Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, Im sorry for posting this, this has been answered many times before, but i have searched and tried many tutorials (iv been sitting here for days) and im tearing my hair out trying to get the internet routing on my machine to work. I have 2 Ethernet ports, eth0 is connect to the internet and gets its ip info via DHCP from comcast, and eth1 is connected to my homes wireless router. I want to route the internet from eth0 to eth1 so my computers on the wireless network can access the internet and my Linux machine can access the internet. I have installed and tried Firestarter, but i get an unknown error when it starts. Another peculiar thing, when eth starts up, I get this:
Code:
[root@localhost ~]# service network restart
Shutting down interface eth0: Firewall started
[ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...dhclient(28705) is already running - exiting.
This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
http://bugzilla.redhat.com
exiting.
failed.
[FAILED]
Bringing up interface eth1: RTNETLINK answers: File exists
Error adding address 192.168.10.0 for eth1.
RTNETLINK answers: Invalid argument
[ OK ]
I have messed with a dhcp server, masquerading, iptables, routs, and im lost. Please help me, iv done more harm than good to my system! If theres anything anyone can point me to or help me with, it would be greatly appreciated. Thanks!
Code:
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
98.195.184.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 98.195.184.1 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:98.195.187.120 Bcast:255.255.255.255 Mask:255.255.248.0
inet6 addr: fe80::230:48ff:fe73:f42e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:389489 errors:0 dropped:0 overruns:0 frame:0
TX packets:156719 errors:0 dropped:0 overruns:0 carrier:0
collisions:272 txqueuelen:10
RX bytes:472244918 (450.3 MiB) TX bytes:11274003 (10.7 MiB)
Base address:0xb400 Memory:f2000000-f2020000
eth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.10.0 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe73:f42f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1144 errors:0 dropped:0 overruns:0 frame:0
TX packets:326 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:116884 (114.1 KiB) TX bytes:45178 (44.1 KiB)
Base address:0xb800 Memory:f2020000-f2040000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3685 errors:0 dropped:0 overruns:0 frame:0
TX packets:3685 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3501150 (3.3 MiB) TX bytes:3501150 (3.3 MiB)
[root@localhost ~]# iptables
iptables v1.3.8: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root@localhost ~]# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- cns.cmc.co.denver.comcast.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cns.cmc.co.denver.comcast.net anywhere
ACCEPT tcp -- cns.beaverton.or.bverton.comcast.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cns.beaverton.or.bverton.comcast.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 255.255.255.255
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 192.168.10.0
INBOUND all -- anywhere c-98-195-187-120.hsd1.tx.comcast.net
INBOUND all -- anywhere 192.168.10.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.10.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.10.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- c-98-195-187-120.hsd1.tx.comcast.net cns.cmc.co.denver.comcast.net tcp dpt:domain
ACCEPT udp -- c-98-195-187-120.hsd1.tx.comcast.net cns.cmc.co.denver.comcast.net udp dpt:domain
ACCEPT tcp -- c-98-195-187-120.hsd1.tx.comcast.net cns.beaverton.or.bverton.comcast.net tcp dpt:domain
ACCEPT udp -- c-98-195-187-120.hsd1.tx.comcast.net cns.beaverton.or.bverton.comcast.net udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (1 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:newacct
ACCEPT udp -- anywhere anywhere udp dpts:ftp-data:100
LSO all -- anywhere anywhere
At this point, i dont care if eth1 broadcasts this info by dhcp to my wireless router or not, i can do it by hand but i have no idea what to do, i have tried everything i can, im stuck.
I have the exact same setup, so let me see if I can help.
1. Since you are using your linux box as a router, don't use the wireless router as a router, only use the switch and wireless parts of it. (Don't plug anything in to the wan port. Your router should be plugged into one of the switch ports.)
2. Have you allowed ipv4 forwarding? (It looks like you have this setup in your networking init script).
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
3. Assign an address to your router eth1 interface. Setup the clients to use 192.168.10.1 as the default gateway.
Code:
ifconfig eth1 192.168.10.1 netmask 255.255.255.0
4. Setup a basic iptables implementation that NAT's traffic
Code:
#!/bin/bash
##Start fresh
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
## Set default policy to drop
iptables -P INPUT DROP
iptables -P FORWARD DROP
## Allow established traffic
iptables -A INPUT -m state --state established,related -j ACCEPT
iptables -A FORWARD -m state --state established,related -j ACCEPT
## Allow localhost traffic
iptables -A INPUT -i lo -j ACCEPT
## Allow traffic from the local net to your internal interface
iptables -A INPUT -i eth1 -s 192.168.10.0/24 -j ACCEPT
## NAT traffic and allow forwarding
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
Once you get this working, you can setup your rules a bit more restrictive. You can let your router handle the dhcp, or you can setup a dhcp server on your box as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
