Windows

Tezdread · 12-16-2002, 12:05 PM

Hi all,

I've recently installed SuSE 8 on one of my computers and this is the system that is connected to the Internet via a cable modem. With this being the first full installation like this I am happy to get this far

The problem I have now is that I'm unable to connect my windows boxes to the internet. I'm able ping the SuSE box from my windows boxes but unable to ping external sites like google etc.

Can anyone point me in the right direction to solve this problem?

Thanks in advance...

DavidPhillips · 12-16-2002, 03:53 PM

you need to configure iptables

setting up a firewall is highly dependent on what services you want it to run.

you need to enable ip forwarding on the linux box for this to work.
you can have it set at bootup by putting this command in /etc/rc.d/rc.local

# Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

you can set it from the command line also

Unless you have valid ip addresses for each box ( not likely )
you need to masquerade the LAN clients local ip addresses, this will allow your linux box to act as a router that makes all clients appear to be one machine on the internet...

consider eth0 in this example to be the internet connection, not the LAN connection

-A POSTROUTING -o eth0 -j MASQUERADE

Go here to get scripts for all types of firewall configurations.

http://www.linuxguruz.org/iptables/

Tezdread · 12-16-2002, 06:34 PM

Thanks for your help David,

I tried entering "enable ip forwarding echo 1 > /proc/sys/net/ipv4/ip_forward" at the shell command line and got the following message.

bash: enable: ip: not a shell builtin
bash: enable: forwarding: not a shell buitlin
bash: enable: 1: not a shell builtin

When I entered - "echo 1 > /proc/sys/net/ipv4/ip_forward" nothing happend?

When you say a valid IP I guess you don't mean 192.168.1.100 etc? this is all I have other than the SuSE box which although it is on a cable modem it still gets it IP via DHCP.

When I typed "iptables -A POSTROUTING -o eth0 -j MASQUERADE" I get the following message:
iptables: No chain/targetmatch by that name?

eth0 is the NIC that connects to the Internet.

Am I missing something?

Thanks again.

DavidPhillips · 12-16-2002, 08:26 PM

ok, sorry for the confusion

this was a comment
# Enable ip forwarding

this is a command

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

and it worked so if you do this command

Code:

cat /proc/sys/net/ipv4/ip_forward

you will see a 1

DavidPhillips · 12-16-2002, 08:29 PM

try this

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"

Tezdread · 12-17-2002, 09:07 AM

Progress is being made

I'm now able to ping exteral sites from the windows boxes but I'm still unable to browse the web with IE.

Do I have to setup IE for use with a proxy and if I do what port should I connect to?

Thanks again, finding this information would take forever.

DavidPhillips · 12-17-2002, 12:59 PM

make sure this says "1"

Code:

cat /proc/sys/net/ipv4/ip_forward

make sure you do not have policies to something other than accept

the client's need to have the linux box LAN ip address as the default gateway, and they need dns servers.

this is best done by dhcp, but you can set them up manually

Tezdread · 12-18-2002, 05:04 AM

ok, when I type

cat /proc/sys/net/ipv4/ip_forward

I get the one but I also got this message

You have new mail in /var/spool/mail/root

The Windows boxes have the SuSE boxes IP address as the gateway and the DNS but still couldn't connect?

When you say DHCP, will the SuSE box give IPs to the others with this config or do I have to do this manually (will need more help

Thanks

DavidPhillips · 12-18-2002, 05:23 AM

you cannot set dns to the ip of the linux box unless you set it up to run named. It will do dhcp for your lan and dns when you set it up.

named is a dns server

dhcpd is a dhcp server

the quickest and easiest thing to do is to put the dns servers from your isp in the windows boxes.

if the linux box is using dhcp then you should be able to get the nameservers from /etc/resolv.conf

is dns working on the linux box

Quote:

You have new mail in /var/spool/mail/root

That means you have mail

To read your mail configure an "email client" or use "mail". To use "mail" just type this

Code:

mail

Tezdread · 12-18-2002, 03:16 PM

David your great!

That has sorted it, I've got the fastest connection ever (for me)

There's a few other things I'll need to work out (like getting quicktime on the windows boxes)but now I've got my net connection back it wont be to much trouble (i hope)

Thanks a lot for your help, I've learned a thing or two...

DavidPhillips · 12-18-2002, 08:28 PM

cool,

It's easy to setup a dhcp server in linux. You probably want to do that at some point

Tezdread · 01-02-2003, 06:48 AM

Hi,

I've added the following info to: /etc/rc.d/rc.local

# Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Now this works fine but with this alone I was unable to connect through my Linux box. I then typed: -A POSTROUTING -o eth0 -j MASQUERADE and this allowed my Windows boxes to connect to the web.

My question now is this, can I add -A POSTROUTING -o eth0 -j MASQUERADE to /etc/rc.d/rc.local so that it will be automatically started when I boot up? If so what format should I use?

DavidPhillips · 01-02-2003, 07:08 PM

yea you can add the iptables rule from rc.local, or you can add it to your iptables scripts. I'm not sure where they are in SUSE.

try to search like this

locate iptables

the file somewhere in /etc/ should contain iptables rules

Tezdread · 01-03-2003, 05:19 PM

I don't know why it's gone wrong but it has...

Following from what you said I thought I'd try and work it out, so I added this
# Enable routing
iptables -A POSTROUTING -o eth0 -j MASQUERADE to the same rc file as

# Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

When I rebooted I got this message in the console log window:
Jan 3 22: 38:27 linux kernel: ip_tables: (C) 200-2002 Netfilte core team

This I thought would have sorted it, but it didn't.

I then tried entering the command manually and when I typed iptables -A POSTROUTING -o eth0 -j MASQUERADE
I got this message No chain/target/match by that name

After this I removed # Enable routing
iptables -A POSTROUTING -o eth0 -j MASQUERADE from the rc file and rebooted. When I got back to the console I typed it again but got the same message. This time I removed # Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward from the rc file and rebooted again.

When I typed echo 1 > /proc/sys/net/ipv4/ip_forward into the console and hit enter I didn't get the 1 or 0 or anything it went straight back to the command line?

Do you know what I've done and how to get it sorted?

Thanks for your help.

Tezdread
"With every solution comes a new problem"

DavidPhillips · 01-03-2003, 11:37 PM

you need a name of a table

like nat or whatever the name of the table is, if the firewall was created by one of the gui's it may be something else
this should work..

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"