Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hallo, I have iptables on linux and configured the dhcpd server, and the client windows connected to the eth2 is working, but now I would like the windows client to connect to a linksys wifi router and the router is connected to the server... but it's not working.
Here are my iptables:
Code:
~# iptables-save
# Generated by iptables-save v1.3.8 on Mon Aug 6 17:20:29 2007
*mangle
:PREROUTING ACCEPT [2362:992844]
:INPUT ACCEPT [595527:117855792]
:FORWARD ACCEPT [12147715:7646555952]
:OUTPUT ACCEPT [1082:239755]
:POSTROUTING ACCEPT [12623782:7692621713]
COMMIT
# Completed on Mon Aug 6 17:20:29 2007
# Generated by iptables-save v1.3.8 on Mon Aug 6 17:20:29 2007
*nat
:PREROUTING ACCEPT [77:4125]
:POSTROUTING ACCEPT [2:130]
:OUTPUT ACCEPT [62:4375]
-A PREROUTING -i eth1 -p udp -m udp --dport 6672 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth1 -p tcp -m tcp --dport 6662 -j DNAT --to-destination 192.168.100.20
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Mon Aug 6 17:20:29 2007
# Generated by iptables-save v1.3.8 on Mon Aug 6 17:20:29 2007
*filter
:INPUT ACCEPT [23:1496]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:bad_packets - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_inbound - [0:0]
:tcp_outbound - [0:0]
:udp_inbound - [0:0]
:udp_outbound - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j bad_packets
-A INPUT -d 224.0.0.1 -j DROP
-A INPUT -s 192.168.100.0/255.255.255.0 -i eth2 -j ACCEPT
-A INPUT -d 192.168.100.255 -i eth2 -j ACCEPT
-A INPUT -i eth2 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -j tcp_inbound
-A INPUT -i eth1 -p udp -j udp_inbound
-A INPUT -i eth1 -p icmp -j icmp_packets
-A INPUT -m pkttype --pkt-type broadcast -j DROP
-A FORWARD -j bad_packets
-A FORWARD -i eth2 -p tcp -j tcp_outbound
-A FORWARD -i eth2 -p udp -j udp_outbound
-A FORWARD -i eth2 -j ACCEPT
-A FORWARD -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.100.20 -i eth1 -p udp -m udp --dport 6672 -j ACCEPT
-A FORWARD -d 192.168.100.20 -i eth1 -p tcp -m tcp --dport 6662 -j ACCEPT
-A OUTPUT -p icmp -m state --state INVALID -j DROP
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.100.1 -j ACCEPT
-A OUTPUT -o eth2 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A bad_packets -s 192.168.100.0/255.255.255.0 -i eth1 -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
-A bad_packets -s 192.168.100.0/255.255.255.0 -i eth1 -j DROP
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN
-A bad_tcp_packets -i eth2 -p tcp -j RETURN
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A bad_tcp_packets -p tcp -j RETURN
-A icmp_packets -p icmp -f -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -j RETURN
-A tcp_inbound -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A tcp_inbound -p tcp -m tcp --dport 80 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 443 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 21 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --sport 20 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 25 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 110 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 143 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 995 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 993 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 5000:5100 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 6891:6900 -j ACCEPT
-A tcp_inbound -p tcp -m tcp --dport 6662 -j ACCEPT
-A tcp_inbound -p tcp -j RETURN
-A tcp_outbound -p tcp -j ACCEPT
-A udp_inbound -p udp -m udp --dport 137 -j DROP
-A udp_inbound -p udp -m udp --dport 138 -j DROP
-A udp_inbound -p udp -m udp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A udp_inbound -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_inbound -p udp -m udp --dport 6672 -j ACCEPT
-A udp_inbound -p udp -j RETURN
-A udp_outbound -p udp -j ACCEPT
COMMIT
Windows before was getting the IP 192.168.100.20 from dhcp and it was working fine.
Now I connected windows to the Linksys and the Linksys to the server.
Windows now gets 192.168.1.50 from the Linksys, and the Linksys got 192.168.100.19 from the server.
From the web interface of the Lynksys, I can ping yahoo.com, but from windows I can only ping the Linksys 192.168.1.1.
This is the one way traffic on tcpdump...
Code:
IP 192.168.1.50.4052 > 212.76.33.137.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.33.138.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.39.205.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.33.137.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.33.138.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.39.205.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.33.137.53: UDP, length 32
IP 192.168.1.50.4052 > 212.76.33.138.53: UDP, length 32
arp who-has 192.168.100.1 tell 192.168.100.19
arp reply 192.168.100.1 is-at 00:0e:2e:cd:59:64
IP 192.168.1.50.1211 > 212.76.39.205.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.33.137.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.33.138.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.39.205.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.33.137.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.33.138.53: UDP, length 37
IP 192.168.1.50.1072 > 212.76.39.205.53: UDP, length 33
IP 192.168.1.50.1072 > 212.76.33.137.53: UDP, length 33
IP 192.168.1.50.1072 > 212.76.33.138.53: UDP, length 33
IP 192.168.1.50.1211 > 212.76.39.205.53: UDP, length 37
IP 192.168.1.50.1211 > 212.76.33.137.53: UDP, length 37
IP 192.168.1.50.2684 > 217.17.45.146.443: tcp 0
IP 192.168.1.50.2684 > 217.17.45.146.443: tcp 0
IP 192.168.1.50.2684 > 217.17.45.146.443: tcp 0
IP 192.168.1.50.2685 > 217.17.45.146.8074: tcp 0
IP 192.168.1.50.2685 > 217.17.45.146.8074: tcp 0
IP 192.168.1.50.1211 > 212.76.33.138.53: UDP, length 33
arp who-has 192.168.100.1 tell 192.168.100.19
arp reply 192.168.100.1 is-at 00:0e:2e:cd:59:64
IP 192.168.1.50.2682 > 217.17.45.146.443: tcp 0
IP 192.168.1.50.2686 > 217.17.45.146.443: tcp 0
IP 192.168.1.50 > 192.168.100.1: ICMP echo request, id 768, seq 27697, length 40
IP 192.168.1.50 > 192.168.100.1: ICMP echo request, id 768, seq 27953, length 40
IP 192.168.1.50 > 192.168.100.1: ICMP echo request, id 768, seq 28209, length 40
In the last lines I was pinging 192.168.100.1 from windows without reply(of course)...
this is the route table
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
62.***.***.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 ***.****.***.*** 0.0.0.0 UG 0 0 0 eth1
What can I do to get my windows client and others working in internet?
You need to disable DHCP on the Linksys box. Also, plug your server into one of the regular ports on the Linksys box (NOT the "internet" port). In this manner, the Linksys box will act as a switch instead of a router, and DHCP will be provided by the server. I had this problem when I first tried to use my DSL modem with a Linksys router.
It's working as you said, but windows now doesn't get the IP from the server, I have to set it statically...
I remember that I did make it work as a router with the dhcp enabled this Linksys, somehow I did, but I don't remember how...I had another linux in my server than I lost the firewall...
Do you know what I have to change to make the Linksys work as a router as well.. because otherwise I have to set statically all the windows...
well I thought It was everything working fine... just yahoo and another site were working... I had to add the dnss staitic as well... and I cannot enter in the web configuration of the linksys with 192.168.1.1 anymore with this configuration....
How did your Linksys box get a DHCP assigned IP address?
If it can get a DHCP address, your Windows box should be able to. You need to make sure you have "Obtain IP address automatically" selected in the "TCP/IP" properties for your NIC.
If your Windows box is running 2000 or XP, you might need to right click on the network connection icon in the system tray and select "Repair". That will flush any incorrect ARP information that might be causing you problems.
I set statically it means that before windows didn't have static settings... so windows it was set to DHCP, in other words, obtain ip address automatically was checked.
Even repearing or release / renew IP address I got the system one.. 169.254..... I had to set statically to 192.168.100.20 with 192.168.100.1 as gateway and the DNS in resolve.conf...
in iptables I changed the filter table to ACCEPT, but normally it on DROP... maybe you think that there are all those rules but they are on ACCEPT from the beginning....
2. Did you connect the "server" to one of the switch ports on the Linksys box (ports 1 through 4)?
3. Did the Linksys box get an IP address when you connected the "server" to the "internet" port?
If the answer to question 1 is yes, the Linksys box does not need an IP address, because it is merely acting as a switch.
If the answer to question 2 is yes, then the Linksys box will not get an IP address.
If the answer to question 3 is yes and the answer to question 2 is no, then who is providing DHCP?
If DHCP is being provided by your internet service provider via a DSL modem or some other method, then you must connect that device to the Linksys box using one of the switch ports (ports 1 through 4). Then your Windows box will be able to see the DHCP server and get a dynamic IP address.
1 yes
2 yes
2 I don't know but I think not because it's not in the arp table
Anyway.... windows cannot get the IP automatically... it gets the IP only of connected to the server or to the cable before going to the server so it gets a PIP.
If the Linksys box cannot get an IP address using DHCP, then your DHCP is not working. If your DHCP server is not working, then you need to fix that first.
You said before that you have more than one NIC in your server. Are you sure that you are handling DHCP requests on the NIC you are using?
You only need to use the Linksys box as a router in the situation where the Linksys "internet" port is connected to another device that requires the Linksys box to connect.
Some DSL modems require a router to connect to them using the "internet" port because they do not provide DHCP. In these cases, the DSL modem acts as a passthrough and the Linksys box logs onto the network and get the gateway address and the addresses of the DNS servers.
In my case, my DSL modem provides DHCP directly to clients and it acts as the gateway, so I just use the Linksys box as a switch.
I probably need more information on your setup before I can continue to help you. But you really need to verify that the NIC you are connecting to is servicing DHCP requests.
I can see that the dhcp is working fine in both linux and linksys...
this is the confirmation:
Code:
Aug 8 05:41:36 **** dhcpd: Wrote 2 leases to leases file.
Aug 8 05:41:36 *** dhcpd: DHCPREQUEST for 192.168.100.19 from 00:1a:70:4f:95:a5 via eth2
Aug 8 05:41:36 sardeg***na dhcpd: DHCPACK on 192.168.100.19 to 00:1a:70:4f:95:a5 via eth2
and this is the DHCP leases
lease 192.168.100.20 {
starts 2 2007/08/07 12:28:49;
ends 2 2007/08/07 14:28:49;
tstp 2 2007/08/07 14:28:49;
binding state free;
hardware ethernet 00:c0:9f:c9:e3:63;
uid "\001\000\300\237\311\343c";
}
lease 192.168.100.19 {
starts 3 2007/08/08 04:41:37;
ends 3 2007/08/08 06:41:37;
binding state active;
next binding state free;
hardware ethernet 00:1a:70:4f:95:a5;
uid "\001\000\032pO\225\245";
}
lease 192.168.100.19 {
starts 3 2007/08/08 05:41:37;
ends 3 2007/08/08 07:41:37;
binding state active;
next binding state free;
hardware ethernet 00:1a:70:4f:95:a5;
uid "\001\000\032pO\225\245";
}
and the linksys works because even my neighbours can connect using my wireless and my house mate using the other cable....
3. Did the Linksys box get an IP address when you connected the "server" to the "internet" port?
you answered
2 I don't know but I think not because it's not in the arp table
Now you say the Linksys box can get an IP address via DHCP. Have you tried connecting the Windows box to a regular switch (or hub) and connecting the hub to the "server"? You may have a blown port on your Linksys box. I have personally worked with a Linksys router that had one blown port (due to electo-static discharge), but the other ports continued to work.
We seem to have the following facts:
1. The Windows box can get DHCP when connected directly to the "server"
2. The Linksys box can get DHCP when connected directly to the "server"
3. Wireless clients can get DHCP when connected to the "server" via the Linksys box
4. The Windows box cannot get DHCP when connected to the "server" via the switch ports on the Linksys box
This points to a problem with the switch ports on the Linksys box. One or all may be blown.
You just need the Linksys router to work as an Access point.
Put the linux box back to the same configuration as it was before you started this with the router disconnected from the Lan. Check that the Windows boxes work as before.
Press the RESET button for over 15 seconds.
Wait a minute and remove and replace the power to the router.
Log into the router using anything but the Linux box. No username. Password admin
Change the LAN IP address to be an address on the same subnet as the server and note it.
Click save
Log into the router again using the new IP adress.
Disable DHCP in the router.
Click save.
Connect the router to the Linux box using any LAN port 1 to 4 not the WAN port. The linux box will now supply the DHCP.
Now you have an Actice Access point on your network.
Log into the router and change the Wireless settings not forgetting to secure the wireless network.
HTH
Last edited by daveginorge; 08-10-2007 at 02:50 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
