Hello, here it's the problem that i have:

I have set up a small network between 2 comps.
Comp A has eth0, eth1. It connects to the Internet through eth0 with pppoe.
Comp B has eth0 interface.

Comp A and comp B are connected like this: A(192.168.0.1 - eth1) <-> B(192.168.0.2 - eth0).

The problem is that i want to be able to access the Internet from B through A, acting as a router. I don't know how to set the routing tables to obtain this task. I noticed that in order to act as a router, the comp A needs to run the file /etc/rc.d/rc.ip_forward (make it exe, chmod 755). I have done this and tried, but still didn't work.

I have also edited /etc/rc.d/rc.inet1.conf on both comps to set the network like above, permanently. Besides IPADDR and NETMASK fields, on both computers, i have also set GATEWAY="192.168.0.1" on comp B.

Please help me configure them it to make them work like desired. Thanks.

would be better if you could show the routing table and other related info...

Ok, i'll try to do this, but it takes a little longer, to set up Samba or NFS first...

ok, i tried to set up nfs on both comps but it seems that due to different versions (Slackware 13.37 on A and 12.2 on B) it doesn't work. So, i need to list the files on B manually.

Here it's the result of ifconfig on A:

eth0 Link encap:Ethernet HWaddr 00:18:F3:B1:6C:EB
inet6 addr: fe80::218:f3ff:feb1:6ceb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67984 errors:0 dropped:0 overruns:0 frame:0
TX packets:44530 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:91608737 (87.3 Mb) TX bytes:4130665 (3.9 Mb)
Interrupt:19

eth1 Link encap:Ethernet HWaddr 00:18:F3:B1:4B:F7
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:f3ff:feb1:4bf7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:104 errors:0 dropped:0 overruns:0 frame:0
TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8469 (8.2 Kb) TX bytes:9222 (9.0 Kb)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:138 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12332 (12.0 Kb) TX bytes:12332 (12.0 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:188.25.104.241 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:65097 errors:0 dropped:0 overruns:0 frame:0
TX packets:42938 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:89778894 (85.6 Mb) TX bytes:3137896 (2.9 Mb)

And here they are on B:

eth0 Link encap:Ethernet HWaddr 00:50:bf:b4:ef:63
inet addr: 192.168.0.2 Bcast: 192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:bfff:feb4:ef63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3432 (3.3 KiB) TX bytes:2754 (2.6 KiB)
Interrupt:10 Base address:0x8000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)


Command route on A:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default * 0.0.0.0 U 0 0 0 ppp0


Command 'route -n' on B: (-n because it showed the name for 192.168.0.1 gateway, added by me i think when i was trying to fix it)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 1 0 0 eth0


So this is the main info i think...

Remember to enable ipforwarding in /etc/sysctl.conf

Quick link for more information: http://www.go2linux.org/linux/2011/0...ian-fedora-895

1 members found this post helpful.

Ok, I have finally managed to set things right, thanks to some useful info from searching the net. Here is how:

#Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel

As you can see, it has to do with NAT: enabling it. I recommend creating a script and running it at each boot from /etc/rc.d/rc.local

1 members found this post helpful.

Here is a cool addon if you like ssh tunnels: will need autossh from slackbuilds and some private keys setup

ricky_cardo, would you please describe human readable, what autossh command does? Thanks.

/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 xxx.xxx.xxx.xxx /bin/true

autossh is a wrapper to monitor ssh and restart it, if it terminates: (although ssh now includes some of these functions)
http://www.harding.motd.ca/autossh/


-M 0 (-M 0 will turn the monitoring off, and autossh will only restart ssh on ssh exit.)
Decided to turn this off, now that the ServerAliveInterval 60 is actually an option in openssh

---Both -o options are from openssh, as is the -fw option.

-o "ServerAliveInterval 60" = see below

-o "ServerAliveCountMax 3" = see below


-fw = background and make a tunnel (format 0:0 for tun0 and tun0 on the local and remote machines)

xxx.xxx.xxx.xxx = remote machine for tunnel. (best results with ssh-keys set up)

the /bin/true at the end I am not 100% clear why I needed that...


****What you get is two new interfaces, tun0 and tun0. One on the local machine and one remote.
I was using to make a secure tunnel and make a remote machine react like inside network.
---These days I guess you do not even really need the "autossh" I was using it before I knew openssh had these options.
---There may be a better use of autossh I am not doing ...


BELOW:

ServerAliveCountMax
Sets the number of server alive messages (see below) which may be
sent without ssh(1) receiving any messages back from the server.
If this threshold is reached while server alive messages are
being sent, ssh will disconnect from the server, terminating the
session. It is important to note that the use of server alive
messages is very different from TCPKeepAlive (below). The server
alive messages are sent through the encrypted channel and
therefore will not be spoofable. The TCP keepalive option
enabled by TCPKeepAlive is spoofable. The server alive mechanism
is valuable when the client or server depend on knowing when a
connection has become inactive.

The default value is 3. If, for example, ServerAliveInterval
(see below) is set to 15 and ServerAliveCountMax is left at the
default, if the server becomes unresponsive, ssh will disconnect
after approximately 45 seconds. This option applies to protocol
version 2 only.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has
been received from the server, ssh(1) will send a message through
the encrypted channel to request a response from the server. The
default is 0, indicating that these messages will not be sent to
the server. This option applies to protocol version 2 only.

1 members found this post helpful.

So i guess that 192.168.5.2 and 192.168.5.1 (see your first message) are for the remote and the local machine, or viceversa, right?

Actually, there is a better way, i think. Creating /etc/rc.d/rc.firewall (cd /etc/rc.d; touch rc.firewall) and putting all the above script lines in it. Then making it executable: chmod 755 rc.firewall