HI all,

I have been trying to set up my network so that my windows machines can access the internet through my linux machine (router?). The linux box is running redhat 9 and has constant connection to the internet via usb adsl modem (d-link dsl-200).

I have the redhat 9 bible and the 6.2 guide and they do not seem to help on this particular problem.

The linux box is working fine on the internet, I can browse download etc. with no problems. The local network has three computers running windows xp and 2000 plus the one linux machine (redhat 9) connected to the internet.

To simplify the problem solving I have only one windows machine connected to the linux box currently.

The problem is that the windows machine cannot access the internet or ping the linux box. The linux box can ping the windows machine but cannot ping the internet. Again the internet, ftp and telnet seems to be working very well on the linux machine.

I am certain my DNS, IP etc are set up correctly on the linux machine accept for one thing maybe, the mask on the tap0. When i do the ifconfig -a, I get the following:

eth0 Link encap:Ethernet HWaddr 00:60:086:A50
inet addr:192.168.0.1 Bcast:192.168.0.3 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5564 errors:0 dropped:0 overruns:0 frame:0
TX packets:14288 errors:0 dropped:0 overruns:0 carrier:0
collisions:327 txqueuelen:100
RX bytes:441813 (431.4 Kb) TX bytes:947976 (925.7 Kb)
Interrupt:5 Base address:0x220

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10425 errors:0 dropped:0 overruns:0 frame:0
TX packets:10425 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:711410 (694.7 Kb) TX bytes:711410 (694.7 Kb)

tap0 Link encap:Ethernet HWaddr 00:FF:63:0D:FD:B6
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16805 errors:0 dropped:0 overruns:0 frame:0
TX packets:13022 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:24146167 (23.0 Mb) TX bytes:1089369 (1.0 Mb)


The tap0 connection is my usb modem, what I dont understand is how to change the mask setting to 255.255.255.252 which is my ISP specified subnet mask for my adsl connection (Static IP), instead of 255.255.255.0 which it seems to set it to by default. Question will this matter if the tap0 mask is set to 0 not 252, so long as I change the eth0 and all other mask settings to 0 instead of 252 which is what they are set at now? Could the internet be working on this machine alone despite the incorrect mask setting on the tap0 connection?

The other thing I suspect is the firewall settings on the linux machine. I have set lokkit to medium level security. here is my iptables -L:

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

Could it be a routing problem?

Can anyone point me in the right direction please??

Thanks in advance!

Lucas

" linux oh linux where have you been all my life? And to think all this time I have been using windows!"

errr.... correction, I can ping the outside world from my linux box, tried ftp.debian.org and it worked no worries, so it looks like the ping out if the linux box is working locally and on the internet....

Maybe this helps solve the problem?

I assume your Windows box is connected to the eth0 NIC.

follow these instructions:

#vi /etc/sysconfig/network-scripts/ifcfg-eth0

change the value of BROADCAST to be 192.168.0.255
change the value of NETWORK to 192.168.0.0
change the value of NETMASK to 255.255.255.0

save and exit back to shell

Now, on your windows box change the configuration of your NIC (Network interface card) to these settings:

IP: 192.168.0.2
NETMASK: 255.255.255.0
DEFAULT Gateway: 192.168.0.1
DNS (specify your ISP DNS servers)

go to command prompt and type ipconfig to check if the new settings has been applied.

Now, you should be able to ping. Try from your linux box

$ping 192.168.0.2

and from your Windows box

ping 192.168.0.1

Now, in order to share your internet connection....

on your linux box

#vi /etc/rc.nat

and type

#!/bin/sh

/sbin/depmod -a
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -F
/sbin/iptables -A FORWARD -i tap0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE

save the file and exit to shell

#chmod 0700 /etc/ra.nat
#vi /etc/rc.local

and add the line

/etc/rc.nat

On your windows box, setup to use LAN connection and delete all existing connections.

P.S
Don't forget to reboot your Linux box and Windows box.

Hi,

Thanks for yor reply.

I tried the first part of your posts suggestion, and indeed it worked well both machines can ping each other now.

However I do not get the

#vi /etc/rc.nat thing?

A strange screen comes up when I type

vi /etc/rc.nat

after typing that, do I type exactly what you typed taking a new line or space as a press of the enter button?

Thanks

Lucas

ok, I figured out how to input the data after typing the command

#vi /etc/rc.nat

However I cannot figure out how to save the file. There seems to be no save option when using #vi?

Evertime I try and type the command

#chmod 0700 /etc/ra.nat

chmod: failed to get attributes of `/etc/ra.nat': No such file or directory

Can someone please help... It seems like I am so close to getting this working.

(work as root)

# vi /etc/rc.nat

then type the commands I said and then press SHIFT+: and type wq and press enter. This will save the file and returns back to shell. After you did that, type the chmod command.

P.S
I guess you're new to linux, so after you finish to setup your network search google for further information on NAT, IP Masquerade, and read the introduction document at http://www.tldp.org - it will give you some brief overview on linux.

hi,

Thankyou very much for your help. It worked and I am now writing this from the networked windows machine.

I just ended up creating a rc.nat in gedit and copying and pasting the commands you sent, rebooted and it works very well.

and yes I am new to Linux about 96 hours or so now.

A true testament to linux, I would have never been able to get intelligent / comprehensive online support within a couple hours (for free) for a microsoft product!! not to mention their new, to Australia, $90 flagfall on support phonecalls!!!!

Thanks again!

Lucas

glad that I could help you... I saw many questions here regarding NAT, so I'll better save this thread for other purposes.

Check out http://www.tldp.org, they have great articles regarding linux. You better read some documentation, so you would be able to understand what you've done.

P.S
Since you're new to linux, and I assume you're running X11 (the graphical interface), add those lines to rc.nat to make your machine more secure:

/sbin/iptables -A INPUT -s 0/0 -p tcp --destination-port 6000 -j DROP
/sbin/iptables -A INPUT -s 0/0 -p udp --destination-port 6000 -j DROP
/sbin/iptables -I INPUT -s localhost -p tcp --destination-port 6000 -j ACCEPT
/sbin/iptables -I INPUT -s localhost -p udp --destination-port 6000 -j ACCEPT

this will prevent from outsiders to connect to your X11 server.

Add these lines too:

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all #optional
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/conf/*/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/*/send_redirects

read more on IPTables to configure your linux box to be more secure.

CLX- I have tried most if not all these commands and dont see any improvements. This is almost certainly due to something I am missing. I am running a static IP scheme, could you help me out? Thanx

What do you want to see?

It's /proc related firewall entries. Those are kernel variables, independent of kernel filtering rules, which affect how the kernel handles network packets.

For example,

# echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
# ping localhost

you would see something like that

64 bytes from (127.0.0.1): icmp_seq=1 ttl=64 time=0.120 ms
...
...

now, do
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
# ping localhost

now, you see that you've blocked icmp packets. This can avoide your system from being scanned, since most scanners will refer your host as 'down'.

You can search for /proc VFS and learn more about it and the /sys/net/ipv4/ variables

What would make my XP box lose its "lease" with the linux? I could live with dhcp addressing, but it only works for a little while and then my xp loses it lease. The only way I can get it to work again is to zap the drive and reinstall. Then it works for a little while and once again xp loses its lease. That losing the lease error comes from the xp event log. What does linux need to give to the xp box? Thnx

I'm not familiar with Windows XP, but make sure you configure everything correctly. You may even reinstall everything again.