linux gateway help
I have a Windows computer (192.168.0.1) using internet connection sharing which gives an internet connection to my linux pc (ubuntu, 192.168.0.2).
i have added a second network card to my linux pc and wish to attach a windows pc to it and use my linux pc as a gateway (so the second windows pc can get an internet connection from me) it is not possible to connect the second windows computer into a hub along with the linux box so that they both connect via the hub to the windows gateway because the hub is currently full with the rest of the computers on my network how do i do this? please help im a linux n00b, if that helps you not confuse me with technical words :p |
You have to enable forwarding in the linux box... and masquerade traffic comming out from the linux box.
|
how do i do that?
|
Enable forwarding:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward Code:
iptables -t nat -A POSTROUTING -j MASQUERADE There are other things to consider.... what is the FORWARD policy of the linux box? You can see the forward policy and rules with: Code:
iptables -L FORWARD |
ok i did that
what ip address should i use for the second nic and what settings (ip gateway) should i use on the windows pc? |
say another private network segment... for example:
linux: 192.168.1.1 windows: 192.168.1.2, gateway: 192.168.1.1 (;)) Having set that, you should be able to ping to the lan on the router side of the linux box... and you should be able to get internet access... or at least, the same you have on the router side of your lan. |
done that
i can ping 192.168.1.1 but i cant get the net |
How about the computers in the 192.168.0.x segment? Can you ping them?
|
nope
i try to ping 192.168.0.2 and i get: Reply from 192.168.1.1: Destination host unreachable i tried 192.168.0.1 (my router) and it just kept timing out |
Forwarding is not working.... because it's not letting you ping the interface on the other side of the linux pc.
Copy here the output of these commands: Code:
iptables -t nat -L -v |
Take a look at this thread... here's the main points. Perhaps I'm not being clear enough:
http://www.linuxquestions.org/questi...hreadid=274625 |
hitetsu@WhiteNinj4:~ $ sudo iptables -t nat -L -v
Password: Chain PREROUTING (policy ACCEPT 29 packets, 3940 bytes) pkts bytes target prot opt in out source destination 29 3940 gforward all -- any any anywhere anywhere Chain POSTROUTING (policy ACCEPT 582 packets, 34920 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- any any anywhere anywhere MARK match 0x1 1062 63754 fromprivate all -- any any 192.168.0.0/16 anywhere 0 0 fromprivate all -- any any 172.16.0.0/12 anywhere 0 0 fromprivate all -- any any 10.0.0.0/8 anywhere Chain OUTPUT (policy ACCEPT 1642 packets, 98554 bytes) pkts bytes target prot opt in out source destination 1642 98554 gforward all -- any any anywhere anywhere Chain fromprivate (3 references) pkts bytes target prot opt in out source destination 6 360 ACCEPT all -- any any anywhere 192.168.0.0/ 16 0 0 ACCEPT all -- any any anywhere 172.16.0.0/1 2 0 0 ACCEPT all -- any any anywhere 10.0.0.0/8 1056 63394 MASQUERADE all -- any any anywhere anywhere Chain ftolocal (2 references) pkts bytes target prot opt in out source destination Chain gforward (2 references) pkts bytes target prot opt in out source destination 0 0 ftolocal all -- any any anywhere 192.168.0.4 582 34920 ftolocal all -- any any anywhere localhost.lo caldomain hitetsu@WhiteNinj4:~ $ sudo iptables -L -v Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 178K 23M ACCEPT all -- lo any anywhere anywhere 0 0 LOG all -- !lo any 127.0.0.0/8 anywhere LOG level warning 0 0 DROP all -- !lo any 127.0.0.0/8 anywhere 12 3960 ACCEPT all -- eth0 any anywhere 255.255.255.255 288 32183 ACCEPT all -- eth0 any 192.168.1.0/24 anywhere 0 0 ACCEPT !tcp -- eth0 any anywhere BASE-ADDRESS.MCAST.NET/4 0 0 LOG all -- eth1 any 192.168.1.0/24 anywhere LOG level warning 0 0 DROP all -- eth1 any 192.168.1.0/24 anywhere 4 1312 ACCEPT all -- eth1 any anywhere 255.255.255.255 24603 25M ACCEPT all -- eth1 any anywhere 192.168.0.4 50 8949 ACCEPT all -- eth1 any anywhere 192.168.0.255 0 0 LOG all -- any any anywhere anywhere LOG level warning 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 43 2660 ACCEPT all -- eth0 eth1 192.168.1.0/24 anywhere 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 LOG all -- any eth1 anywhere 192.168.1.0/24 LOG level warning 0 0 DROP all -- any eth1 anywhere 192.168.1.0/24 0 0 LOG all -- any any anywhere anywhere LOG level warning 0 0 DROP all -- any any anywhere anywhere Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 178K 23M ACCEPT all -- any lo anywhere anywhere 0 0 ACCEPT all -- any eth0 anywhere 255.255.255.255 55 4472 ACCEPT all -- any eth0 anywhere 192.168.1.0/24 0 0 ACCEPT !tcp -- any eth0 anywhere BASE-ADDRESS.MCAST.NET/4 0 0 LOG all -- any eth1 anywhere 192.168.1.0/24 LOG level warning 0 0 DROP all -- any eth1 anywhere 192.168.1.0/24 0 0 ACCEPT all -- any eth1 anywhere 255.255.255.255 23308 2666K ACCEPT all -- any eth1 192.168.0.4 anywhere 0 0 ACCEPT all -- any eth1 192.168.0.255 anywhere 0 0 LOG all -- any any anywhere anywhere LOG level warning 0 0 DROP all -- any any anywhere anywhere hitetsu@WhiteNinj4:~ $ sudo cat /proc/sys/net/ipv4/ip_forward 1 i did it, and thats what i got |
Give this a shot: Change the forward policy. Make it ACCEPT.
iptables -P FORWARD ACCEPT |
and read the thread I gave you the URL of.
|
i had a look at that url, but it doesnt solve my problem =/
i can ping 192.168.1.1 still, but still cant ping 192.168.0.2 =/ i get the same error |
All times are GMT -5. The time now is 10:11 AM. |