LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-10-2003, 03:02 PM   #1
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Rep: Reputation: 0
Unhappy Internet Connection Sharing from RH9


Hey everyone,

I'd like to thank all you people helping us linux noobs with our problems! Although this is my first post, this forum has really helped me get going on linux! You guys rule!!! Keep it up!!

I have a dual boot winxp/rh9 system and I'd like to get internet connection sharing working on RH9 with another machine that's win98 (winxp/rh9 is gateway). On winxp, the internet sharing works but I can't seem to get it to work on linux. I'm using a cable modem with the internet abled machine /w DHCP.

The LAN is up and running with samba installed and I am able to ping both machines from either machine so I think it's a question of iptables.

I typed these in the the shell as was suggested by some people but my other machine still can't access the net.

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A POSTROUTING -t nat -s $CLIENT_IP -j MASQUERADE

A few people also mentioned firestarter but when I went on their website, they only had RH8 rpms... Can I install RH8 rpms on RH9?

Thanks!

P.S. Is there anyway to change the scroll speed on the mouse on RH9?


Here's my ifconfig output:

eth0 Link encap:Ethernet HWaddr 00:80:C6:EC:CB:37
inet addr:xx.xx.xx.xx Bcast:24.82.59.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6343 errors:0 dropped:0 overruns:0 frame:0
TX packets:6555 errors:0 dropped:0 overruns:0 carrier:0
collisions:7 txqueuelen:100
RX bytes:5335328 (5.0 Mb) TX bytes:986120 (963.0 Kb)
Interrupt:5 Base address:0xe000

eth1 Link encap:Ethernet HWaddr 00:20:78:06:58:44
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:478 errors:0 dropped:0 overruns:0 frame:0
TX packets:354 errors:4 dropped:0 overruns:0 carrier:8
collisions:0 txqueuelen:100
RX bytes:47818 (46.6 Kb) TX bytes:34836 (34.0 Kb)
Interrupt:9

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:63277 errors:0 dropped:0 overruns:0 frame:0
TX packets:63277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4317042 (4.1 Mb) TX bytes:4317042 (4.1 Mb)
 
Old 06-10-2003, 03:19 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Have you got 192.168.0.1 set as the gateway for the 98 machine (I think you probably use 192.168.0.1 for both xp and linux - am I right?)

On the 98 box can you ping either:
ping www.linuxquestions.org
ping 64.179.4.146

If the answer is no to both then try:
echo 1 > /proc/sys/net/ipv4/ip_forward

If you can ping the ip then check your DNS settings on 98. If that fails can you post the output of iptables -L
 
Old 06-10-2003, 03:40 PM   #3
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
Have you got 192.168.0.1 set as the gateway for the 98 machine (I think you probably use 192.168.0.1 for both xp and linux - am I right?)
Yep, both OS's use 192.168.0.1 and gateway on the other machine is also set to that IP.



Quote:
On the 98 box can you ping either:
ping www.linuxquestions.org
ping 64.179.4.146

If the answer is no to both then try:
echo 1 > /proc/sys/net/ipv4/ip_forward
Nope, I can't ping either. When I ping www.linuxquestions.org, no output happens and it just stalls until I ctrl+c out.


Here's my iptables -L output


Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- ns2wh.vc.shawcable.net anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- ns1wh.vc.shawcable.net anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
 
Old 06-10-2003, 03:41 PM   #4
MArgRes
Member
 
Registered: Jun 2003
Distribution: Fedora Core 2
Posts: 37

Rep: Reputation: 15
If you think it's an iptables problem:

When I think I'm dropping packets, and want to see what's being dropped, I do something like:

/sbin/iptables -N logdrop
/sbin/iptables -A logdrop -m limit --limit 5/hour --limit-burst 2 -j LOG --log-prefix "IPTABLES MATCH: "
/sbin/iptables -A logdrop -j DROP

/sbin/iptables -A INPUT -j logdrop
/sbin/iptables -A OUTPUT -j logdrop

When you put the last two chains at the very end of your existing INPUT/OUTPUT chains, it will only log and drop the packets that are passing through everything else. That way, you're only logging the ones that are for some reason not being allowed through from another chain (assuming that you're policy is to drop everything first and then allow second).

Then you can just go into /var/log/messages and look for the output to find out exactly what packets are being dropped and can adjust your iptables accordingly.

Hope that helps!!!
 
Old 06-10-2003, 03:59 PM   #5
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
did you enable ip forwarding with the echo command shown by david_ross
if not please do so and if you have then make a backup of your iptables and and then run
iptables -t filter --flush
iptables -t nat --flush
now add just enough back to the tables to route the 2 ips and see what you can do if that works add the restrictions back in one at a time.
 
Old 06-10-2003, 04:30 PM   #6
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Original Poster
Rep: Reputation: 0
How would I go about backing up my iptables?
 
Old 06-10-2003, 04:41 PM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
service iptables save
 
Old 06-10-2003, 04:46 PM   #8
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Original Poster
Rep: Reputation: 0
MArgRes, I tried doing what you did but for some reason, it killed my internet connection on the linux machine.

I flushed the iptables just as jchristman suggested and readded these lines

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A POSTROUTING -t nat -s $CLIENT_IP -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Still doesn't work...
Here's the new output of iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination

Chain logdrop (0 references)
target prot opt source destination
 
Old 06-10-2003, 04:52 PM   #9
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
cp /etc/sysconfig/iptables ~/iptables.bak

Before doing this I would cat this file to make sure everything is there. The differant lines for *filter , *nat, and *mangle
this is the way they should be seperated too (with the * attached to the table name).
 
Old 06-10-2003, 04:54 PM   #10
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
you may also want to backup your host.deny and host.allow files and then remove all entries in them.
 
Old 06-10-2003, 05:03 PM   #11
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Original Poster
Rep: Reputation: 0
I don't have any entries in the hosts.allow and hosts.deny files.
 
Old 06-10-2003, 05:11 PM   #12
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
-A FORWARD -d 192.168.0.0 -i eth1 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT

replace the 192.168.0.0 to the ipaddress your are forwarding to
you might need to also change eth1. You need to due this for all ports you wish to forward.
give this a try
 
Old 06-10-2003, 05:15 PM   #13
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
with the above iptable command eth0 is the internet line and eth1 is the inside line.
so it says to forward everything i receive to the inside card and to this ipaddress.
 
Old 06-10-2003, 05:18 PM   #14
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
that will make you act like a router though
 
Old 06-10-2003, 05:21 PM   #15
jrwu
LQ Newbie
 
Registered: Jun 2003
Location: Vancouver/Toronto
Distribution: Redhat 9
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
replace the 192.168.0.0 to the ipaddress your are forwarding to
Would that be the gateway ip address?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Connection Sharing basix Red Hat 2 06-25-2004 09:15 PM
Sharing a win98 internet connection with RH9 sausagejohnson Linux - Networking 3 06-09-2004 01:47 PM
Internet Connection Sharing between win200 and rh9 tricky_linux Linux - Software 1 12-11-2003 10:04 AM
How to check kernel (RH9) is support for Internet connection sharing?? TYLin Linux - Hardware 0 06-18-2003 03:39 AM
Sharing internet connection in RH9 rainmasterrr Linux - Networking 1 04-29-2003 03:14 AM


All times are GMT -5. The time now is 10:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration