LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-08-2002, 11:49 AM   #1
Neur0tek
LQ Newbie
 
Registered: Apr 2002
Location: USA
Distribution: SuSE 8.0
Posts: 23

Rep: Reputation: 15
IP_Forward


I have been trying to get my Linux machine as a broadband gateway. In the machine are two NIC's eth0 and eth1. eth1 is working as a DHCP server to the WinXP machine and eth0 is my external. I have tried to use SuSE Firewall2 and it's ability to Masquerade but WinXP still will not go out onto the net. Does anyone know what I am supposed to configure? Is the WinXP machine supposed to use eth1 as the gateway and eth1 to use eth0 as the gateway? If so where do I change that?
 
Old 05-08-2002, 02:55 PM   #2
akohlsmith
Member
 
Registered: Apr 2002
Distribution: Slackware
Posts: 114

Rep: Reputation: 15
The easiest solution

Is to hop on freshmeat.net and grab just about any of the firewalling script packages. Or, if you're feeling oldskool, go to www.netfilter.org and do some reading. :-)
 
Old 05-08-2002, 04:19 PM   #3
Neur0tek
LQ Newbie
 
Registered: Apr 2002
Location: USA
Distribution: SuSE 8.0
Posts: 23

Original Poster
Rep: Reputation: 15
Going to try the old skool way
 
Old 05-08-2002, 05:09 PM   #4
Druaga
Member
 
Registered: May 2002
Location: Canada
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
go into (or open up) a terminal.
type:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ipchains -P forward DENY
# ipchains -A forward -i eth0 -j MASQ

this is assuming your internet etherface is eth0 and that you are using ipchains.

you must have your computers behind the gateway set-up to have it as their gateway, and that should be it. easy.

you could also think about running a proxy server, i am running squid on a redhat machine that serves my internet to the rest of my network.

there is also a lengthy thread about just this at www.ms-eradication.org forums.
I cant post the direct link to the thread because this site censors swearing.

Last edited by Druaga; 05-08-2002 at 05:12 PM.
 
Old 05-08-2002, 06:03 PM   #5
akohlsmith
Member
 
Registered: Apr 2002
Distribution: Slackware
Posts: 114

Rep: Reputation: 15
wow you just eliminated my career

your firewalls are state-of-the-art, drugga!

How about providing the guy a little security :-)
 
Old 05-08-2002, 06:08 PM   #6
Druaga
Member
 
Registered: May 2002
Location: Canada
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
i was talking about strictly forwarding/masquerading.
when you add security make sure to add:
# ipchains -A output -d .microsoft.com -j DENY
# ipchains -A input -s .microsoft.com -j DENY
to make it even more secure do an "nslookup microsoft.com" and deny all of microsofts IP addresses from contacting your network or from your computers contacting microsoft
 
Old 05-09-2002, 08:54 AM   #7
Neur0tek
LQ Newbie
 
Registered: Apr 2002
Location: USA
Distribution: SuSE 8.0
Posts: 23

Original Poster
Rep: Reputation: 15
Yeah I had it set like Drugga said when I first started and I still cannot get the XP machine to grab onto any bandwidth. I put ipchains 1.2.6a on it and all my tests come out fine. I can ping the internal ip from XP but I cannot get the external. After going through every HOWTO from tldp and a few others I think I have SuSE firewall so confused that it doesn't know what to do.
At first I thought it mght be a Kernel issue but when I do an ls on the Kernel it comes back with everything in check. It's a newbie screwup somewhere. Where the obvious thing is eluding me. I just don't know where to look first.
 
Old 05-09-2002, 09:08 AM   #8
akohlsmith
Member
 
Registered: Apr 2002
Distribution: Slackware
Posts: 114

Rep: Reputation: 15
XP

Make sure that other computers can see the world from behind the firewall; you need to narrow down the problem to find the cause.

Offhand, make sure that the XP machine has its default gateway set to the IP of your firewall's internal network address and that XP has some nameservers set up.
 
Old 05-09-2002, 09:42 AM   #9
Neur0tek
LQ Newbie
 
Registered: Apr 2002
Location: USA
Distribution: SuSE 8.0
Posts: 23

Original Poster
Rep: Reputation: 15
Ok so just to make sure...my eth1 is set at 192.168.1.2...XP sees the default gateway as 192.168.1.254. so I can ping 192.168.1.2 with no problem. As for name servers...can you elaborrate on that? I guess my next post should have the all the info on it. I am at work so I am having to do this from memory at the moment.
 
Old 05-09-2002, 09:44 AM   #10
Neur0tek
LQ Newbie
 
Registered: Apr 2002
Location: USA
Distribution: SuSE 8.0
Posts: 23

Original Poster
Rep: Reputation: 15
Oh errrr...ok so I should be setting the XP machine to see the gateway of 192.168.1.2? I just read that and it kind of clicked...or was it a fizzle?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tracking changes to the ip_forward variable gauge73 Linux - Networking 1 08-21-2005 02:51 PM
lost rc.ip_forward hardknox Slackware 5 03-24-2005 04:32 PM
ip_forward mikz Slackware 2 02-01-2005 04:49 AM
how to set ip_forward on at startup? enjoyzj Linux - Networking 4 04-16-2004 10:56 AM
ip_forward Sathe Linux - Networking 2 10-19-2001 12:53 AM


All times are GMT -5. The time now is 12:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration