Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-18-2001, 08:39 AM
|
#1
|
|
LQ Newbie
Registered: Jul 2001
Distribution: redhat 7.1
Posts: 2
Rep: 
|
configuring a router without IP masq
I'm trying to build a router out of an old computer and redhat 7.1. I absolutely cannot use IP masq.
I have a block of real IP addresses to use in my lab. I want to connect these using ethernet to a hub, which will be connected to my redhat router. This router will be connected by token ring to the site LAN. My router can access the internet just fine and my lab clients can even ping my token ring card IP address, but they can not ping outside beyond that. I know there is a similar thread on the board already, but that one is leaning towards IP masq and, again, it is imperative that I do not use such a thing. The equipment is sensitive and gets messed up when we try that.
So, I'm not sure exactly where to begin. Originally I had thought I should use network configurator, go to the routing tab and add a new line. I made the device eth0. In the network address field, I put the network address of the lab/ethernet block of IPs. In the netmask field, i put the netmask of the lab/ethernet block of IPs. I'm not sure what should be the gateway, though. I tried to put the token ring card IP as the gateway but that did not work.
First of all, is Network Configurator even the place to set up the router? I also tried the route command.
Any help would be greatly appreciated! Just please don't mention IP masq. You have no idea how frustrating its been for me in my search for help, since that is all anyone seems to talk about! :-P
Oh yeah, I am beginning to wonder if maybe my firewall is causing me problems. I have the standard Medium level firewall that is automatically installed by redhat during server installation.
I just read a little bit about IPtables and IPchains. Could they be the source of my problem (I have not altered them in any way, that i know of).
thanks again!
|
|
|
|
|
07-18-2001, 11:28 AM
|
#2
|
|
Member
Registered: Jun 2001
Location: Centralia, WA
Posts: 274
Rep: 
|
Just to make sure the default "medium" firewall provided by the distro is not your problem remove it. Type "setup" you will get a menu, go to "Firewall configuration" and check "No Firewall", and quit. Do "iptables -L" if iptables has not been configured it should only return the default policies or nothing. Once you've verified you have no firewall active check your routes with "netstat -rn". Make sure you can ping your machines, try telnetting also to ensure communication. Once you've verified communication and routing, ping from inside your network to a machine outside your network from your router to ensure the router is getting out ok. Then configure a firewall WITHOUT IP_MASQ, but with IP_FORWARDing. Check out www.boingworld.com they have an excellent iptables tutorial. You might also look into Webmin for an easy system administration interface www.webmin.com. Hope this helps :-) |
|
|
|
|
07-18-2001, 12:14 PM
|
#3
|
|
LQ Newbie
Registered: Jul 2001
Distribution: redhat 7.1
Posts: 2
Original Poster
Rep:
|
ok, when I type
iptables -L
it gives me the following error:
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.1a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
errrr... I am not all that good at linux (obviously). I tried to type
insmod -V iptables
but it told me that no module by that name was found. However when I type
iptables -V
it tells me it is running "iptables v1.2.1a" so what gives? This is a brand new install of redhat, so I don't know how my kernel or iptables could possibly need upgrading.... but stranger things have happened i guess. Am I doing something wrong?
|
|
|
|
|
07-18-2001, 01:45 PM
|
#4
|
|
Member
Registered: Jun 2001
Location: Centralia, WA
Posts: 274
Rep:
|
Is iptables compiled? It has to be compiled along with quite a few other modules that it requires to work properly. To run the pure basics you need to configure the following options into the kernel:
CONFIG_PACKET
CONFIG_NETFILTER
And since you're recompiling the kernel might as well add the more advanced options so you can use them as you learn:
CONFIG_IP_NF_CONNTRACK
CONFIG_IP_NF_FTP
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_MATCH_LIMIT
CONFIG_IP_NF_MATCH_MAC
CONFIG_IP_NF_MATCH_MARK
CONFIG_IP_NF_MATCH_MULTIPORT
CONFIG_IP_NF_MATCH_TOS
CONFIG_IP_NF_MATCH_STATE
CONFIG_IP_NF_MATCH_UNCLEAN
CONFIG_IP_NF_MATCH_OWNER
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_TARGET_REJECT
CONFIG_IP_NF_TARGET_MIRROR
CONFIG_IP_NF_NAT
CONFIG_IP_NF_NAT_NEEDED
CONFIG_IP_NF_TARGET_MASQUERADE
CONFIG_IP_NF_TARGET_REDIRECT
CONFIG_IP_NF_NAT_FTP
Of course you can leave IP_Masquerade out since you don't want to use it. If it's not compiled into the kernel or as a module it won't exist and won't be used.
|
|
|
|
|
09-25-2001, 02:12 PM
|
#5
|
|
LQ Newbie
Registered: Sep 2001
Posts: 2
Rep:
|
You need to remove the ipchains module from the default RH 7.1 install.
#rmmod ipchains
Then iptables should work fine.
You will want to remove the ipchains module from your /etc/rcX.d
scripts.
cheers,
bjordan
|
|
|
|
|
01-23-2002, 05:17 PM
|
#6
|
|
LQ Newbie
Registered: Jan 2002
Posts: 1
Rep:
|
Thank you bjordan !
This was the info I was looking for all day. Thank you, Thank you and (if I didn't mention) THANK YOU as your valuable info has saved me a pile of frustration ![COLOR=blue]
|
|
|
|
|
01-24-2002, 09:16 AM
|
#7
|
|
LQ Newbie
Registered: Sep 2001
Posts: 2
Rep:
|
You're Welcome,
Glad to see the info helped someone. 
Cheers,
bjordan |
|
|
|
All times are GMT -5. The time now is 02:22 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
