LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 05-04-2004, 06:15 PM   #1
Velocide
LQ Newbie
 
Registered: Jan 2003
Location: Malaysia
Distribution: Mandrake 10 & Fedora Core 1
Posts: 27

Rep: Reputation: 15
Fedora as server + win2k


Hi guys,

I've got this problem which i spent the whole day tryin to fix it,but i still cant fix it.I've got 2 pc's in my house and now i've installed one with Fedora core 1,and my other pc has windows2000.I dont have any hub here so i had 2 different brands network card in the linux.I had the Fedora running well and connected to the internet.i'm tryin to get the Fedora work as a router/firewall.my problems is win2k wont connect to the internet.
Here's a list of things i've done:


- setup eth0 on linux for DSL connection (used DHCP - and got it running)
- setup eth1 on linux as 192.168.1.1 (this goes to win2k - peer to peer)
- win2k sets gateway= 192.168.1.1 , sets own ip as 192.168.1.2
- tried pinging both pc from linux and windows and both has replies.
Ping to 192.168.1.1 (from win2k and works)
Ping to 192.168.1.2 (from linux and works)

Anyone tried this situation before,if i still cant get it to work.. i guess i'll have to use Mandrake 10 instead.
 
Old 05-04-2004, 06:20 PM   #2
Velocide
LQ Newbie
 
Registered: Jan 2003
Location: Malaysia
Distribution: Mandrake 10 & Fedora Core 1
Posts: 27

Original Poster
Rep: Reputation: 15
oh yea.. i forgot to mentioned..i've checked the firewall settings,allowed
connections for eth0 and eth1.I also tried SSH to 192.168.1.1 from win2k and it works.
 
Old 05-05-2004, 06:07 PM   #3
shmude
Member
 
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83

Rep: Reputation: 15
Can you ping past the linux router? Try to ping 216.239.37.99 (thats google's ip address). If that works then try it by name (google.com). It looks like you didn't consider DNS in your setup. You can setup your linux box as a DNS cache or you can point the dns to your ISP's. More details on your problem will help fix it.

Another thing. Did you enable IP forwarding?
 
Old 06-11-2004, 12:37 PM   #4
philverb
LQ Newbie
 
Registered: Jul 2003
Posts: 15

Rep: Reputation: 0
Me too! I think I need tips on the Quagga suite, though.

I have a strong interest in the progress of this thread.

I'm using Fedora Core 1 with
* two ethernet cards and
* one Airlink USB wireless card
since my Linksys 802.11b wireless router died when I plugged in the wrong AC adapter (yikes!).

I just discovered the Quagga bundle of IP routing software already installed on the box, and have found the documentation to be a little abstruse. So, I'm looking for a friendlier HOWTO, if anyone can help.

I haven't yet seen anything in the zebra.conf file to set the interface (ethN) for routing.

It is not especially clear to me in the Quagga docs when they speak of "commands" to the daemons, whether they're referring to parameters passed upon initialization or if there's some specialized shell for any of these.

I would love to hear about a GUI designed for quick and dirty work, if anyone's yet found one!
 
Old 06-11-2004, 02:40 PM   #5
onnyloh
Member
 
Registered: Nov 2002
Posts: 57

Rep: Reputation: 15
i'm current using the same method as you.
got 2 solutions. easy to hard.
sorry for your poor english(i'm trying my best).
1) bridging(since you using dhcp, it is the best and easiest ways)
put the following block in your /etc/yum.conf
###begin line###
[core]
name=Fedora Linux $releasever - $basearch - core
baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/core

[updates]
name=Fedora Linux $releasever - $basearch - updates
baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/updates

[freshrpms]
name=Fedora Linux $releasever - $basearch - freshrpms
baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms
###end line###
install bridge-utils
`yum install bridge-utils`
switch off your eth* and create a bridging between them.
`ifconfig eth0 down`
`ifconfig eth1 down`
create bridge
`/sbin/brctl addbr eth2`
`/sbin/brctl addif eth0 eth1`
bring up both eth0 and eth1 with ip 0.0.0.0.
bridging does not require any real ip.
`ifconfig eth0 0.0.0.0 up`
`ifconfig eth1 0.0.0.0 up`
wait for 30s to let bridge to work, don't ask me why.
bring up your eth2(brigde) with your internet ip
`dhclient eth2`
note: your win2k client should be configure to use dhcp method to reigister their ip.
disadvantages: some network, e.g my lan, upgrade their service and disallow bridging or when multiple MAC address found. In this case, look for 2nd method. ip forwarding.

2) ip forwarding.
remember that you are required to bring up ethernet in normal i.e the way you bring up eth0: dhcp eth1: 192.168.1.2, win2k: 192.168.1.1
i'm hope that you can set your netmask to 255.255.255.0(i'm not sure this is reduntant or not)
copy your the following block to /etc/rc.d/rc.firewall-2.4 and make sure to set executable(chmod +x)
###begin line###
#!/bin/sh
#
# rc.firewall-2.4
FWVER=0.75
#
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
#
#
#
# Log:
# 0.75 - Added more kernel modules to the comments section
# 0.74 - the ruleset now uses modprobe vs. insmod
# 0.73 - REJECT is not a legal policy yet; back to DROP
# 0.72 - Changed the default block behavior to REJECT not DROP
# 0.71 - Added clarification that PPPoE users need to use
# "ppp0" instead of "eth0" for their external interface
# 0.70 - Added commented option for IRC nat module
# - Added additional use of environment variables
# - Added additional formatting
# 0.63 - Added support for the IRC IPTABLES module
# 0.62 - Fixed a typo on the MASQ enable line that used eth0
# instead of $EXTIF
# 0.61 - Changed the firewall to use variables for the internal
# and external interfaces.
# 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
# all forwarded packets but it didn't have a rule to ACCEPT
# any packets to be forwarded either
# - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
# 0.50 - Initial draft
#

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"


# The location of the iptables and kernel module programs
#
# If your Linux distribution came with a copy of iptables,
# most likely all the programs will be located in /sbin. If
# you manually compiled iptables, the default location will
# be in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


#Setting the EXTERNAL and INTERNAL interfaces for the network
#
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the natting will occur and the internal network
# should preferably be addressed with a RFC1918 private address
# scheme.
#
# For this example, "eth0" is external and "eth1" is internal"
#
#
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
#
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"


#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==


echo -en " loading modules: "

# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO shows ALL IPTABLES
# options as MODULES. If your kernel is compiled correctly, there is
# NO need to load the kernel modules manually.
#
# NOTE: The following items are listed ONLY for informational reasons.
# There is no reason to manual load these modules unless your
# kernel is either mis-configured or you intentionally disabled
# the kernel module autoloader.
#

# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded:
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
# ===============================================================

echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated


#Load the stateful connection tracking framework - "ip_conntrack"
#
# The conntrack module in itself does nothing without other specific
# conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
# module
#
# - This module is loaded automatically when MASQ functionality is
# enabled
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc


#Load the general IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp


#Loads the IRC NAT functionality into the core IPTABLES code
# Required to support NAT of IRC DCC requests
#
# Disabled by default -- remove the "#" on the next line to activate
#
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"

# Just to be complete, here is a partial list of some of the other
# IPTABLES kernel modules and their function. Please note that most
# of these modules (the ipt ones) are automatically loaded by the
# master kernel module for proper operation and don't need to be
# manually loaded.
# --------------------------------------------------------------------
#
# ip_nat_snmp_basic - this module allows for proper NATing of some
# SNMP traffic
#
# iptable_mangle - this target allows for packets to be
# manipulated for things like the TCPMSS
# option, etc.
#
# --
#
# ipt_mark - this target marks a given packet for future action.
# This automatically loads the ipt_MARK module
#
# ipt_tcpmss - this target allows to manipulate the TCP MSS
# option for braindead remote firewalls.
# This automatically loads the ipt_TCPMSS module
#
# ipt_limit - this target allows for packets to be limited to
# to many hits per sec/min/hr
#
# ipt_multiport - this match allows for targets within a range
# of port numbers vs. listing each port individually
#
# ipt_state - this match allows to catch packets with various
# IP and TCP flags set/unset
#
# ipt_unclean - this match allows to catch packets that have invalid
# IP/TCP flags set
#
# iptable_filter - this module allows for packets to be DROPped,
# REJECTed, or LOGged. This module automatically
# loads the following modules:
#
# ipt_LOG - this target allows for packets to be
# logged
#
# ipt_REJECT - this target DROPs the packet and returns
# a configurable ICMP packet back to the
# sender.
#

echo -e " Done loading modules.\n"



#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#


#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nrc.firewall-2.4 v$FWVER done.\n"
###end line###
your may think that the 2.4 is for kernel 2.4. But it is tested worked with kernel-2.6
try to edit your rc.firewall-2.4 to suit your distro
field need to be edit e.g IPTABLES DEPMOD MODPROBE EXTIF INTIF.

startup file for ip forwarding.
copy following block to /etc/init.d/firewall-2.4 and for sure in executable
###begin line###
#!/bin/sh
#
# chkconfig: 2345 11 89
#
# description: Loads the rc.firewall-2.4 ruleset.
#
# processname: firewall-2.4
# pidfile: /var/run/firewall.pid
# config: /etc/rc.d/rc.firewall-2.4
# probe: true

# ----------------------------------------------------------------------------
# v05/24/03
#
# Part of the copyrighted and trademarked TrinityOS document.
# http://www.ecst.csuchico.edu/~dranch
#
# Written and Maintained by David A. Ranch
# dranch@trinnet.net
#
# Updates
# -------
# 05/24/03 - removed a old networking up check that had some
# improper SGML ampersand conversions.
# ----------------------------------------------------------------------------


# Source function library.
. /etc/rc.d/init.d/functions

# Check that networking is up.

[ "XXXX${NETWORKING}" = "XXXXno" ] && exit 0

[ -x /sbin/ifconfig ] || exit 0

# The location of various iptables and other shell programs
#
# If your Linux distribution came with a copy of iptables, most
# likely it is located in /sbin. If you manually compiled
# iptables, the default location is in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPTABLES=/usr/local/sbin/iptables


# See how we were called.
case "$1" in
start)
/etc/rc.d/rc.firewall-2.4
;;

stop)
echo -e "\nFlushing firewall and setting default policies to DROP\n"
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat

# Delete all User-specified chains
$IPTABLES -X
#
# Reset all IPTABLES counters
$IPTABLES -Z
;;

restart)
$0 stop
$0 start
;;

status)
$IPTABLES -L
;;

mlist)
cat /proc/net/ip_conntrack
;;

*)
echo "Usage: firewall-2.4 {start|stop|status|mlist}"
exit 1
esac

exit 0
###end line###
add firewall-2.4 to service
`chkconfig --level=2345 firewall-2.4 on`
start service
`service firewall-2.4 start`
disadvantage: your client system can not act as server, it can do client work only.
best regards.

Last edited by onnyloh; 06-11-2004 at 02:47 PM.
 
Old 06-28-2004, 09:41 AM   #6
gryzli
LQ Newbie
 
Registered: Jun 2004
Location: Bulgaria
Distribution: Fedora core 2.0
Posts: 7

Rep: Reputation: 0
hi guys,
I have the same trouble with my fedora core 2 and win2k.Few days before,i found and tried the examle of firewall above,but it doesn't work.I tried with
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQERADE
but there is none effect..
I hope someone can help...
 
Old 06-28-2004, 03:14 PM   #7
onnyloh
Member
 
Registered: Nov 2002
Posts: 57

Rep: Reputation: 15
maybe u had miss up sth.

pls send me some output from the following command:
linux:
ifconfig
iptables -L
lsmod

windows:
ipconfig /all
 
Old 06-30-2004, 11:45 AM   #8
gryzli
LQ Newbie
 
Registered: Jun 2004
Location: Bulgaria
Distribution: Fedora core 2.0
Posts: 7

Rep: Reputation: 0
The ifconfig output is :
eth0 Link encap:Ethernet HWaddr 00:40:F4:43:45:0F
inet addr:192.168.101.51 Bcast:192.168.101.255 Mask:255.255.255.0
inet6 addr: fe80::240:f4ff:fe43:450f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2949 errors:0 dropped:0 overruns:0 frame:0
TX packets:481 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:422471 (412.5 Kb) TX bytes:49323 (48.1 Kb)
Interrupt:11 Base address:0xb000

eth1 Link encap:Ethernet HWaddr 00:C0:26:79:45:5B
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:26ff:fe79:455b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2053 (2.0 Kb) TX bytes:874 (874.0 b)
Interrupt:12 Base address:0xb400


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1908 errors:0 dropped:0 overruns:0 frame:0
TX packets:1908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1801196 (1.7 Mb) TX bytes:1801196 (1.7 Mb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.104.28 P-t-P:192.168.102.106 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:257 errors:0 dropped:0 overruns:0 frame:0
TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:98347 (96.0 Kb) TX bytes:32667 (31.9 Kb)

Iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

lsmod output:
Module Size Used by
nls_utf8 1536 10
nls_cp437 5376 10
vfat 10496 10
fat 33472 1 vfat
appletalk 24756 2
ipx 20012 2
p8022 1664 1 ipx
psnap 2564 2 appletalk,ipx
llc 4884 2 p8022,psnap
snd_mixer_oss 13824 0
snd_intel8x0 26280 2
snd_ac97_codec 50436 1 snd_intel8x0
snd_pcm 68872 2 snd_intel8x0
snd_timer 17156 1 snd_pcm
snd_page_alloc 7940 2 snd_intel8x0,snd_pcm
gameport 3328 1 snd_intel8x0
snd_mpu401_uart 4864 1 snd_intel8x0
snd_rawmidi 17184 1 snd_mpu401_uart
snd_seq_device 6152 1 snd_rawmidi
snd 38372 11 snd_mixer_oss,snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_devi ce
soundcore 6112 1 snd
ppp_deflate 4096 1
zlib_deflate 19480 1 ppp_deflate
ppp_async 8064 1
ppp_generic 20500 6 ppp_deflate,ppp_async
slhc 5632 1 ppp_generic
binfmt_misc 7176 1
autofs4 10624 0
sunrpc 101064 1
8139too 17792 0
mii 3584 1 8139too
ipt_REJECT 4736 1
ipt_state 1536 4
ip_conntrack 24968 1 ipt_state
iptable_filter 2048 1
ip_tables 13440 3 ipt_REJECT,ipt_state,iptable_filter
microcode 4768 0
dm_mod 33184 0
joydev 6976 0
uhci_hcd 23708 0
ehci_hcd 21896 0
button 4504 0
battery 6924 0
asus_acpi 8472 0
ac 3340 0
radeon 92464 2
ipv6 184288 6
ext3 102376 1
jbd 40216 1 ext3

Windows ipconfig /all output :
Windows IP Configuration



Host Name . . . . . . . . . . . . : darkstar

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-40-F4-3B-5F-F9

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

That's all,i hope that will help ...and sorry for late!!!
 
Old 06-30-2004, 12:18 PM   #9
onnyloh
Member
 
Registered: Nov 2002
Posts: 57

Rep: Reputation: 15
if you had successfully execute the script above.
lsmod output should contain the following modules

ip_tables
ip_conntrack
ip_conntrack_ftp
iptable_nat
ip_nat_ftp

make sure you are done correctly.
 
Old 07-13-2004, 12:08 PM   #10
mst700
Member
 
Registered: Jun 2004
Location: Ascension Island SAO
Distribution: FC2 2.6.8 Kernel, FreeBSD Unix, Gentoo 2004-2, WinXP SP2
Posts: 46

Rep: Reputation: 15
Talking I hope this helps

Just a small statement, did you use cross over ethernet cables (Cat-5e) to make the connection between the win-2k and the linux box?

mst700


http://yoda.uvi.edu/InfoTech/rj45.htm

Last edited by mst700; 07-13-2004 at 12:23 PM.
 
Old 12-09-2004, 03:36 AM   #11
clarkus978
LQ Newbie
 
Registered: Jul 2004
Location: Houston, TX
Distribution: Fedora 15
Posts: 8

Rep: Reputation: 0
Unhappy Well this is Interesting

Im having the same problem and well I posed all my info at another site http://fedoraforum.org/forum/showthr...=1#post138957. Anyways I have looked at this these posts and they have really helped me, but Im still having problems. I can ping the both NICs on my FC3 box, but I can't ping the router. Any ideas? Thanks
 
Old 12-10-2004, 06:00 AM   #12
onnyloh
Member
 
Registered: Nov 2002
Posts: 57

Rep: Reputation: 15
That is fine, ping won't work on a client machine
 
Old 12-11-2004, 02:22 AM   #13
clarkus978
LQ Newbie
 
Registered: Jul 2004
Location: Houston, TX
Distribution: Fedora 15
Posts: 8

Rep: Reputation: 0
Oh ok well Im still having trouble esablishing an internet connection . Any ideas why Im unable to esablish a connection?
 
Old 12-11-2004, 08:39 AM   #14
onnyloh
Member
 
Registered: Nov 2002
Posts: 57

Rep: Reputation: 15
I still don't know why your machine work weirdly.

Anyway I just follow document at www.linux.org and it work straigth forward.

My machine is Fedora Core 3(I've help my friend to setup on debian, fc1, fc2, redhat9, gentoo)

As long as your are using kernel >2.4, I'm quite confident to sure that it is work. Maybe is my fault of explanation.

You may try the original website I tried.

Here are the documents, and I hope it will help you.

http://www.linux.org/docs/ldp/howto/...FIREWALL-2.4.X

try the section 3.4.1 method 1st as that is the easiest one.
Remember that, once you do make changes on server, you need to renew your client ip(forget this if your aren't using dhcp)
All the best for you
 
Old 12-13-2004, 01:18 AM   #15
clarkus978
LQ Newbie
 
Registered: Jul 2004
Location: Houston, TX
Distribution: Fedora 15
Posts: 8

Rep: Reputation: 0
Talking

I just got everything working. This is how I configured it...on my windows PC I have the following :
IP:192.168.1.2
Subnet:255.255.255.0
Gateway:192.168.1.1 (IP of eth1)
DNS: (Use the DNS ip leased out from your cable modem/DSL)

Linux PC
Eth1 to windows PC
IP:192.168.1.1
Subnet:255.255.255.0
Gateway: 192.168.0.1 (IP of router)

Eth0 to router
IP:192.168.0.2
Subnet:255.255.255.0
Gateway:192.168.0.1

Under the route tab I have nothing for both.

I added 'echo "1" > /proc/sys/net/ipv4/ip_forward' to the /etc/rc.d/rc.local to ensure that IP forwarding is enabled.

then I went to up2date and got the latest uptade for iptables

then in a terminal type 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' only if eth0 is the NIC card connected to the internet.

to add packet filtering type 'iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP'
'iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP'
'service iptables save'
then restart your network and it should work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
is there a way to make a local linux server the time stamp server for win2k? Lleb_KCir Linux - General 2 09-19-2005 07:05 PM
Fedora and win2k shane200_ Linux - Networking 0 01-04-2005 03:48 PM
Win2k Advanced Server 2 Fedora Core 1 lil_ak Linux - Networking 6 06-20-2004 10:07 PM
SuSE 9, Samba server and Win2k server domain koskoboy Linux - Networking 3 12-11-2003 06:32 AM
so is a web server running Linux without X 4x faster than win2k server? Mr. Mojo Risin General 3 09-02-2003 07:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 03:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration