LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-21-2005, 07:19 AM   #1
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Rep: Reputation: 0
Slackware 10.1 Problems and similiar stuff


Hi! I read ur forum for...not just a lil bit a read it almost all but couldnt solve my problem! The thing is, i have 2 computers! I use
Slackware 10.1 and i have eth0 (local) and eth1 (net)
I want to set that my other computer can accses internet through my... The other computer is using Windows XP PRO, i configured my eth's like this
Quote:
eth0 Link encap:Ethernet HWaddr 00:50:BA:C6:5F:0C
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
I USE DHCP!!
My internet connection is working really good, i just cant get my iptables or anything to work (firewall and that...) I used Guarddog created my own rules saved rc.firewall in /etc/rc.d/ but it doesnt work, i reeboted started nmap and nmapd my ip and the ports that shouldnt be working are still working! I tried to install firestarter but it needed some packacges so i installed that packages, but ever since i installed those packages my GIMP an XCHAT aint working... i get this message
Quote:
xchat: error while loading shared libraries: libXfixes.so.3: cannot open shared object file: No such file or directory
I really need to setup internet connection sharing! (On the other computer IP is set to 192.168.0.2 - subnet mask : 255.255.255.0 Default gateway : 192.168.0.1
and it doesnt work, i read tutorial on this site but cant get it to work... Hlp me pls...
 
Old 07-21-2005, 07:26 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
First, are you able to ping slackware machine (IP 192.168.0.1)
with the windows machine (IP 192.168.0.2) ?
 
Old 07-21-2005, 07:28 AM   #3
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Yes i am, i can ping in both directions...
 
Old 07-21-2005, 07:33 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Good, now you need ip_forward on the slackware machine, so :
chmod +x /etc/rc.d/rc.ip_forward
/etc/rc.d/rc.ip_forward start

And create /etc/rc.d/rc.firewall :
Code:
#!/bin/sh
IPT=/usr/sbin/iptables
$IPT -F
$IPT -t nat -F
$IPT -X
$IPT -t nat -X

$IPT -A FORWARD  -i eth0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED   -j ACCEPT
$IPT -A FORWARD  -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED       -j ACCEPT
$IPT -A POSTROUTING -t nat -o eth1 -j SNAT  --to-source 192.168.0.1
 
Old 07-21-2005, 07:38 AM   #5
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Ok i did that, do i need a reebot or something? Btw, how would i make my PSYBNC start in boot? i tried in rc.local but it cant start... And how would i fix that problem? btw. thx for the help i hope it works...
 
Old 07-21-2005, 07:42 AM   #6
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
No need to reboot, chmod +x /etc/rc.d/rc.firewall
and execute it : /etc/rc.d/rc.firewall

Sorry for asking but what is PSYBNC ?
 
Old 07-21-2005, 08:25 AM   #7
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Doesnt work, my browser stoped working after that, i could connect on iRC but couldt surf :/ psyBNC is an app to put ur nick on iRc even when ur not online it stays up :P
 
Old 07-21-2005, 08:30 AM   #8
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Your browser from windows or from slackware ?
(could be a dns problem)
 
Old 07-21-2005, 08:41 AM   #9
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Slackware the other comp. couldnt acses internet!
 
Old 07-21-2005, 08:56 AM   #10
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Could you post the output of /sbin/iptables -L -n ?
 
Old 07-21-2005, 09:47 AM   #11
frandalla
Member
 
Registered: Oct 2003
Location: Tokyo - Japan
Distribution: Slackware
Posts: 348
Blog Entries: 1

Rep: Reputation: 37
Does anyone remember about The Linux Documentation Project?
Taken from
http://www.tldp.org/HOWTO/IP-Masquer...-examples.html
Quote:
3.4.1. Configuring IP Masquerade on Linux 2.6.x and 2.4.x Kernels

Please note that IPCHAINS is no longer the primary firewall configuration tool for the 2.6.x and 2.4.x kernels. The new kernels now use the IPTABLES toolkit though the new 2.4.x kernels CAN still run most old IPCHAINS or IPFWADM rulesets via a compatiblity module. It should be noted that when in this mode, NO IPTABLES modules can be loaded. It should also be noted that none of the 2.2.x IPMASQ modules are compatible with 2.4.x kernels. For a more detailed reason for these changes, please see the Section 7.39 section.

Ok, as mentioned before, the /etc/rc.d/rc.local script will load the script called /etc/rc.d/rc.firewall once after every reboot. The script will load all required IPMASQ modules as well as enable the IPMASQ function. In advanced setups, this same file would contain very secure firewall rulesets as well.

Anyway, create the file /etc/rc.d/rc.firewall-iptables with the following initial SIMPLE ruleset:

<rc.firewall-iptables START>

#!/bin/sh
#
# rc.firewall-iptables
FWVER=0.76
#
# Initial SIMPLE IP Masquerade test for 2.6 / 2.4 kernels
# using IPTABLES.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
#
#
#
# Log:
# 0.76 - Added comments on why the default policy is ACCEPT
# 0.75 - Added more kernel modules to the comments section
# 0.74 - the ruleset now uses modprobe vs. insmod
# 0.73 - REJECT is not a legal policy yet; back to DROP
# 0.72 - Changed the default block behavior to REJECT not DROP
# 0.71 - Added clarification that PPPoE users need to use
# "ppp0" instead of "eth0" for their external interface
# 0.70 - Added commented option for IRC nat module
# - Added additional use of environment variables
# - Added additional formatting
# 0.63 - Added support for the IRC IPTABLES module
# 0.62 - Fixed a typo on the MASQ enable line that used eth0
# instead of $EXTIF
# 0.61 - Changed the firewall to use variables for the internal
# and external interfaces.
# 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
# all forwarded packets but it didn't have a rule to ACCEPT
# any packets to be forwarded either
# - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
# 0.50 - Initial draft
#

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"


# The location of the iptables and kernel module programs
#
# If your Linux distribution came with a copy of iptables,
# most likely all the programs will be located in /sbin. If
# you manually compiled iptables, the default location will
# be in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
#IPTABLES=/sbin/iptables
IPTABLES=/usr/local/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


#Setting the EXTERNAL and INTERNAL interfaces for the network
#
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the natting will occur and the internal network
# should preferably be addressed with a RFC1918 private address
# scheme.
#
# For this example, "eth0" is external and "eth1" is internal"
#
#
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
#
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"


#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==


echo -en " loading modules: "

# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO shows ALL IPTABLES
# options as MODULES. If your kernel is compiled correctly, there is
# NO need to load the kernel modules manually.
#
# NOTE: The following items are listed ONLY for informational reasons.
# There is no reason to manual load these modules unless your
# kernel is either mis-configured or you intentionally disabled
# the kernel module autoloader.
#

# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded:
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
# ===============================================================

echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated


#Load the stateful connection tracking framework - "ip_conntrack"
#
# The conntrack module in itself does nothing without other specific
# conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
# module
#
# - This module is loaded automatically when MASQ functionality is
# enabled
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc


#Load the general IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp


#Loads the IRC NAT functionality into the core IPTABLES code
# Required to support NAT of IRC DCC requests
#
# Disabled by default -- remove the "#" on the next line to activate
#
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"

# Just to be complete, here is a partial list of some of the other
# IPTABLES kernel modules and their function. Please note that most
# of these modules (the ipt ones) are automatically loaded by the
# master kernel module for proper operation and don't need to be
# manually loaded.
# --------------------------------------------------------------------
#
# ip_nat_snmp_basic - this module allows for proper NATing of some
# SNMP traffic
#
# iptable_mangle - this target allows for packets to be
# manipulated for things like the TCPMSS
# option, etc.
#
# --
#
# ipt_mark - this target marks a given packet for future action.
# This automatically loads the ipt_MARK module
#
# ipt_tcpmss - this target allows to manipulate the TCP MSS
# option for braindead remote firewalls.
# This automatically loads the ipt_TCPMSS module
#
# ipt_limit - this target allows for packets to be limited to
# to many hits per sec/min/hr
#
# ipt_multiport - this match allows for targets within a range
# of port numbers vs. listing each port individually
#
# ipt_state - this match allows to catch packets with various
# IP and TCP flags set/unset
#
# ipt_unclean - this match allows to catch packets that have invalid
# IP/TCP flags set
#
# iptable_filter - this module allows for packets to be DROPped,
# REJECTed, or LOGged. This module automatically
# loads the following modules:
#
# ipt_LOG - this target allows for packets to be
# logged
#
# ipt_REJECT - this target DROPs the packet and returns
# a configurable ICMP packet back to the
# sender.
#

echo -e " Done loading modules.\n"



#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#


#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
# Isn't ACCEPT insecure? To some degree, YES, but this is our testing
# phase. Once we know that IPMASQ is working well, I recommend you run
# the rc.firewall-*-stronger rulesets which set the defaults to DROP but
# also include the critical additional rulesets to still let you connect to
# the IPMASQ server, etc.
#
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nrc.firewall-iptables v$FWVER done.\n"

<rc.firewall-iptables STOP>

Once you are finished with editing the /etc/rc.d/rc.firewall ruleset, make it executable by typing in chmod 700 /etc/rc.d/rc.firewall-iptables

Now that the firewall ruleset is ready, you need to let it run after every reboot. You could either do this by running it by hand everytime (such a pain) or add it to the boot scripts. We have covered two methods below:

1. Redhat and Redhat-derived distros:

*

There are two ways to automatically load things in Redhat: /etc/rc.d/rc.local or a init script in /etc/rc.d/init.d/. The first method is the easiest. All you have to do is add the line:

echo "Loading the rc.firewall ruleset.. "
/etc/rc.d/rc.firewall-iptables

to the end of the /etc/rc.d/rc.local file and thats it (as described earlier in the HOWTO).
 
Old 07-21-2005, 01:19 PM   #12
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Frandala, what is the point of your posting ?

I tried to keep the steps required to enable ip forwarding
as minimal as possible, in a keep it simple way...

You come in and put a long pasted stuff here..why ?
 
Old 07-21-2005, 02:03 PM   #13
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Hum is that script allready configured for my problem? Or What? :/
 
Old 07-21-2005, 02:12 PM   #14
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Not really...

Could you ellaborate a little what your problem is ?

Also you didn't post the ' iptables -L -n ' output I requested...

[edit]
my bad, I forgot you use DHCP for eth1...
(frandalla, my apologies if somewhat you found me a little rude against you)

With dynamic IPs you need MASQUERADE, not SNAT
So rc.firewall becomes :
Code:
#!/bin/sh
IPT=/usr/sbin/iptables
$IPT -F
$IPT -t nat -F
$IPT -X
$IPT -t nat -X

$IPT -A FORWARD  -i eth0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED   -j ACCEPT
$IPT -A FORWARD  -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED       -j ACCEPT
$IPT -A POSTROUTING -t nat -o eth1 -j  MASQUERADE

Last edited by keefaz; 07-21-2005 at 02:28 PM.
 
Old 07-21-2005, 03:30 PM   #15
Mr-Sale
LQ Newbie
 
Registered: Jul 2005
Location: Slovenia
Distribution: Slackware 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
root@Sale:~# /etc/rc.d/rc.firewall
-bash: /etc/rc.d/rc.firewall: cannot execute binary file


Quote:
root@Sale:~# /sbin/iptables -L -n
-bash: /sbin/iptables: No such file or directory
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Program similiar to dameware phatbastard Linux - Software 6 09-19-2012 03:25 PM
Similiar to MAYA zenchicken Linux - Software 4 09-29-2005 10:45 PM
Debian firewalls similiar to APF Anon123 Debian 4 08-11-2004 01:40 PM
Just wondering if you can make graphics and similiar with C .. purpleburple Programming 4 10-01-2002 10:38 PM
anyone know that C forum that was setup similiar .. purpleburple Programming 2 09-30-2002 04:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration