RH 7.3 NAT problem

guanyu · 06-25-2002, 07:49 PM

Hey guys, I got the problem with RH7.3 NAT. I setup adn configure it according to http://www.e-infomax.com/ipmasq/
Well, everything seems fine. My firewall2.4 up and running. My dhcpd is up when boot the system. But the problem is my clients couldn't access internet. Both clients can ping each other and the server. And the server can ping both of the client. Here is my dhcpd.conf

subnet 192.168.1.2 subnetmask 255.255.255.0{
range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max -lease-time 86400;
option routers 192.168.1.1;
option ip_forwarding off;
option broadcast_address 192.168.1.255;
option subnet-mask 255.255.255.0;}

Here is my routing table

Destination Gateway Genmask Interface
255.255.255.255 0.0.0.0 255.255.255.255 eth1
68.2.154.0 0.0.0.0 255.255.255.0 eth0
192.168.1.0 0.0.0.0 255.255.0.0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 lo
0.0.0.0 68.2.154.1 0.0.0.0 eth0
I have disable ipchains. Do you guys have any idea ? Thank !!!

Regards,
Guan

DavidPhillips · 06-25-2002, 08:51 PM

your problem looks like it could be dns

did you set it up manually?

can you connect to an ip address?

I use this line in my dhcpd.conf

option domain-name-servers 192.168.0.1, 192.168.1.1;

guanyu · 06-25-2002, 09:18 PM

DavidPhillips,
Yes I did. But it didn't work. I am little bit confused.
My client(XP) Default gateway is 192.168.1.1
ip is 192.168.1.3

My XP(netstat -rn)
Destination Netmask GateWay Interface
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3
224.0.0.0 224.0.0.0 192.168.1.3 192.168.1.3
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3

Default gateway 192.168.1.1

One more thing, when i view my xp LAN status, it point to my ISP DNS instead of local dns. It should be routing problem rite philip? any idea about that?.....Thanks

DavidPhillips · 06-25-2002, 10:22 PM

we may need to see your iptables rules

how about cat /proc/sys/net/ipv4/ip_forward

is it showing a 1

guanyu · 06-26-2002, 01:42 PM

Phillip,
/proc/sys/net/ipv4/ip_forward
Yeap it is 1

DavidPhillips · 06-27-2002, 06:07 PM

maybe the dns is blocked by a firewall. You said the client is using the dns from the isp. Maybe these are blocked.

DavidPhillips · 06-27-2002, 06:09 PM

I am using named on my linux box

my dhcpd has this for setting the dns on clients

option domain-name-servers 192.168.0.1, 192.168.1.1;

guanyu · 06-29-2002, 02:59 PM

David,
Do I need to download netfilter? I setup RH7.2 before. I do need to patch it. I am not sure about RH7.3. Thanx

guanyu · 06-29-2002, 03:58 PM

David,
My internet is working. But only MSN and Kazaa(clients). My clients Internet Explorer are not working. I don't know what is going on with that? do you have any idea?

DavidPhillips · 06-30-2002, 11:51 AM

Normally all you do is set the rules for iptables or ipchains, I have never had to patch anything.

Are you using dhcp?

How is it setup?

What's your rules look like?

guanyu · 07-01-2002, 04:37 AM

David,
RH 7.3 is slightly diff. It came with iptables. It doesn't need to patch it. All you need follow the instructions from http://www.e-infomax.com/ipmasq/ and download the firewall script. Do remember change the vi firewall-2.4
IPTABLES =/sbin/iptables(RH7.3)
** If you patch the iptable(most probably older RH version), you need to path to the iptables directory. Do remember to disable ipchains.

Here is my Dhcpd.conf( /etc/dhcpd.conf)
subnet 192.168.1.2 subnetmask 255.255.255.0{
range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max -lease-time 86400;
option routers 192.168.1.1;
option ip_forwarding off;
option broadcast_address 192.168.1.255;
option subnet-mask 255.255.255.0;}
option domain-name-servers xxx.xx.xxx.xx,xx.xxx.xx.xx}
(xxx.xxx.xxx.xx ISP domain name server) * If you are not sure, under your /etc/resolv.conf

Firewall rules, you can get it here http://www.e-infomax.com/ipmasq/

Well, RH 7.3 much more easy to setup NAT instead RH 7.2. Have a nice day

guanyu

DavidPhillips · 07-01-2002, 08:27 PM

Cool

Sounds like you have it working now.

By the way I setup my firewall rules the same way on RH 7.1, 7.2, and 7.3

guanyu · 07-02-2002, 04:47 AM

David,
It's working now. What if I wanna to block my client 192.168.1.6 internet access. Can I do that? How? Thank you have a nice day.

Mun

DavidPhillips · 07-02-2002, 05:52 AM

something like this should work

iptables -A INPUT -s 192.168.1.6/32 -d 0.0.0.0/0 -p all -j DROP

if you just want to block http on port 80 use -p 80