LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-20-2012, 02:56 PM   #1
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Rep: Reputation: 2
Two computers connected directly, one us router for the other - problem config


Hello, here it's the problem that i have:

I have set up a small network between 2 comps.
Comp A has eth0, eth1. It connects to the Internet through eth0 with pppoe.
Comp B has eth0 interface.

Comp A and comp B are connected like this: A(192.168.0.1 - eth1) <-> B(192.168.0.2 - eth0).

The problem is that i want to be able to access the Internet from B through A, acting as a router. I don't know how to set the routing tables to obtain this task. I noticed that in order to act as a router, the comp A needs to run the file /etc/rc.d/rc.ip_forward (make it exe, chmod 755). I have done this and tried, but still didn't work.

I have also edited /etc/rc.d/rc.inet1.conf on both comps to set the network like above, permanently. Besides IPADDR and NETMASK fields, on both computers, i have also set GATEWAY="192.168.0.1" on comp B.

Please help me configure them it to make them work like desired. Thanks.
 
Old 06-20-2012, 03:12 PM   #2
pan64
Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 5,142

Rep: Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363
would be better if you could show the routing table and other related info...
 
Old 06-20-2012, 03:29 PM   #3
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
Ok, i'll try to do this, but it takes a little longer, to set up Samba or NFS first...
 
Old 06-20-2012, 04:58 PM   #4
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
ok, i tried to set up nfs on both comps but it seems that due to different versions (Slackware 13.37 on A and 12.2 on B) it doesn't work. So, i need to list the files on B manually.

Here it's the result of ifconfig on A:

eth0 Link encap:Ethernet HWaddr 00:18:F3:B1:6C:EB
inet6 addr: fe80::218:f3ff:feb1:6ceb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67984 errors:0 dropped:0 overruns:0 frame:0
TX packets:44530 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:91608737 (87.3 Mb) TX bytes:4130665 (3.9 Mb)
Interrupt:19

eth1 Link encap:Ethernet HWaddr 00:18:F3:B1:4B:F7
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:f3ff:feb1:4bf7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:104 errors:0 dropped:0 overruns:0 frame:0
TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8469 (8.2 Kb) TX bytes:9222 (9.0 Kb)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:138 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12332 (12.0 Kb) TX bytes:12332 (12.0 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:188.25.104.241 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:65097 errors:0 dropped:0 overruns:0 frame:0
TX packets:42938 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:89778894 (85.6 Mb) TX bytes:3137896 (2.9 Mb)

And here they are on B:

eth0 Link encap:Ethernet HWaddr 00:50:bf:b4:ef:63
inet addr: 192.168.0.2 Bcast: 192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:bfff:feb4:ef63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3432 (3.3 KiB) TX bytes:2754 (2.6 KiB)
Interrupt:10 Base address:0x8000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)


Command route on A:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default * 0.0.0.0 U 0 0 0 ppp0


Command 'route -n' on B: (-n because it showed the name for 192.168.0.1 gateway, added by me i think when i was trying to fix it)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 1 0 0 eth0


So this is the main info i think...

Last edited by mitusf; 06-20-2012 at 05:00 PM.
 
Old 06-20-2012, 05:12 PM   #5
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,410
Blog Entries: 1

Rep: Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115
Remember to enable ipforwarding in /etc/sysctl.conf

Quick link for more information: http://www.go2linux.org/linux/2011/0...ian-fedora-895
 
1 members found this post helpful.
Old 06-21-2012, 04:08 PM   #6
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
Ok, I have finally managed to set things right, thanks to some useful info from searching the net. Here is how:

#Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel

As you can see, it has to do with NAT: enabling it. I recommend creating a script and running it at each boot from /etc/rc.d/rc.local
 
1 members found this post helpful.
Old 06-24-2012, 05:42 PM   #7
ricky_cardo
Member
 
Registered: Feb 2006
Location: Syracuse, NY
Distribution: Slackware 14.1x86_64 and Current
Posts: 30

Rep: Reputation: 5
Here is a cool addon if you like ssh tunnels: will need autossh from slackbuilds and some private keys setup

Code:
#load-module
/usr/bin/sudo /sbin/modprobe tun
#load remote module
/usr/bin/ssh xxx.xxx.xxx.xxx "/usr/bin/sudo /sbin/modprobe tun"
sleep 1

/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 xxx.xxx.xxx.xxx /bin/true
/bin/sleep 4
/usr/bin/ssh xxx.xxx.xxx.xxx "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3"
/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3
/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

/usr/bin/ssh xxx.xxx.xxx.xxx "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
/usr/bin/ssh xxx.xxx.xxx.xxx "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
/usr/bin/ssh xxx.xxx.xxx.xxx "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"

#####/etc/ sysctl.conf
##### put this line in there "net.ipv4.ip_forward=1"
#######or
########1 time loose on reboot
####echo "1" > /proc/sys/net/ipv4/ip_forward
 
Old 06-25-2012, 04:56 PM   #8
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
ricky_cardo, would you please describe human readable, what autossh command does? Thanks.
 
Old 06-25-2012, 07:32 PM   #9
ricky_cardo
Member
 
Registered: Feb 2006
Location: Syracuse, NY
Distribution: Slackware 14.1x86_64 and Current
Posts: 30

Rep: Reputation: 5
/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 xxx.xxx.xxx.xxx /bin/true

autossh is a wrapper to monitor ssh and restart it, if it terminates: (although ssh now includes some of these functions)
http://www.harding.motd.ca/autossh/


-M 0 (-M 0 will turn the monitoring off, and autossh will only restart ssh on ssh exit.)
Decided to turn this off, now that the ServerAliveInterval 60 is actually an option in openssh

---Both -o options are from openssh, as is the -fw option.

-o "ServerAliveInterval 60" = see below

-o "ServerAliveCountMax 3" = see below


-fw = background and make a tunnel (format 0:0 for tun0 and tun0 on the local and remote machines)

xxx.xxx.xxx.xxx = remote machine for tunnel. (best results with ssh-keys set up)

the /bin/true at the end I am not 100% clear why I needed that...


****What you get is two new interfaces, tun0 and tun0. One on the local machine and one remote.
I was using to make a secure tunnel and make a remote machine react like inside network.
---These days I guess you do not even really need the "autossh" I was using it before I knew openssh had these options.
---There may be a better use of autossh I am not doing ...


BELOW:

ServerAliveCountMax
Sets the number of server alive messages (see below) which may be
sent without ssh(1) receiving any messages back from the server.
If this threshold is reached while server alive messages are
being sent, ssh will disconnect from the server, terminating the
session. It is important to note that the use of server alive
messages is very different from TCPKeepAlive (below). The server
alive messages are sent through the encrypted channel and
therefore will not be spoofable. The TCP keepalive option
enabled by TCPKeepAlive is spoofable. The server alive mechanism
is valuable when the client or server depend on knowing when a
connection has become inactive.

The default value is 3. If, for example, ServerAliveInterval
(see below) is set to 15 and ServerAliveCountMax is left at the
default, if the server becomes unresponsive, ssh will disconnect
after approximately 45 seconds. This option applies to protocol
version 2 only.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has
been received from the server, ssh(1) will send a message through
the encrypted channel to request a response from the server. The
default is 0, indicating that these messages will not be sent to
the server. This option applies to protocol version 2 only.
 
1 members found this post helpful.
Old 06-26-2012, 02:59 PM   #10
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
So i guess that 192.168.5.2 and 192.168.5.1 (see your first message) are for the remote and the local machine, or viceversa, right?
 
Old 06-27-2012, 02:49 PM   #11
mitusf
Member
 
Registered: Nov 2011
Location: Bucharest, Romania
Distribution: Slackware
Posts: 141

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by mitusf View Post
Ok, I have finally managed to set things right, thanks to some useful info from searching the net. Here is how:

#Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel

As you can see, it has to do with NAT: enabling it. I recommend creating a script and running it at each boot from /etc/rc.d/rc.local
Actually, there is a better way, i think. Creating /etc/rc.d/rc.firewall (cd /etc/rc.d; touch rc.firewall) and putting all the above script lines in it. Then making it executable: chmod 755 rc.firewall

Last edited by mitusf; 06-27-2012 at 02:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can i use nmap to scan a router to view the computers connected to it baronobeefdip Linux - Networking 5 11-20-2011 06:08 AM
DDwrt/OpenVPN, vpn works on router, not for computers connected Nadine88 Linux - Newbie 0 08-11-2011 05:04 AM
How to directly connect 2 computers - No router, no DHCP? GuyWhoKilledBear Linux - Networking 2 08-07-2009 01:41 PM
is it possible for 2 computers behind a router to talk directly or do i need vpn solusrex Linux - Networking 35 08-19-2006 05:44 AM
NEC Superscript 1800N connected directly to the router wapworld Linux - Hardware 0 06-15-2005 10:54 PM


All times are GMT -5. The time now is 10:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration