LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-23-2010, 11:51 PM   #1
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Rep: Reputation: 1
ubuntu router


I have followed this tutorial to the T, I am able to ping the internet with the router and ping the clients with the router. The clients get an IP address from the router (dhcp3) and the gateway shows 192.168.0.201 and netmask of 255.255.255.0 (eth1 - the internal nic on the router) but the clients can't ping the router (192.168.0.201) nor the internet (eth0). I know this has something to do with routing or IPTABLES, but i am completely new to this and any help is appreciated.

Also here is what route -n shows:
NOTE: what is with the 169.254.0.0 address???
and shouldn't i see 192.168.0.201 as a gateway???

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
68.13.40.0 0.0.0.0 255.255.248.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 68.13.40.1 0.0.0.0 UG 0 0 0 eth0

TUTORIAL STARTS HERE:
How to make Ubuntu/Debian as a router

Here is your Ubuntu serve box with two interfaces,

eth0-------------Internet (set up with dhcp)
eth1-------------Internal

Note: Your Internet is running using eth0.

Step1: Install DHCP Server

#apt-get install dhcp3-server

Step 2: Configure the DHCP server

Edit the /etc/dhcp3/dhcpd.conf file and add your domain, ip range and other options.
NOTE: these are the only things i changed:

option domain-name "host name of my router";
#
# Internal network
#
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option broadcast-address 192.168.0.255;
option routers 192.168.0.201;
default-lease-time 600;
max-lease-time 7200;
}

Edit the /etc/default/dhcp3-server

INTERFACES= “eth1”

Step 3: Configure the Internal interface (eth1) with static IP.

Edit the /etc/network/interfaces file and add following

iface eth1 inet static
address 192.168.0.201
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.201

Step 4: Restart network and verify the eth1 interface's IP.

#/etc/init.d/network restart

check ip by ifconfig eth1, it will have 192.168.0.201 ip, if not please restart the interface/network service, you can also restart your machine if it is not in production environment.

Step 5: Restart the DHCP server.

#/etc/init.d/dhcp3-server restart

If everything is ok, it should run successfully,
Note: If your interface does not have any IP it might give error and does not restart, first configure your internal interface.

Step 6: Test the DHCP server.

connect the cable on interface eth1 and other side to your switch and connect your second pc, you will get the IP from 192.168.0.xxx range.

Open the syslog messeges with

#tail -f /var/log/syslog

of your debian box, it will also notify with leased ip and detail of requested machine.

Step 7: Enable forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

open the file manually and uncomment

# nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

Step 8: Add IPTABLES rule for NAT

Type following at command line

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Step 9: Final Testing

Your second Pc attached to LAN have internal ip, ping to a web address and you should get a reply!
 
Old 08-24-2010, 07:23 AM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,094
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
what does ifconfig eth1 look like, maybe your router box isn't at 192.168.0.201
 
Old 08-24-2010, 08:13 AM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 11,897

Rep: Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746
169.254.0.0 - 169.254.255.255 are Automatic Private IP Addressing (APIPA) addresses. It is a method to assign an IP address when there is no DHCP server or if it fails. This is normal.

The gateway of the router is automatically assigned by your ISP's DHCP server and should not be a local LAN address. Looks good to me.

Look at your router's iptables rules. Do they allow incoming connections on eth1? You can use a firewall configuration tool like shorewall which makes things a bit easier.
 
Old 08-24-2010, 08:21 AM   #4
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
All the tutorial you posted does is setup eth1 to supply DHCP to the lan, it doesn't cover how you setup eth0 to connect the internet.

As the metric on the 2nd route is 1000 (meaning this is a last ditch attempt to connect and as its a private IP it'll always fail), I would say it was likely added automatically and can be deleted if you wish. I figure this out as you have 2 routes for eth0.

Code:
68.13.40.0 0.0.0.0 255.255.248.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
Code:
route del 169.254.0.0
is how to delete it from memory however I'm sure someone will correctly if I'm wrong about that.

Basically, dont worry about it You can find the configuration which is adding that IP and delete it if you wish, but its not going to interfere with anything your doing.

