LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-17-2005, 12:39 PM   #1
props666999
Member
 
Registered: Oct 2003
Location: Greece
Posts: 260

Rep: Reputation: 30
Dhcp eth0 and XP eth1 internet sharing


Hello

Trying to share internet connection .

2 boxes ,one slackware with two ethernet eth0 (sis900 module receives internet via DHCP from modem -dynamic ip)
and eth1 (dmfe module ) which should send internet to my connected windows
laptop


eth0 DHCP
eth1 192.168.2.1 Default mask 255.255.255.0
XP 192.168.2.2

by now nic modules and iptables modules are loaded properly

i can ping from any to any computer

this is my iptables script

Code:
!/bin/sh
IPT=/usr/sbin/iptables
$IPT -F
$IPT -t nat -F
$IPT -X
$IPT -t nat -X

$IPT -A FORWARD  -i eth0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED   -j ACCEPT
$IPT -A FORWARD  -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED       -j ACCEPT
$IPT -A POSTROUTING -t nat -o eth1 -j  MASQUERADE
My xp box cannot see WEB
I used guarddog but too messy

Any help very appreciated
Thanks

Last edited by props666999; 08-17-2005 at 04:52 PM.
 
Old 08-17-2005, 01:27 PM   #2
PenguinPwrdBox
Member
 
Registered: Oct 2003
Location: /illinois/chicago
Distribution: Slackware/Gentoo/FC/RHEL
Posts: 568

Rep: Reputation: 30
What do you mean you can't see the web?
Can you resolve DNS?
What is your DNS Server in the XP machine?
 
Old 08-17-2005, 01:49 PM   #3
props666999
Member
 
Registered: Oct 2003
Location: Greece
Posts: 260

Original Poster
Rep: Reputation: 30
Thanks PenguinPwrdBox for the reply

There is no internet at all , the DNS is empty there is nothing there
 
Old 08-17-2005, 02:06 PM   #4
gbonvehi
Senior Member
 
Registered: Jun 2004
Location: Argentina (SR, LP)
Distribution: Slackware
Posts: 3,145

Rep: Reputation: 51
Try adding:
Code:
# Turn on IP NAT
echo "Turn on IP NAT"
echo "1" > /proc/sys/net/ipv4/ip_forward
 
Old 08-17-2005, 02:22 PM   #5
props666999
Member
 
Registered: Oct 2003
Location: Greece
Posts: 260

Original Poster
Rep: Reputation: 30
I have added the last statement but i think is already active since i did
it through the pkgtool

since i haven't done this before ,do i need to do something extra apart from
loading the modules and writing the firewall for sharing the internet ?
 
Old 08-18-2005, 02:28 AM   #6
Nille_kungen
Member
 
Registered: Jul 2005
Posts: 206

Rep: Reputation: 43
There's an guide at this link: http://slackwarehelp.org/viewtopic.php?t=14
But that guide doesn't make an secure firewall so you will need to change the firewall.
But atleast it might let you know whats need to be done.
 
Old 08-20-2005, 09:22 AM   #7
props666999
Member
 
Registered: Oct 2003
Location: Greece
Posts: 260

Original Poster
Rep: Reputation: 30
possible dns error

this is my firewall script
Code:
IPTABLES=/usr/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe



#  NOTE:  If this doesnt EXACTLY fit your configuration, you must
#         change the EXTIF or INTIF variables above. For example:
#
#            If you are a PPPoE or analog modem user:
#
#               EXTIF="ppp0"
#
#
EXTIF="eth0"
INTIF="eth1"
echo "   External Interface:  $EXTIF"
echo "   Internal Interface:  $INTIF"




echo -en "   loading modules: "

# Need to verify that all modules have all required dependencies
#
echo "  - Verifying that all kernel modules are ok"
$DEPMOD -a
#Load the main body of the IPTABLES module - "iptable"
#  - Loaded automatically when the "iptables" command is invoked
#
#  - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the IPTABLES filtering module - "iptable_filter"
#  - Loaded automatically when filter policies are activated



echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc


#Load the general IPTABLES NAT code - "iptable_nat"
#  - Loaded automatically when MASQ functionality is turned on
#
#  - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp


#Loads the IRC NAT functionality into the core IPTABLES code
# Required to support NAT of IRC DCC requests
#
# Disabled by default -- remove the "#" on the next line to activate
#
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"

# Just to be complete, here is a partial list of some of the other
# IPTABLES kernel modules and their function.  Please note that most
# of these modules (the ipt ones) are automatically loaded by the
# master kernel module for proper operation and don't need to be
# manually loaded.
# --------------------------------------------------------------------
#
#    ip_nat_snmp_basic - this module allows for proper NATing of some
#                        SNMP traffic
#
#    iptable_mangle    - this target allows for packets to be
#                        manipulated for things like the TCPMSS
#                        option, etc.
#
# --
#
#    ipt_mark       - this target marks a given packet for future action.
#                     This automatically loads the ipt_MARK module
#
#    ipt_tcpmss     - this target allows to manipulate the TCP MSS
#                     option for braindead remote firewalls.
#                     This automatically loads the ipt_TCPMSS module
#
#    ipt_limit      - this target allows for packets to be limited to
#                     to many hits per sec/min/hr
#
#    ipt_multiport  - this match allows for targets within a range
#                     of port numbers vs. listing each port individually
#
#    ipt_state      - this match allows to catch packets with various
#                     IP and TCP flags set/unset
#
#    ipt_unclean    - this match allows to catch packets that have invalid
#                     IP/TCP flags set
#
#    iptable_filter - this module allows for packets to be DROPped,
#                     REJECTed, or LOGged.  This module automatically
#                     loads the following modules:
#
#                     ipt_LOG - this target allows for packets to be
#                               logged
#
#                     ipt_REJECT - this target DROPs the packet and returns
#                                  a configurable ICMP packet back to the
#                                  sender.
#

echo -e "   Done loading modules.\n"



#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
#           Redhat Users:  you may try changing the options in
#                          /etc/sysconfig/network from:
#
#                       FORWARD_IPV4=false
#                             to
#                       FORWARD_IPV4=true
#
echo "   Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP,
#   enable this following option.  This enables dynamic-address hacking
#   which makes the life with Diald and similar programs much easier.
#
echo "   Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# Enable simple IP forwarding and Masquerading
#
#  NOTE:  In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
#  NOTE #2:  The following is an example for an internal LAN address in the
#            192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
#            connecting to the Internet on external interface "eth0".  This
#            example will MASQ internal traffic out to the Internet but not
#            allow non-initiated traffic into your internal network.
#
#
#         ** Please change the above network numbers, subnet mask, and your
#         *** Internet connection interface name to match your setup
#


#Clearing any previous configuration
#
#  Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
#    The default for FORWARD is DROP (REJECT is not a valid policy)
#
#   Isn't ACCEPT insecure?  To some degree, YES, but this is our testing
#   phase.  Once we know that IPMASQ is working well, I recommend you run
#   the rc.firewall-*-stronger rulesets which set the defaults to DROP but
#   also include the critical additional rulesets to still let you connect to
#   the IPMASQ server, etc.
#
echo "   Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo "   FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j                                             ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE


my lsmod :

Code:
ipt_MASQUERADE          3592  1
ip_nat_ftp              2752  0
ip_conntrack_irc       70928  0
ip_conntrack_ftp       71696  1 ip_nat_ftp
ohci_hcd               19012  0
snd_emu10k1           112004  0
snd_rawmidi            20512  1 snd_emu10k1
snd_util_mem            3328  1 snd_emu10k1
snd_hwdep               7072  1 snd_emu10k1
usb_storage            30404  0
usbcore                78340  2 ohci_hcd,usb_storage
scsi_mod               79556  1 usb_storage
radeon                 75392  1
drm                    60628  2 radeon
dmfe                   18588  0
sis900                 18432  0
sis_agp                 6148  1
agpgart                29448  2 drm,sis_agp
ipt_state               1536  1
ipt_limit               1920  0
ipt_LOG                 6336  1
iptable_nat            22932  3 ipt_MASQUERADE,ip_nat_ftp
iptable_mangle          2240  0
iptable_filter          2304  1
ip_conntrack           47200  6 ipt_MASQUERADE,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_ftp,ipt_state,iptable_nat
ip_tables              22080  7 ipt_MASQUERADE,ipt_state,ipt_limit,ipt_LOG,iptable_nat,iptable_mangle,iptable_filter

ifconfig -a output



Why my xp box does not have internet ?

Code:
eth0      Link encap:Ethernet  HWaddr 00:0D:61:57:44:2F
          inet addr:xx.xx.xx.xx  Bcast:255.255.255.255  Mask:255.0.0.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1251 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1372 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:622539 (607.9 Kb)  TX bytes:208947 (204.0 Kb)
          Interrupt:10 Base address:0xd800

eth1      Link encap:Ethernet  HWaddr 00:80:AD:04:29:E2
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:11 Base address:0xe400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:100 (100.0 b)  TX bytes:100 (100.0 b)
and the route -n
Code:
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
87.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         xx.xx.xx.xx 0.0.0.0         UG    0      0        0 eth0
some facts

i followed the http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/

and im stuck where from the client xp box i can ping succesfully the IP of my ISP and any other
ip address . i cannot ping gmai.com for example but i can ping its ip address. DNS is likely the problem


Thanks

Last edited by props666999; 08-20-2005 at 09:24 AM.
 
Old 08-20-2005, 09:37 AM   #8
props666999
Member
 
Registered: Oct 2003
Location: Greece
Posts: 260

Original Poster
Rep: Reputation: 30
Well few seconds after posting to this thread

i added a second dns address on my xp box under TCP/IP

with just the preferred DNS server didn't work (though its a curent one )

i had to enter the Alternate DNS server and i can see my google home page

Cheers
 
Old 08-20-2005, 09:48 AM   #9
Nille_kungen
Member
 
Registered: Jul 2005
Posts: 206

Rep: Reputation: 43
Good u solved it but the last error u described sounded like wrong nameserver.
I usaly but nameserver in /etc/dhcpd.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
eth1 added, mysql connections FROM this machine are from eth1. Need bound to eth0??? kreese Linux - Networking 9 03-31-2004 12:12 PM
DHCP using eth1 for internet eht0 for router... Zero-0-Effect Linux - Networking 12 01-17-2004 04:06 PM
Kernel 2.4.22 finds eth0 and eth1 but 2.6.0 does not find eth1 coollink Linux - Networking 3 01-13-2004 07:32 PM
Internet connection sharing and dhcp SolidSnake Linux - Networking 26 12-02-2003 10:23 AM
It dznt matter wheter eth0 (internet) or eth1(my lan) lelski Linux - General 1 06-07-2003 08:36 PM


All times are GMT -5. The time now is 08:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration