MDK 10 - Sharing Internet connection - cannot even ping
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
MDK 10 - Sharing Internet connection - cannot even ping
Hi people, another newbie. My first post here, after reading a lot of previous answers, close to my problem, but not useful to solve it. I read some mini how-tos also.
I installed Mandrake 10 ("higher" security scheme) and the first thing I need to do is to share my ADSL internet connection. Two nics, both working fine, internet connection up, so I simply went to Mandrakelinux Control Center -> Network & Internet -> Internet connection sharing, answer the couple of questions, and I though I was done, but... nope, I can't even make a ping:
Code:
[root@localhost bin]# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=5 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=6 Destination Host Unreachable
ping: sendmsg: Operation not permitted
--- 192.168.1.2 ping statistics ---
6 packets transmitted, 0 received, +11 errors, 100% packet loss, time 5064ms
eth0 has an IP all right, but not eth1.
Have you got them mixed up?
Try moving network cable to the other NIC, or give eth1 a valid IP:
# ifconfig eth1 192.168.1.3
Hmmm...
Are you sure you really have a problem?
I mean, not being able to ping is not necessarily a problem, you did choose high security. That includes not answering ping's.
But the sharing doesn't work, right?
Try this:
# iptables -L
should clear all firewalling rules. (I hope I remember it correct? Type just 'iptables' it'll give you a lot of options.)
Or look in Mandrakes controlcenter about security/firewall.
Well, it seems that you was right, I still can't ping, but connection sharing is working! I just continue with the configuration process, thank this. =)
Originally posted by pingu
# iptables -L
should clear all firewalling rules. (I hope I remember it correct? Type just 'iptables' it'll give you a lot of options.)
Or look in Mandrakes controlcenter about security/firewall.
iptables -L will only list all your firewall rules. To clear them all (i don't recommend this) you need to do iptables -F (flush) as root.
Thanks, sh1ft
Just wanted to add that you don't clear iptables permanently, I meant it only for testing what's blocking pings.
Anyway, he's got it solved.
What exactly did you do if anything to get the sharing to work? Was it always working and you just could not ping? I am trying the same thing. ETH0 is the WAN connection and ETH1 is the LAN connection. ETH0 is getting it's address from the comcast DHCP server, ETH1 is assigned an internal address. I ran the internet connection sharing wizard and no one could connect or even obtain an IP address. I set the Mandrake box up for DHCP, I then went in and noticed Squid was not started. Do I need Squid to use the internet sharing? I set up Squid and started it but still have nothing. The clients are windows clients and "ipconfig /all" reports the linux LAN NIC as the default gateway and DHCP is assigning the comcast DNS server, using an IP Address in the browser does nothing so it is not a DNS problem. Any insight here?
It could be that you need to enable ip-forwarding.
---------------------------------------------------------------------------------
(I'm copying this from a post by Covel)
If you have iptables:
#enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
--------------------------------------------------------------------------------
What is your eth1 connected to? You are talking about "clients", more than one means you have a hub, switch or router here. Which is it?
These clients have eth1 as default gateway, right?
More questions than answers, I'm afraid, with a few more details I hope I can give you some more answers!
The clients are connected to a simple switch, along with ETH1. ETH0 is connected to a cable modem. No I did not do anything to enable IP fprwarding, I am assuming Mandrake did that with its internet sharing tool. Yes the clients have ETH1 for a gateway.
when you set up Internet sharing Mandrake installs Shorewall if it isn't already.
go to the /etc/shorewall directory and edit: Rules, Masq, Interfaces, Policy, and Zones.
Below are my files. They will not be the same as Mandrake shorewalls as they have masq as a zone. Where ever you see loc in mine it should be masq in yours. There are explaination above the rules telling you what and how to do things.
RULES
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22,23,9100
ACCEPT loc fw udp 23,9100
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
ACCEPT fw loc tcp 23,9100
ACCEPT fw loc udp 23,9100
MASQ
eth0 eth1
INTERFACES
net eth0 detect dhcp,routefilter,norfc1918,tcpflags
loc eth1 detect tcpflags
POLICY
loc net ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
ZONES
net Net Internet zone
loc Local Local
I went to Shorewall and did some reading. They recommend getting your internet connection working then removing the Mandrake Shorewall and installing a fresh copy. That is why I don't have masq.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.