Last edited by djsmiley2k; 08-24-2010 at 08:23 AM. Reason: Adding double route
 
Old 08-24-2010, 09:16 AM   #5
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by michaelk View Post
169.254.0.0 - 169.254.255.255 are Automatic Private IP Addressing (APIPA) addresses. It is a method to assign an IP address when there is no DHCP server or if it fails. This is normal.

The gateway of the router is automatically assigned by your ISP's DHCP server and should not be a local LAN address. Looks good to me.

Look at your router's iptables rules. Do they allow incoming connections on eth1? You can use a firewall configuration tool like shorewall which makes things a bit easier.
Thanks for the reply, what rule would i apply to allow incoming connections on eth1? Also, how would I go about making sure that eth1 has a route to the internet through eth0? - Sorry, I'm very new to iptables. I have used tools like shorewall, but i'm am determined to learn iptables... I have been reading quite a bit, but still a little unsure.
 
Old 08-24-2010, 09:18 AM   #6
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by djsmiley2k View Post
All the tutorial you posted does is setup eth1 to supply DHCP to the lan, it doesn't cover how you setup eth0 to connect the internet.

As the metric on the 2nd route is 1000 (meaning this is a last ditch attempt to connect and as its a private IP it'll always fail), I would say it was likely added automatically and can be deleted if you wish. I figure this out as you have 2 routes for eth0.

Code:
68.13.40.0 0.0.0.0 255.255.248.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
Code:
route del 169.254.0.0
is how to delete it from memory however I'm sure someone will correctly if I'm wrong about that.

Basically, dont worry about it You can find the configuration which is adding that IP and delete it if you wish, but its not going to interfere with anything your doing.
I have eth0 set up to get the dynamic ip of from my isp using dhcp. The server can reach the internet, but eth1 cannot. Any specific route i need to add to allow this, or is this all done with ip tables?

Thanks for your help!
 
Old 08-24-2010, 09:27 AM   #7
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
Does your "client" get an IP? If the DHCP server isn't working correctly then it wont pick one up and that would explain why it can't connect to the internet

Code:
ifconfig <interface>
will show if its got an IP, come up etc *paste the output here if your unsure of whats happening*

If it has, then you need to check step 7 again, make sure you've setup IPTables, and enabled forwarding in your kernel:

Quote:
Originally Posted by OP
Step 7: Enable forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

open the file manually and uncomment

# nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

Step 8: Add IPTABLES rule for NAT

Type following at command line

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Step 9: Final Testing
Code:
ping http://www.google.com
from the 'client'.
 
Old 08-24-2010, 11:18 AM   #8
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by djsmiley2k View Post
Does your "client" get an IP? If the DHCP server isn't working correctly then it wont pick one up and that would explain why it can't connect to the internet

Code:
ifconfig <interface>
will show if its got an IP, come up etc *paste the output here if your unsure of whats happening*

If it has, then you need to check step 7 again, make sure you've setup IPTables, and enabled forwarding in your kernel:
clients are windows machines...they ARE getting an IP address from dhcp. I can ping the internet from my router, and i can ping the clients from my router, but i can't ping the internet OR the router from my clients.

I have made sure of the forwarding and iptable rule... getting frustrated Is there anything else that is needed to add to iptables to get this to work?
 
Old 08-24-2010, 03:53 PM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 11,897

Rep: Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746
post your iptable rules (iptables -L)
Post the output of the ipconfig command from the windows PCs.
 
  


Reply

Tags
firewall, gateway, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
setup ubuntu as router aravin Linux - Networking 2 04-05-2010 03:29 PM
UBUNTU with Linksys router PANeonMan Linux - Networking 1 04-09-2009 10:39 AM
Ubuntu 6.10 Server With Router jtatarin Linux - Server 5 03-12-2007 01:22 PM
Using Ubuntu...trying to connect to router jlsp Linux - Networking 2 02-17-2007 12:06 PM
ubuntu box as router tnadenichek Linux - Networking 6 05-09-2005 02:33 AM


All times are GMT -5. The time now is 01:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration