LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-11-2008, 03:10 PM   #1
macdudeosx
LQ Newbie
 
Registered: May 2006
Posts: 27

Rep: Reputation: 1
Internet routing on Fedora 8


Ok, Im sorry for posting this, this has been answered many times before, but i have searched and tried many tutorials (iv been sitting here for days) and im tearing my hair out trying to get the internet routing on my machine to work. I have 2 Ethernet ports, eth0 is connect to the internet and gets its ip info via DHCP from comcast, and eth1 is connected to my homes wireless router. I want to route the internet from eth0 to eth1 so my computers on the wireless network can access the internet and my Linux machine can access the internet. I have installed and tried Firestarter, but i get an unknown error when it starts. Another peculiar thing, when eth starts up, I get this:


Code:
[root@localhost ~]# service network restart
Shutting down interface eth0:  Firewall started
                                                           [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  
Determining IP information for eth0...dhclient(28705) is already running - exiting. 
This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
    http://bugzilla.redhat.com
exiting.
 failed.
                                                           [FAILED]
Bringing up interface eth1:  RTNETLINK answers: File exists
Error adding address 192.168.10.0 for eth1.
RTNETLINK answers: Invalid argument
                                                           [  OK  ]

I have messed with a dhcp server, masquerading, iptables, routs, and im lost. Please help me, iv done more harm than good to my system! If theres anything anyone can point me to or help me with, it would be greatly appreciated. Thanks!

Code:
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
98.195.184.0    0.0.0.0         255.255.248.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         98.195.184.1    0.0.0.0         UG    0      0        0 eth0

[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          inet addr:98.195.187.120  Bcast:255.255.255.255  Mask:255.255.248.0
          inet6 addr: fe80::230:48ff:fe73:f42e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:389489 errors:0 dropped:0 overruns:0 frame:0
          TX packets:156719 errors:0 dropped:0 overruns:0 carrier:0
          collisions:272 txqueuelen:10 
          RX bytes:472244918 (450.3 MiB)  TX bytes:11274003 (10.7 MiB)
          Base address:0xb400 Memory:f2000000-f2020000 

eth1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          inet addr:192.168.10.0  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:fe73:f42f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:326 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:116884 (114.1 KiB)  TX bytes:45178 (44.1 KiB)
          Base address:0xb800 Memory:f2020000-f2040000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3685 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3685 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3501150 (3.3 MiB)  TX bytes:3501150 (3.3 MiB)

[root@localhost ~]# iptables
iptables v1.3.8: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root@localhost ~]# iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  cns.cmc.co.denver.comcast.net  anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN 
ACCEPT     udp  --  cns.cmc.co.denver.comcast.net  anywhere            
ACCEPT     tcp  --  cns.beaverton.or.bverton.comcast.net  anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN 
ACCEPT     udp  --  cns.beaverton.or.bverton.comcast.net  anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
DROP       all  --  anywhere             255.255.255.255     
DROP       all  --  anywhere             255.255.255.255     
DROP       all  --  255.255.255.255      anywhere            
DROP       all  --  anywhere             default             
DROP       all  --  anywhere             anywhere            state INVALID 
LSI        all  -f  anywhere             anywhere            limit: avg 10/min burst 5 
INBOUND    all  --  anywhere             anywhere            
INBOUND    all  --  anywhere             192.168.10.0        
INBOUND    all  --  anywhere             c-98-195-187-120.hsd1.tx.comcast.net 
INBOUND    all  --  anywhere             192.168.10.255      
LOG_FILTER  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Input' 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
OUTBOUND   all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             192.168.10.0/24     state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             192.168.10.0/24     state RELATED,ESTABLISHED 
LOG_FILTER  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Forward' 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  c-98-195-187-120.hsd1.tx.comcast.net  cns.cmc.co.denver.comcast.net tcp dpt:domain 
ACCEPT     udp  --  c-98-195-187-120.hsd1.tx.comcast.net  cns.cmc.co.denver.comcast.net udp dpt:domain 
ACCEPT     tcp  --  c-98-195-187-120.hsd1.tx.comcast.net  cns.beaverton.or.bverton.comcast.net tcp dpt:domain 
ACCEPT     udp  --  c-98-195-187-120.hsd1.tx.comcast.net  cns.beaverton.or.bverton.comcast.net udp dpt:domain 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  255.255.255.255      anywhere            
DROP       all  --  anywhere             default             
DROP       all  --  anywhere             anywhere            state INVALID 
OUTBOUND   all  --  anywhere             anywhere            
OUTBOUND   all  --  anywhere             anywhere            
LOG_FILTER  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Output' 

Chain INBOUND (4 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
LSI        all  --  anywhere             anywhere            

Chain LOG_FILTER (5 references)
target     prot opt source               destination         

Chain LSI (2 references)
target     prot opt source               destination         
LOG_FILTER  all  --  anywhere             anywhere            
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST 
LOG        icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
DROP       icmp --  anywhere             anywhere            icmp echo-request 
LOG        all  --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' 
DROP       all  --  anywhere             anywhere            

Chain LSO (1 references)
target     prot opt source               destination         
LOG_FILTER  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTBOUND (3 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:ftp-data:newacct 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:ftp-data:100 
LSO        all  --  anywhere             anywhere
 
Old 05-11-2008, 05:12 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
eth1 needs to be anything from 1 to 254. 192.168.10.1 as an example.

Brian
 
Old 05-11-2008, 07:42 PM   #3
macdudeosx
LQ Newbie
 
Registered: May 2006
Posts: 27

Original Poster
Rep: Reputation: 1
I did that, and i set my wireless router :

ip= 192.168.10.2
sub= 255.255.255.0
Router Address= 192.168.10.1

The wireless router says is can detect the server, but there is no internet.

eth1 is configured:

ip= 192.168.10.1
sub= 255.255.255.0
Gateway= 98.195.187.120

my ip= 98.195.187.120 by dchp by my isp.

At this point, i dont care if eth1 broadcasts this info by dhcp to my wireless router or not, i can do it by hand but i have no idea what to do, i have tried everything i can, im stuck.
 
Old 05-11-2008, 08:09 PM   #4
jonlake
Member
 
Registered: Apr 2004
Distribution: Slackware 11.0, Gentoo
Posts: 252

Rep: Reputation: 31
I have the exact same setup, so let me see if I can help.

1. Since you are using your linux box as a router, don't use the wireless router as a router, only use the switch and wireless parts of it. (Don't plug anything in to the wan port. Your router should be plugged into one of the switch ports.)

2. Have you allowed ipv4 forwarding? (It looks like you have this setup in your networking init script).
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
3. Assign an address to your router eth1 interface. Setup the clients to use 192.168.10.1 as the default gateway.
Code:
ifconfig eth1 192.168.10.1 netmask 255.255.255.0
4. Setup a basic iptables implementation that NAT's traffic
Code:
#!/bin/bash
##Start fresh
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

## Set default policy to drop
iptables -P INPUT DROP
iptables -P FORWARD DROP

## Allow established traffic
iptables -A INPUT -m state --state established,related -j ACCEPT
iptables -A FORWARD -m state --state established,related -j ACCEPT

## Allow localhost traffic
iptables -A INPUT -i lo -j ACCEPT

## Allow traffic from the local net to your internal interface
iptables -A INPUT -i eth1 -s 192.168.10.0/24 -j ACCEPT

## NAT traffic and allow forwarding
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT

Once you get this working, you can setup your rules a bit more restrictive. You can let your router handle the dhcp, or you can setup a dhcp server on your box as well.

Last edited by jonlake; 05-11-2008 at 08:16 PM.
 
Old 05-12-2008, 05:53 PM   #5
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
Is eth1 connected to the Wan or the Lan side of the wireless router?

Brian
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing internet to windows Maiios Linux - Networking 13 03-03-2004 06:18 PM
routing two NICs to internet pero Linux - Networking 4 01-09-2004 05:36 PM
Routing to Internet dunmarie Linux - Networking 6 09-18-2003 07:19 AM
Internet routing broke CurlyMo Linux - Networking 5 04-07-2003 04:55 PM
Internet, routing and bridge Gorchi Linux - Networking 3 03-01-2003 10:29 PM


All times are GMT -5. The time now is 06:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration