MDK 10 - Sharing Internet connection

Singing Banzo · 07-11-2004, 05:17 PM

Hi people, another newbie. My first post here, after reading a lot of previous answers, close to my problem, but not useful to solve it. I read some mini how-tos also.

I installed Mandrake 10 ("higher" security scheme) and the first thing I need to do is to share my ADSL internet connection. Two nics, both working fine, internet connection up, so I simply went to Mandrakelinux Control Center -> Network & Internet -> Internet connection sharing, answer the couple of questions, and I though I was done, but... nope, I can't even make a ping:

Code:

[root@localhost bin]# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=5 Destination Host Unreachable
ping: sendmsg: Operation not permitted
From 192.168.1.1 icmp_seq=6 Destination Host Unreachable
ping: sendmsg: Operation not permitted

--- 192.168.1.2 ping statistics ---
6 packets transmitted, 0 received, +11 errors, 100% packet loss, time 5064ms

What's wrong?

Here the details:
Linux Box:

Code:

[root@localhost bin]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:B0:A1:C8
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:e6ff:feb0:a1c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1560 (1.5 Kb)  TX bytes:476 (476.0 b)
          Interrupt:11 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:08:54:11:B1:E6
          inet6 addr: fe80::208:54ff:fe11:b1e6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2565 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:833596 (814.0 Kb)  TX bytes:289198 (282.4 Kb)
          Interrupt:11 Base address:0xdf00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:523 errors:0 dropped:0 overruns:0 frame:0
          TX packets:523 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43982 (42.9 Kb)  TX bytes:43982 (42.9 Kb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:200.55.xxx.xxx  P-t-P:200.32.0.14  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:2185 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:776044 (757.8 Kb)  TX bytes:226470 (221.1 Kb)

The other machine is a WinXP, connected via hub (hardware works fine):
IP (static): 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1

I also tried with dynamic IP, but it can't find the DHCP server.
When I ping 192.168.1.1 from the WinXP, I get "host unreachable".

Thank you in advance.
Andres.

lachlan · 07-12-2004, 05:33 AM

Try ifconfig eth0 192.168.1.1 netmask 255.255.255.0 up (as root).If that does not work you could try making a new lan connection.

Lachlan

Singing Banzo · 07-12-2004, 08:28 AM

But you can see it already has that configuration. What do you mean with "making a new lan connection"? Delete eth0 and install again as new?

As a side note, I tried Coyote Linux with the same parameters, and worked like a charm.

pingu · 07-12-2004, 08:47 AM

eth0 has an IP all right, but not eth1.
Have you got them mixed up?
Try moving network cable to the other NIC, or give eth1 a valid IP:
# ifconfig eth1 192.168.1.3

Singing Banzo · 07-12-2004, 09:11 AM

No, eth1 address is assigned on ADSL connection, and it's working fine (I can navigate and everithing on Linux box).

Anyway, thank you for the answers. I'm feeling less alone.

pingu · 07-13-2004, 09:27 AM

Hmmm...
Are you sure you really have a problem?
I mean, not being able to ping is not necessarily a problem, you did choose high security. That includes not answering ping's.

But the sharing doesn't work, right?
Try this:
# iptables -L
should clear all firewalling rules. (I hope I remember it correct? Type just 'iptables' it'll give you a lot of options.)
Or look in Mandrakes controlcenter about security/firewall.

Singing Banzo · 07-14-2004, 08:46 PM

Well, it seems that you was right, I still can't ping, but connection sharing is working! I just continue with the configuration process, thank this. =)

sh1ft · 07-14-2004, 09:26 PM

Quote:

Originally posted by pingu

# iptables -L
should clear all firewalling rules. (I hope I remember it correct? Type just 'iptables' it'll give you a lot of options.)
Or look in Mandrakes controlcenter about security/firewall.

iptables -L will only list all your firewall rules. To clear them all (i don't recommend this) you need to do iptables -F (flush) as root.

pingu · 07-15-2004, 01:19 AM

Thanks, sh1ft
Just wanted to add that you don't clear iptables permanently, I meant it only for testing what's blocking pings.
Anyway, he's got it solved.

salscozzari · 07-18-2004, 01:29 PM

What exactly did you do if anything to get the sharing to work? Was it always working and you just could not ping? I am trying the same thing. ETH0 is the WAN connection and ETH1 is the LAN connection. ETH0 is getting it's address from the comcast DHCP server, ETH1 is assigned an internal address. I ran the internet connection sharing wizard and no one could connect or even obtain an IP address. I set the Mandrake box up for DHCP, I then went in and noticed Squid was not started. Do I need Squid to use the internet sharing? I set up Squid and started it but still have nothing. The clients are windows clients and "ipconfig /all" reports the linux LAN NIC as the default gateway and DHCP is assigning the comcast DNS server, using an IP Address in the browser does nothing so it is not a DNS problem. Any insight here?

pingu · 07-19-2004, 07:08 AM

It could be that you need to enable ip-forwarding.
---------------------------------------------------------------------------------
(I'm copying this from a post by Covel)

If you have iptables:
#enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
--------------------------------------------------------------------------------

What is your eth1 connected to? You are talking about "clients", more than one means you have a hub, switch or router here. Which is it?
These clients have eth1 as default gateway, right?

More questions than answers, I'm afraid, with a few more details I hope I can give you some more answers!

salscozzari · 07-19-2004, 08:24 PM

The clients are connected to a simple switch, along with ETH1. ETH0 is connected to a cable modem. No I did not do anything to enable IP fprwarding, I am assuming Mandrake did that with its internet sharing tool. Yes the clients have ETH1 for a gateway.

pelgrimforever · 08-16-2004, 07:35 AM

I tried:
/proc/sys/net/ipv4/ip_forward

as meantioned in the beginning of this topic.
I get a permission denied,
I'm loggid in as root.

I'm getting rather desperate,
after 3 days trying I still can't get internet sharing up and running ...

ardee · 03-30-2005, 02:40 AM

Quote:

iptables -L will only list all your firewall rules. To clear them all (i don't recommend this) you need to do iptables -F (flush) as root.

Had the same problem with my Mandrake 10. Flushing the iptables didn't work, so I did some quick and dirty brute force for the pesky iptables:

on root:

service iptables stop

If this doesn't still work, try

init 6

This would reboot your machine.

Worked like magic in my case.

Dogface1SG · 03-30-2005, 09:34 PM

when you set up Internet sharing Mandrake installs Shorewall if it isn't already.

go to the /etc/shorewall directory and edit: Rules, Masq, Interfaces, Policy, and Zones.

Below are my files. They will not be the same as Mandrake shorewalls as they have masq as a zone. Where ever you see loc in mine it should be masq in yours. There are explaination above the rules telling you what and how to do things.

RULES
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22,23,9100
ACCEPT loc fw udp 23,9100
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
ACCEPT fw loc tcp 23,9100
ACCEPT fw loc udp 23,9100

MASQ
eth0 eth1

INTERFACES
net eth0 detect dhcp,routefilter,norfc1918,tcpflags
loc eth1 detect tcpflags

POLICY
loc net ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info

ZONES
net Net Internet zone
loc Local Local

I went to Shorewall and did some reading. They recommend getting your internet connection working then removing the Mandrake Shorewall and installing a fresh copy. That is why I don't have masq.