I just got a new computer and after much swearing, it is now happily dual-booting Red Hat 9 and Windows XP Pro. This computer has 2 NICs - one for cable-modem access to the internet (eth1), and one for the internal LAN (eth0).

From my server, in Linux, I can access both the internet, and each of the internal computers on the LAN (e.g. using tsclient).

But NONE of the WinXP or Win2K computers on my network can see the internet! =(

My linux server has an internal (eth0) IP of 192.168.0.1, and one of my XP boxes has an IP of 192.168.0.42. I've set up the XP box with the following settings:
- IP Address = 192.168.0.42
- Subnet Mask = 255.255.255.0
- Default Gateway = 192.168.0.1


After spending many hours reading through many threads, I still don't know what I need to do to make this work. Is there a HowTo somewhere that I've missed? I'm sure there's some setting in the RH9 Network config I've missed, but I don't know what it is.

Please help!

man..... you have to go step by step. Can you ping the gateway from the clients?

Affirmatory. Can ping from each of the clients.

do a search on how to setup iptables... and enabling NAT ... I use arno's firewall script (modified iptables)... so I can't help you too much on the commands to allow eth0 connections to access the net via NAT.

jesse

I have done this at two sites - using the Linux machine as a NAT router/firewall to allow the clients to access the internet.

The following is a iptasbles init script to start with:

#!/bin/bash
#---------------------------------------------------------------
# Initialize all the chains by removing all the rules
# tied to them
#---------------------------------------------------------------
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
#---------------------------------------------------------------
# Now that the chains have been initialized, the user defined
# chains should be deleted. We'll recreate them in the next step
#---------------------------------------------------------------
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain
#---------------------------------------------------------------
# If a packet doesn't match one of the built in chains, then
# The policy should be to drop it
#---------------------------------------------------------------
#iptables --policy INPUT DROP
#iptables --policy OUTPUT DROP
#iptables --policy FORWARD DROP
#---------------------------------------------------------------
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#---------------------------------------------------------------
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#---------------------------------------------------------------
# If the Linux firewall is the caching DNS server for the network
# then allow outbound DNS queries from the FW and the replies too
#---------------------------------------------------------------
iptables -A OUTPUT -p udp -o ppp0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i ppp0 --sport 53 --dport 1024:65535 -j ACCEPT
#---------------------------------------------------------------
# Allow all bidirectional traffic from your firewall to the protected network
# - Interface eth0 is the private network interface
#---------------------------------------------------------------
iptables -A INPUT -j ACCEPT -p all -s 10.0.0.0/24 -i eth0
iptables -A OUTPUT -j ACCEPT -p all -d 10.0.0.0/24 -o eth0
#---------------------------------------------------------------
# Load the NAT module
#---------------------------------------------------------------
modprobe iptable_nat
#---------------------------------------------------------------
# Allow masquerading
# Enable routing by modifying the ip_forward /proc filesystem file
# - Interface ppp0 is the internet interface
# - Interface eth0 is the private network interface
#---------------------------------------------------------------
iptables -A POSTROUTING -t nat -o ppp0 -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#---------------------------------------------------------------
# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
#---------------------------------------------------------------
iptables -A FORWARD -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#---------------------------------------------------------------
# Log and drop all other packets to file /var/log/messages
# Without this we could be crawling around in the dark
#---------------------------------------------------------------
iptables -A OUTPUT -j LOG
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP


--

Additionally, you will 'probably' have to set the Windows machines to see the internal IP address of the Linux box as the gateway and maybe set the ISP's DNS servers on them also so they 'know' to pass through the gateway to do nslookups.

Hi JRago, that looks great - thanks. What do I do with this file now? What should I name it, and where should I save it?

I've been googling everywhere for info on enabling NAT in RH9 but I still haven't found a decent HowTo that explains what I need to know to get this set up. I just came across the Smoothwall web site. Do you know anything about that fw app?

Thanks for your help.

Smooth wall is a Linux Based router- which in your case maybe the easiest way to fix your problem, I have a Linksys router that handles my internet. It also gives you some protection from the net- not total mind you but it's better than being naked out there.
From What I understand Smoothwall is very easy to setup and then you could put your boxes on DHCP and live happilly ever after.
Use a low end Pentium box to set it up.

Good Luck,