means you should be able to ping your DNS servers.

Or do you mean in IE it says (Resolving hostname) in the status bar?

after running that script above, do iptables -L -t nat so we can see what is in your POST/PRE and OUTPUT tables.

Hi, the output i get from iptables -L -t nat is

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere


Chain OUTPUT (policy ACCEPT)
target prot opt source destination

If i ping any external ip from the windows clients e.g. my isp's DNS servers then all i get is a timed out response as before.

If i ping a web address e.g. www.google.com it translates (not sure if using the right lingo) the web address into an ip address, but then times out. As shown in my previous post.

And if i try to use internet explorer it says connecting... then eventually times out.

My windows clients can connect to the internet when i use windows 2000 as a gateway, but not when using linux, which leads me to think that the client settings must be right and there's something in linux that's stopping it?

You can ping out fine from the linux box? Try pinging google from linux.

Also, when pinging from windows, try 'ping -t -w 5000 www.google.com' that way it'll wait 5 seconds before timing out. I have to do that from my network because I'm deployed in the middle of nowhere and it's about 2 seconds from here to anywhere else on the internet, heh.

If your DNS is pointed to your linux box, the windows machine may not be getting out to the internet at all, it may just be getting dns resolution from your linux box.

try traceroute -n www.google.com from the linux box and see how far it gets out, then try tracert -d www.google.com from your windows box and see how far it gets.

This'll aid in finding an answer, and keep the ball rolling..