LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   setup Suse 9.2 box as my gateway (http://www.linuxquestions.org/questions/linux-networking-3/setup-suse-9-2-box-as-my-gateway-367701/)

anybody1234 09-28-2005 01:14 AM

setup Suse 9.2 box as my gateway
 
Hello.

I have installed suse 9.2 on a 40GB box;
I have also installed squid proxy and BIND DNS server on it
I set the gateway of this use box as my router which is connected to internet;

Now with squid proxy in my browsers LAn settings I am able to get internet connection;

Now I set the gateway of my client windows box as that of linux suse 9.2 box...

now I find that i canot conect to any internet sites direclty..with Suse 9.2 as gateway

and direct access thru router is blocekd for port 80 and all hosts except the IP of my Suse box

And from my suse box I can ping to any sites directly

and all iptables rules how policy as ACCEPT;

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


also I stopped all Suse firewall rules with

/etc/init.d/SuSEfirewall2_init stop
/etc/init.d/SuSEfirewall2_final stop
/etc/init.d/SuSEfirewall2_setup stop

even with this I am not able to coonect to internet
but I can Ping the IP of Suse box from my windows clienrt machine

but tracert yahoo.com from windows box shows
C:\>tracert yahoo.com

Tracing route to yahoo.com [66.94.234.13]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 *

earlier I was usinh RedHat 9.0 as linux server and I did not have any such problems

Will any body helpmein gettin g how Do I track where I am gooing wrong..?
Thanks...

mikedeatworld 09-29-2005 10:22 AM

are you trying to set this box up as a router? is that what you are trying to do?

try coyote linux. very simple.

anybody1234 09-30-2005 05:01 AM

Hi

thanks for your response;

But I want it to set as only my gateway; .e I want my users to go thru proxy only and set rules in Suse 9.2 so that they can get access only thru proxy setings for any internet access;
But without setting any firewall rules ( I have given o/p of iptables) I cant get access(How strange!) and thru proxy settings I can access net atleast HTTP)
But again no access to SMTP/POP3 access....even with proxy
But I was using similar setup in RH 9.0 but there I was either enabling or disabling Firewall rules for direct access of internet thru gateway as RH 9.0 linux box;( bypassing proxy)

But this is not happening in Suse 9.2 at all;

Any Suse users have any idea as I dont want to revert back to RH 9.0 for that

thanks once again....

mikedeatworld 09-30-2005 09:14 AM

i'd be glad to help, but please explain this again.

anybody1234 10-01-2005 12:31 AM

hello my simple setup is as follows


windows client m/c ---> Suse 9.2 linux BoX ----> Router ----> internet

ie.
from windows m/c
ipconfig /all
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : anybody1234
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : oe2005

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :OE
Description . . . . . . . . . . . : 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX Compatible)
Physical Address. . . . . . . . . : 00-C0-4F-5B-87-5F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.82
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.175
DNS Servers . . . . . . . . . . . : 192.168.0.175


C:\>ping yahoo.com

Pinging yahoo.com [216.109.112.135] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.109.112.135:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

Now with squid proxy runing on suse9.2 linux Box all clients can access internet atleaset HTTP requests; with IP of SUse9.2 box and por3128 in browser settings

but without proxy settigs in browser they simly cannot access internet

From my suse box
Code:

suse:~ # ping yahoo.com
PING yahoo.com (216.109.112.135) 56(84) bytes of data.
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=1 ttl=48 time=770 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=2 ttl=48 time=522 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=3 ttl=48 time=802 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=4 ttl=48 time=572 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=5 ttl=48 time=592 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=6 ttl=49 time=623 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=7 ttl=49 time=383 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=8 ttl=49 time=325 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=9 ttl=48 time=538 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=10 ttl=49 time=813 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=11 ttl=48 time=327 ms

--- yahoo.com ping statistics ---
11 packets transmitted, 11 received, 0% packet loss, time 10298ms
rtt min/avg/max/mdev = 325.504/570.274/813.837/168.816 ms

also o/p of iptables

suse:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
suse:~ #

And I am very sure there are no iptables firealls rules running that should disallow me from setting suse 9.2 box as gateway of windows client m/c

again Suse linux box is single interface box with eth0 IP as 192.168.0.175
now with gateay of cleint as 192.168.0.175 user cannot get access to intenet;

I am pretty sure this happens by ddefault in RH9 linux box
as I was ruuning the same setup; but unfortunately it crashed due to bad sectors;


If you can figure out what is going wrong I will be obliged;

anybody1234 10-03-2005 01:52 AM

hello
I have setup iptables rule for forwarding and masquerading ...
suse:~ # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- anywhere anywhere
all -- anywhere anywhere
MASQUERADE tcp -- anywhere anywhere masq ports: 80

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Now my linux box forwards packets to my router
BUt still when I ping to yahoo.com
tracert shows
ip of my router instead of Ip of my linux box

To clearly explain my setup;

My router blocks all requests on http port(80) for all hosts except for my linux box which can directly connect to port 80 for any host;;

hence if cilent sets gw as that of router it is of no use to me;
my linux box forwards packets to my router but router sees packets as if gateway of client was set as that of router...

I need masquearding rules of iptables that will mask the Ip of client m/c and makes router beleive as though it originated from linux box

Is it possible ..?

anybody1234 10-27-2005 04:23 AM

Let me clearly explain the setup once again if anybody finds it difficult to understand

My setup

Windows box ---> Linux SuSe 9.2 Box ----> Router ---> internnet

Now Router is configured only to block HTTP requests from all clients except my Linux SuSe 9.2 Box which also hosts my proxy server;

So clients can access internet via proxy but

When they access ftp sites thru browsers they encounter a lot of problems

also In My suse linux box default policy is Accept;

i.e
suse:~ # iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
suse:~ #

and
suse:~ # cat /proc/sys/net/ipv4/ip_forward
1
suse:~ #


now I can get direct access any sites thru this box even ftp accesss
suse:~ # telnet 213.220.100.10 21
Trying 213.220.100.10...
Connected to 213.220.100.10.
Escape character is '^]'.
220 This is ftp.f-prot.com. Use wisely. (And take a look at: http://www.f-prot.com)


please note that I can get ftp via command line;

but from my windows box with gateway setup as Linux box I stiil get connection failed message;
and traceroute shows
C:\>telnet 213.220.100.10 21
Connecting To 213.220.100.10...Could not open a connection to host on port 21 : Connect faile

C:\>tracert 213.220.100.10

Tracing route to mango.frisk-software.com [213.220.100.10]
over a maximum of 30 hops:

1 <10 ms <10 ms 10 ms 192.168.0.230
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : anybody
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : oe2005

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : oe2005
Description . . . . . . . . . . . : 3Com 3C918 Integrated Fas
05B-TX Compatible)
Physical Address. . . . . . . . . : 00-C0-4F-5B-87-5F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.82
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.175
DNS Servers . . . . . . . . . . . : 192.168.0.175

note that gateway is 192.168.0.175 is Suse box ;
still packets directly jump to router 192.168.0.230 instead of Suse Box;

So Would anybody please advice how wil I get access to ftp from my windows box with gateway set as suse box....





All times are GMT -5. The time now is 09:52 AM.