LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 02-19-2005, 11:48 PM   #1
meesterexx
LQ Newbie
 
Registered: Sep 2003
Posts: 5

Rep: Reputation: 0
slackware router config problem


I'm trying to setup a slackware box as a simple home router. The problem I am having is that eth0 (wan) sees the internet(cable modem) fine and eth1(lan) is serving dhcp to my windows boxes fine but the windows boxes (lan-eth1) can't see the internet (wan-eth0). Ipforwarding is enabled (rc.ip_forward is executing at startup) and I have not yet set up any firewall rules. I was waiting to get the router working before securing the lan side. I'm sure I'm missing something simple, but several hours of googling has revealed nothing. The problem seems to be that eth1 (lan) is not forwarding requests to eth0 (wan). Ipconfig /all on windows box reveals all information including gateway and dns servers is being passed correctly.
Any ideas would be appreciated...
below is some relevant information:
===================================
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#
default-lease-time 86400;
max-lease-time 604800;
ddns-update-style none;

subnet 192.168.123.0 netmask 255.255.255.0 {
range 192.168.123.10 192.168.123.20;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.123.255;
option routers 192.168.123.1;
option domain-name-servers 68.168.192.5, 68.168.192.2;
}
===================================
# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").

# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.123.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
======================================
 
Old 02-20-2005, 03:49 AM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
Wild guess. Since you say that you don't have ANY iptables rules, without NAT'ing your ISP will kill packets coming from 192.168.x.x
 
Old 02-20-2005, 05:35 AM   #3
egag
Senior Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: Slackware
Posts: 2,721

Rep: Reputation: 52
can you ping ip-adresses from the win-machines
Like " #ping 64.179.4.149 " ? ( that's the LQ. ip ).

...and those dns-adresses are the same as in /etc/resolv.conf....?

egag

Last edited by egag; 02-20-2005 at 11:07 AM.
 
Old 02-20-2005, 10:53 AM   #4
meesterexx
LQ Newbie
 
Registered: Sep 2003
Posts: 5

Original Poster
Rep: Reputation: 0
The ip addresses are the same as resolve conf. No, I can't ping ip's (from win box) outside the lan. I can ping eth1, but not eth0, the dns servers at the isp, or anything else.

I'll try some basic NATing tonight & see if the isp is killing it, but the requests would have to go through eth0 to get to the cable modem, which should give it the ip address of eth0... I would think.

Last edited by meesterexx; 02-20-2005 at 10:56 AM.
 
Old 02-20-2005, 11:11 AM   #5
egag
Senior Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: Slackware
Posts: 2,721

Rep: Reputation: 52
maybe try to run this from the command-line :

--------
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.123.0/24 -j MASQUERADE
--------

worked for me.
i put it in rc.local.

egag
 
Old 02-21-2005, 08:11 PM   #6
meesterexx
LQ Newbie
 
Registered: Sep 2003
Posts: 5

Original Poster
Rep: Reputation: 0
@egag:
Thank you, thank you, thank you!
What you said worked. I can't tell you how many sites I've looked at and this is the first one to mention that specific syntax.
Thank you again. I was about to give up on slack as a router and go to ipcop or something..
 
Old 02-22-2005, 07:49 PM   #7
egag
Senior Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: Slackware
Posts: 2,721

Rep: Reputation: 52
ok...nice all works.
but i think, if you've got a firewall running on your server, with this rule
you don't protect the pc's behind it.

....i still have to do some reading about ip-tables ( looks difficult but it's easy " they " say )

egag
 
Old 02-25-2005, 09:52 PM   #8
meesterexx
LQ Newbie
 
Registered: Sep 2003
Posts: 5

Original Poster
Rep: Reputation: 0
yes, I understand this offers no protection. I was just trying to get the router part working. I can go back now & tweak the security by adding the rest of the iptables commands...
thanks again!
 
Old 02-26-2008, 09:04 AM   #9
/y0shi
Member
 
Registered: Jan 2006
Location: berlin, germany
Distribution: slackware 12.0
Posts: 58

Rep: Reputation: 15
I can really recommend http://www.slackware.com/~alien/efg/ the Easy Firewall Generator for IPTables.

One might say you will not learn if you not do it yourself, but hey you can have a look at the rc.firewall - it's a text file *lol*

y0shi
 
Old 02-27-2008, 08:46 AM   #10
agentc0re
Member
 
Registered: Apr 2007
Location: SLC, UTAH
Distribution: Slackware
Posts: 200

Rep: Reputation: 32
I thought that i'd also pipe in and give some suggestions.
y0shi's is probably by far the best. you still use slack and even though the script does it for you, you can still learn from it. A good addition to that script would be Webmin. It gives you a gui interface to iptables which might be easier on the eyes while trying to learn. It was for me.

Another would be using Untangle. I've used a few of these firewall distro's and Untangle beats the out by far. Mainly because it includes a lot of addon's (that you can choose to install or not) that the others don't include and rely on the community to build and patch them. On top of that, sometimes you will have issues with some addon's not liking the other and it breaking your system.

Another suggestion would be shorewall. it's simple and a lot of these firewall distro's are based on it. using it with webmin would also be a good choice.

Hope some of this helps instead of throwing your mind into an indecisive state. :P
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSE 9.3 ADSL/router config problem kaine Linux - Networking 11 11-12-2005 08:44 AM
router config problem jrfly Linux - Networking 1 10-30-2004 09:58 AM
router config tpark Linux - Networking 1 02-25-2004 04:46 PM
Slackware 2nd nic config problem NewbieUser Linux - Networking 3 02-17-2003 05:03 AM
Slackware 2nd nic config problem NewbieUser Linux - Networking 1 02-15-2003 01:03 PM


All times are GMT -5. The time now is 07:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration