LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   configuring a router without IP masq (https://www.linuxquestions.org/questions/linux-networking-3/configuring-a-router-without-ip-masq-4432/)

solinari 07-18-2001 08:39 AM
configuring a router without IP masq
 
I'm trying to build a router out of an old computer and redhat 7.1. I absolutely cannot use IP masq.

I have a block of real IP addresses to use in my lab. I want to connect these using ethernet to a hub, which will be connected to my redhat router. This router will be connected by token ring to the site LAN. My router can access the internet just fine and my lab clients can even ping my token ring card IP address, but they can not ping outside beyond that. I know there is a similar thread on the board already, but that one is leaning towards IP masq and, again, it is imperative that I do not use such a thing. The equipment is sensitive and gets messed up when we try that.

So, I'm not sure exactly where to begin. Originally I had thought I should use network configurator, go to the routing tab and add a new line. I made the device eth0. In the network address field, I put the network address of the lab/ethernet block of IPs. In the netmask field, i put the netmask of the lab/ethernet block of IPs. I'm not sure what should be the gateway, though. I tried to put the token ring card IP as the gateway but that did not work.

First of all, is Network Configurator even the place to set up the router? I also tried the route command.

Any help would be greatly appreciated! Just please don't mention IP masq. You have no idea how frustrating its been for me in my search for help, since that is all anyone seems to talk about! :-P

Oh yeah, I am beginning to wonder if maybe my firewall is causing me problems. I have the standard Medium level firewall that is automatically installed by redhat during server installation.

I just read a little bit about IPtables and IPchains. Could they be the source of my problem (I have not altered them in any way, that i know of).

thanks again!

d3funct 07-18-2001 11:28 AM
Just to make sure the default "medium" firewall provided by the distro is not your problem remove it. Type "setup" you will get a menu, go to "Firewall configuration" and check "No Firewall", and quit. Do "iptables -L" if iptables has not been configured it should only return the default policies or nothing. Once you've verified you have no firewall active check your routes with "netstat -rn". Make sure you can ping your machines, try telnetting also to ensure communication. Once you've verified communication and routing, ping from inside your network to a machine outside your network from your router to ensure the router is getting out ok. Then configure a firewall WITHOUT IP_MASQ, but with IP_FORWARDing. Check out www.boingworld.com they have an excellent iptables tutorial. You might also look into Webmin for an easy system administration interface www.webmin.com. Hope this helps :-)

solinari 07-18-2001 12:14 PM
ok, when I type

iptables -L

it gives me the following error:

/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.1a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


errrr... I am not all that good at linux (obviously). I tried to type

insmod -V iptables

but it told me that no module by that name was found. However when I type

iptables -V

it tells me it is running "iptables v1.2.1a" so what gives? This is a brand new install of redhat, so I don't know how my kernel or iptables could possibly need upgrading.... but stranger things have happened i guess. Am I doing something wrong?

d3funct 07-18-2001 01:45 PM
Is iptables compiled? It has to be compiled along with quite a few other modules that it requires to work properly. To run the pure basics you need to configure the following options into the kernel:

CONFIG_PACKET
CONFIG_NETFILTER

And since you're recompiling the kernel might as well add the more advanced options so you can use them as you learn:

CONFIG_IP_NF_CONNTRACK
CONFIG_IP_NF_FTP
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_MATCH_LIMIT
CONFIG_IP_NF_MATCH_MAC
CONFIG_IP_NF_MATCH_MARK
CONFIG_IP_NF_MATCH_MULTIPORT
CONFIG_IP_NF_MATCH_TOS
CONFIG_IP_NF_MATCH_STATE
CONFIG_IP_NF_MATCH_UNCLEAN
CONFIG_IP_NF_MATCH_OWNER
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_TARGET_REJECT
CONFIG_IP_NF_TARGET_MIRROR
CONFIG_IP_NF_NAT
CONFIG_IP_NF_NAT_NEEDED
CONFIG_IP_NF_TARGET_MASQUERADE
CONFIG_IP_NF_TARGET_REDIRECT
CONFIG_IP_NF_NAT_FTP

Of course you can leave IP_Masquerade out since you don't want to use it. If it's not compiled into the kernel or as a module it won't exist and won't be used.

bjordan 09-25-2001 02:12 PM
You need to remove the ipchains module from the default RH 7.1 install.

#rmmod ipchains

Then iptables should work fine.

You will want to remove the ipchains module from your /etc/rcX.d
scripts.

cheers,
bjordan

jeffyboy 01-23-2002 05:17 PM
Thank you bjordan !
 
This was the info I was looking for all day. Thank you, Thank you and (if I didn't mention) THANK YOU as your valuable info has saved me a pile of frustration ![COLOR=blue]

bjordan 01-24-2002 09:16 AM
You're Welcome,

Glad to see the info helped someone. :)

Cheers,
bjordan


All times are GMT -5. The time now is 10:51 PM.