LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   slackware router config problem (http://www.linuxquestions.org/questions/slackware-14/slackware-router-config-problem-292490/)

meesterexx 02-19-2005 11:48 PM

slackware router config problem
 
I'm trying to setup a slackware box as a simple home router. The problem I am having is that eth0 (wan) sees the internet(cable modem) fine and eth1(lan) is serving dhcp to my windows boxes fine but the windows boxes (lan-eth1) can't see the internet (wan-eth0). Ipforwarding is enabled (rc.ip_forward is executing at startup) and I have not yet set up any firewall rules. I was waiting to get the router working before securing the lan side. I'm sure I'm missing something simple, but several hours of googling has revealed nothing. The problem seems to be that eth1 (lan) is not forwarding requests to eth0 (wan). Ipconfig /all on windows box reveals all information including gateway and dns servers is being passed correctly.
Any ideas would be appreciated...
below is some relevant information:
===================================
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#
default-lease-time 86400;
max-lease-time 604800;
ddns-update-style none;

subnet 192.168.123.0 netmask 255.255.255.0 {
range 192.168.123.10 192.168.123.20;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.123.255;
option routers 192.168.123.1;
option domain-name-servers 68.168.192.5, 68.168.192.2;
}
===================================
# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").

# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.123.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
======================================

musicman_ace 02-20-2005 03:49 AM

Wild guess. Since you say that you don't have ANY iptables rules, without NAT'ing your ISP will kill packets coming from 192.168.x.x

egag 02-20-2005 05:35 AM

can you ping ip-adresses from the win-machines
Like " #ping 64.179.4.149 " ? ( that's the LQ. ip ).

...and those dns-adresses are the same as in /etc/resolv.conf....?

egag

meesterexx 02-20-2005 10:53 AM

The ip addresses are the same as resolve conf. No, I can't ping ip's (from win box) outside the lan. I can ping eth1, but not eth0, the dns servers at the isp, or anything else.

I'll try some basic NATing tonight & see if the isp is killing it, but the requests would have to go through eth0 to get to the cable modem, which should give it the ip address of eth0... I would think.

egag 02-20-2005 11:11 AM

maybe try to run this from the command-line :

--------
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.123.0/24 -j MASQUERADE
--------

worked for me.
i put it in rc.local.

egag

meesterexx 02-21-2005 08:11 PM

@egag:
Thank you, thank you, thank you!
What you said worked. I can't tell you how many sites I've looked at and this is the first one to mention that specific syntax.
Thank you again. I was about to give up on slack as a router and go to ipcop or something.. ;)

egag 02-22-2005 07:49 PM

ok...nice all works.
but i think, if you've got a firewall running on your server, with this rule
you don't protect the pc's behind it.

....i still have to do some reading about ip-tables ( looks difficult but it's easy " they " say )

egag

meesterexx 02-25-2005 09:52 PM

yes, I understand this offers no protection. I was just trying to get the router part working. I can go back now & tweak the security by adding the rest of the iptables commands...
thanks again!

/y0shi 02-26-2008 09:04 AM

I can really recommend http://www.slackware.com/~alien/efg/ the Easy Firewall Generator for IPTables.

One might say you will not learn if you not do it yourself, but hey you can have a look at the rc.firewall - it's a text file *lol*

y0shi

agentc0re 02-27-2008 08:46 AM

I thought that i'd also pipe in and give some suggestions. :)
y0shi's is probably by far the best. you still use slack and even though the script does it for you, you can still learn from it. A good addition to that script would be Webmin. It gives you a gui interface to iptables which might be easier on the eyes while trying to learn. It was for me.

Another would be using Untangle. I've used a few of these firewall distro's and Untangle beats the out by far. Mainly because it includes a lot of addon's (that you can choose to install or not) that the others don't include and rely on the community to build and patch them. On top of that, sometimes you will have issues with some addon's not liking the other and it breaking your system.

Another suggestion would be shorewall. it's simple and a lot of these firewall distro's are based on it. using it with webmin would also be a good choice. :)

Hope some of this helps instead of throwing your mind into an indecisive state. :P


All times are GMT -5. The time now is 09:36 AM.