Is this possible?

I have tried searching endlessly for this kind of information. I have ditched windows altogether after dual booting with linux for quite some time now, i started when i was 11 and the distros wernt too friendly back then, hence switching from windows to linux, linux was more of just an experiment, now 6 years on i have moved completely over to Mandriva LE2005, despite some troubles at first, everything is settling in. Now for my question:

As i said i have searched endlessly, my knowledge of networking in general is not the best, but the computer with Mandriva connects to the internet via dialup. Then there is another computer (windows xp) for the family connected to this computer via a hub. I completely forgot about internet and file sharing for that machine when i installed Linux, now my family is complaining about not accessing files (music etc.) and not being able to go on the internet. I have tried searching for ages to find some tutorials etc. I'm not sure on how to do it, i found many tutorials on sharing Linux to Linux, and files Linux to Windows (which i still can't get right) but nothign on Linux to Windows for the internet. Is this even possible? If it is not, then i must return to windows unfortunately If this is not possible, could someone tell me how to boot windows back because it doesnt come up on the LILO anymore, it did before, but when i installed YOPPER OS it went over it. Thanks in advance, sorry about this long message.



Garry

you can setup a proxy in your Linux box and let it act as a proxy server for the windows box or you can set up NAT and allow the windows box to access the net that way.

For Lin-Win file sharing you'll have to use Samba in your Linux Box.

Search on those. you'll find a lot of how-tos.

Thanks TheAce, you indonesian? I'm indonesian lol, well anyway i've been searching for a bit and i don't really know what i am looking for (to share internet) haha, have you, or anyone else, had any experience in setting this up and is able to give me some instructions, or point me in the right direction ?

Thanks

I'm staying in Indonesia but I'm not Indonesian.

Thing is I've never heard of the Distro you're using there so I dunno the software available for it.

For proxy server - Squid is by far the best. See if there's a port for it for your Distro

For NAT you must have some method of IP forwarding. For the Debian based distros (which is what I'm using) its Iptables. For your distro, I dunno.

For file sharing you must have Samba. See if there's a port for your distro.

Ahh fair enough

Ummm my distro was Mandrake, i'm sure you have heard of Mandrake before, they changed there name after acquiring Conectiva. Anyway, it's a shame there isn't an 'all in one' program to do this kind of stuff but oh well. I'm not familiar with the tools for the proxy and ip forwarding, file sharing i am aware of, i hear abotu Samba alot, i have on my distro LinNeighborhood which is an interface for samba? or something like that, simplified version anyway, and i also have Smb4k which i think has something to do with Samba< but my hunt for how-tos continue...thanks for the info.

Garry

In mandrake, you go to the control center, in the networking section, and there is a button to "share the internet connexion". I never tried it, but if it works, there can't be anything simpler!

Yves.

Hey theYinYeti, thanks for the resposne, i have tried that before, and i tried it again just now, it didn't work, i'm not sure if i may have to configure anything on the windows machine at all? Maybe its just sharing for Linux machines?

Thanks for the reply

Quote:

Originally posted by ardent Hey theYinYeti, thanks for the resposne, i have tried that before, and i tried it again just now, it didn't work, i'm not sure if i may have to configure anything on the windows machine at all? Maybe its just sharing for Linux machines? Thanks for the reply

Did you set the default gateway on the Windows machine to the IP address of your Linux box? What IP address is the Windows machine set to use?

Ok i set the default gateway to the IP of my linux box, now i can ping my linux box and vice versa...but the net isn't working on the linux box

Have i missed anything?

While typing this, i couldn't submit this post, my internet doesn't work, whenever i try setting up something to do with net sharing my internet seems to freeze up and the only way to fix it is to uninstall my network device and dimiss internet sharing...hmm...any suggestions?

Hi ardent,

For NAT, this HOWTO might be of use:

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/

There's a lot of information in that, a lot of which may or may not apply to your situation. The following page is probably the minimum that you could read to get it working (the exact setup would depend on how the Mandriva kernel is configured, and how your system is configured):

http://www.tldp.org/HOWTO/IP-Masquer...-examples.html

At the simplest level, internet forwarding on Linux consists of telling the kernel to forward (or route) packets from its LAN interface to the internet interface, and telling its firewall and NAT system (iptables in later versions of Linux) to translate LAN packets to internet packets.

With your setup (using a modem), that might consist of these 2 commands (as root):

# echo 1 > /proc/sys/net/ipv4/ip_forward

# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

That makes a whole lot of assumptions about how your kernel is configured, how Mandriva sets up networking and firewalling, and so on.

If you don't want to go fiddling with iptables, then using Squid as a proxy server is probably the best way to go. It should just about work out of the box if you can get a Mandriva package of it. As long as Mandriva is running a firewall between you and the net, then you shouldn't need to worry about access control and so on because you are on a trusted LAN. It might be necessary to change some settings in the configuration file to suit your network and system.

Squid will only allow web (including secure web) and FTP access; if the Windows machine will run any peer-to-peer file sharing software or internet multiplayer games (for two examples), you will need to use NAT. You can set up MSN Messenger to use a proxy, if that is going to be used; however I don't know if webcam, voice, or file sharing works that way.

As far as file sharing goes, I've used Samba in that situation before and it works quite well. If you're wanting to avoid M$-esque technologies altogether then a (read-only) method that I have used is running a web server (such as Apache) on my Linux machine. Or, you could run an FTP server such as vsftpd if you wanted read-write access. Obviously, Samba provides a solution that doesn't require users to learn anything different from what they're used to, which might be a good or bad thing depending on how you look at it.

Hopefully that will give you a bit of a start.

~sind

Hey sind, thats alot of info for me to take in, its a shame the complications of getting this to work (as much as i would love to do it) i really need a 'quick-fix' solution cause the parents are getting shitty, the kernel is out of the box, i haven't done anythign to it, when i got the two computers to talk to eachother earlier today via ping i thought i was on the right track to sharing internet access, but unfortunately my net then stopped working and just hanged, does anyone know how i can prevent this? Then i will get into doing what sind said cause maybe the only reason why the net wasn't working on the windows machine, was because it wasn't even working on the linux machine when i set it up...do i make sense? haha

Any info is appreciated!

I was thinking, is it possible or worthwhile to connect the modem to the Windows machine and use Windows internet sharing? That way you should be able to get it up and running fairly quickly.

Quote:

when i got the two computers to talk to eachother earlier today via ping i thought i was on the right track to sharing internet access, but unfortunately my net then stopped working and just hanged

You changed the default gateway on the Windows machine, right? Because if you change the default gateway on the Linux machine while you're connected to the net, it will probably overwrite the gateway set by the PPP session, preventing packets from being routed to the internet.

The output of the following commands, run as root while connected to the net on the Linux box would be really helpful (with the sharing setting enabled). It's a good idea to change any internet hostnames or IPs that identify your ISP or computer before posting the output here.

# iptables -L
# iptables -t nat -L
# route
# cat /proc/sys/net/ipv4/ip_forward

~sind

Yeh i wish i could do that but thye windows machine is on the other side of the house, and the phone line is here (we have a seperate one for the net) and the other machine doesn't have a modem, i guess i could put this one in there, but the main problem is the phone line won't reach and then we get into complciations of finding long cables etc. and also i want to be in control of the net

I set up internet sharing, i can again ping both computers, but my net stopped working...here is the output u requested:

[root@garry garry]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
ppp_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
ppp_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain Drop (1 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
dropInvalid all -- anywhere anywhere
DropSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn all -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain DropDNSrep (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp spt:domain

Chain DropSMB (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:135
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:135
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain DropUPnP (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:1900

Chain Reject (4 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
dropInvalid all -- anywhere anywhere
RejectSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn all -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain RejectAuth (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth

Chain RejectSMB (1 references)
target prot opt source destination
reject udp -- anywhere anywhere udp dpt:135
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:135
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere

Chain fw2loc (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere

Chain icmpdef (0 references)
target prot opt source destination

Chain loc2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT all -- anywhere anywhere

Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP all -- anywhere anywhere

Chain ppp_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2all all -- anywhere anywhere

Chain ppp_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2all all -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.1.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- 224.0.0.0/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 192.168.1.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- 224.0.0.0/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 224.0.0.0/4 anywhere


-----------

[root@garry garry]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
loc_dnat all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ppp_masq all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain loc_dnat (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128

Chain ppp_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 anywhere


--------------

[root@garry garry]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
203.55.231.88 * 255.255.255.255 UH 50 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 10 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 10 0 0 eth0
default 203.55.231.88 0.0.0.0 UG 50 0 0 ppp0

---------------------

[root@garry garry]# cat /proc/sys/net/ipv4/ip_forward
0


------------

I hope that helps, i have a feeling ive done something wrong with the gateway address, just maybe...what is it suppose to be? thank you all very much for your patience!

edit: oh yeh and my net stopped again, i disabled sharing it still didnt work, then i deleted sharing and it didnt work, so i deleted my ethernet card, THEN it worked, hope that helps

Umm.. do you KDE desktop manager in your linbox ?
If you do get Guarddog and Guidedog installed.
Guarddog is a firewall configurator (GUI based of cause) and Guidedog is port forwading. Basically enable Guidedog and you got NAT working. Use Guardog to setup the firewall so the network will have some security.

If you got the winbox to talk to the linbox then you are on the right track but you're still at the starting point. get nat up and you're prettymuch there.

As for smb4k, That's a samba client. You can use that to browse windows machine from your linbox. If you have that, I'm prety sure you got a Samba configurator in there somewhere as well.

what you need to do is to have both the win & lin machine on the same workgroup and share the folders in your linbox via samba so that your winbox can access them.

ip_forward should be 1 for NAT to work, so:

# echo 1 > /proc/sys/net/ipv4/ip_forward

The PREROUTING chain looks to be set up incorrectly for this situation, to me. It's set up to redirect HTTP packets to a proxy server on your machine. The following should stop that:

# iptables -t nat -F PREROUTING

The gateway address on the Linux machine looks OK. On the Windows machine, it should be whatever the IP address of the Linux machine is, ie '192.168.1.1'.

I probably should have asked for:

# iptables -L -v

and

# iptables -t nat -L -v

to see which interfaces belong to which rules. That firewall looks a bit hairy to me...

You could always try this script that I wrote:

Code:

#!/bin/bash

ipt=/usr/sbin/iptables

# Default actions
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT

# Flush existing rules
$ipt -F
$ipt -t nat -F

# Create some new chains to make things easier
$ipt -N ppp-eth
$ipt -N eth-ppp
$ipt -N invalid
$ipt -N estab

# The 'invalid' chain drops packets with an invalid state
$ipt -A invalid -m state --state INVALID -j DROP

# The 'estab' chain accepts packets for an already established
# connection
$ipt -A estab -m state --state RELATED,ESTABLISHED -j ACCEPT

# The 'ppp-eth' chain handles packets destined for the LAN
# from the internet
$ipt -A ppp-eth -j estab
$ipt -A ppp-eth -j DROP

# The 'eth-ppp' chain handles packets destined for the internet
# from the LAN
$ipt -A eth-ppp -j ACCEPT

# Incoming packets to this machine
$ipt -A INPUT -j invalid
$ipt -A INPUT -j estab
$ipt -A INPUT -i eth0 -j ACCEPT
$ipt -A INPUT -j DROP

# Outgoing packets from this machine
$ipt -A OUTPUT -j invalid
$ipt -A OUTPUT -j ACCEPT

# Packets being routed through this machine
$ipt -A FORWARD -j invalid
$ipt -A FORWARD -i ppp0 -o eth0 -j ppp-eth
$ipt -A FORWARD -i eth0 -o ppp0 -j eth-ppp
$ipt -A FORWARD -j DROP

# Apply Network Address Translation to packets from the
# LAN destined for the internet
$ipt -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Permit packets to be routed through this machine
echo 1 > /proc/sys/net/ipv4/ip_forward

I'm not a firewall expert, so I can't guarantee how secure that is (or if it will work properly - it seems to be letting me use my computer properly now, but I can't test it on a machine with two interfaces). Perhaps someone here can check it for me...

Just copy and paste it into a text file, then run as root:

# bash name_of_text_file

... Or maybe those GUI tools will be easier/better than any of that, up to you.

~sind