For the past week or so I've been trying to route my mac through my linux box.
I have the following setup:
Machine 1 - Debian 2.4.22 with 2 interfaces (eth0 and eth1)
Machine 2 - Mac with 1 interface (let's call it eth2)
The linux machine is connected to my cable modem via eth0 - this works fine
The linux machine is connected with a crosscable to my mac via eth1 - this works fine
I've set up the interfaces, like so:
Code:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian installation
auto eth0
iface eth0 inet dhcp
# Second network card - assign static ip to enable local dhcp server
auto eth1
iface eth1 inet static
address 192.168.1.5
netmask 255.255.255.0
broadcast 192.168.1.255
I've set up a DHCPd server on my linux machine, like so:
Code:
default-lease-time 36000;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
}
When i startup the mac it recieves a correct ip# (192.168.1.11) and router (192.168.1.5), which is the ip# attached to eth1 on the linux machine. - So this works fine also
Finnaly as far as I can tell ip forwarding should be working fine as:
Code:
spony:/etc# cat /proc/sys/net/ipv4/ip_forward
1
Now the stuff that doesn't seem to be working fine:
When I'm on the mac I can ping the linux machine fine and the linux machine can ping the mac fine but I can't access the internet from the mac at all.
I've set up an extensive firewall using a program called firehol, this is my setup:
Code:
# Require release 5 of FireHOL configuration directives
version 5
# A space separated list of all the IPs on the internet, I trust
#office="my-office-pc.example.com"
# The IP address of this Linux and LAN for the rest of the world
#public_ip="1.2.3.4"
# My LAN. Everything is allowed here.
interface eth1 lan
policy accept # The default is 'drop'.
# Make sure the traffic coming in, comes from valid Internet IPs,
# and that is targeting my public IP
interface eth0 internet src not "$UNROUTABLE_IPS" #dst "$public_ip"
# Protect me from various kinds of attacks.
protection strong
# Public servers.
server smtp accept
server http accept
server ftp accept
server ssh accept #src "$office"
# Make sure idents do not timeout.
server ident reject with tcp-reset
# This is also a workstation.
client all accept
# Route the LAN requests to the internet.
router lan2internet inface eth1 outface eth0
# Masquerading on outface.
masquerade
# Route all requests from inface to outface
# and their replies back.
route all accept
Now as far as I can tell this should do the job. I'm beginning to think the problem has something to do with masquerading but i'm certain this is built into the kernel.
Any idea's folks? I'm about ready to smash something - thanks