hi!

i'm pretty new to linux, and have a problem
i'd like to use the debian computer as a firewall between the router and the windows computer.
my setup is: - one router connecting to the internet (192.168.1.1)
- one debian comp with two ethernet cards (eth0 192.168.1.3 to the router, eth4 192.168.1.3 to the other comp)
- one windows computer connected to the debian one. ( 192.168.1.2 set to static, dhcp off )

the problem is that internet can't get through the linux pc.

ifconfig output (i think it looks OK) :

debian:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:33:E22:22
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::240:33ff:fee2:d222/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2015 errors:0 dropped:0 overruns:0 frame:0
TX packets:1907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:636522 (621.6 KiB) TX bytes:396645 (387.3 KiB)
Interrupt:11 Base address:0xec00

eth4 Link encap:Ethernet HWaddr 00:50:BF1:85:E7
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:bfff:fed1:85e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:785 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:56889 (55.5 KiB) TX bytes:1068 (1.0 KiB)
Interrupt:10 Base address:0xe800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:88 errors:0 dropped:0 overruns:0 frame:0
TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7200 (7.0 KiB) TX bytes:7200 (7.0 KiB)p:Local Loopback

/etc/network/interfaces file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo eth0 eth4
iface lo inet loopback

# WAN - 8139
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1

# LAN - 8029
iface eth4 inet static
address 192.168.1.4
netmask 255.255.255.0

btw the internet on the debian comp is okay.
when the win comp is not plugged in to debian, i can ping it, but when i plug it into the second NIC card in debian comp, the win computer cant be pinged.

could anyone help me?

thanks

The Ips you have choose are not very good...they can cause lots of problems because you have two different networks with the same netmask.

Try something like this:

router 192.168.1.1
debian-router 192.168.1.3
debian-win 192.168.2.1
win 192.168.2.2

and what about the netmask? shouldn't I change that?

No, leave the same netmasks (255.255.255.0)

okay, thanks to you i'm one step closer
i did what you said and now i could ping back and forward on the lan, except I can't reach the router (192.168.1.1), therefore I cant reach the internet.
any ideas?
i'm still not confident in my windows lan card configuration:
ip: 192.168.2.2
netmask: 255.255.255.0
gateway 192.168.2.1 (linux lan) ??
dns: 192.168.2.1 (linux lan) ??

Your windows setup is fine, assuming you actually are running a DNS server on the linux gateway (192.168.2.1). If not, you should configure the DNS server your ISP assigns.

Re the ping 192.168.1.1 problem, it sounds like you either need to enable IP forwarding on the linux gateway or add a static route on the router so it knows about the 192.168.2.0 network (or both)
Can you ping 192.168.1.3 (the other side of the linux gateway)? If so, forwarding is enabled already. Since linux gateway is directly connected to the 192.168.2.x network, it knows how to get there. The router, however, needs a static route added. Go to the router's GUI, and search for routing or static routes. Add a route for network "192.168.2.0" netmask "255.255.255.0" gateway "192.168.1.3" and you'll be set.

i could ping 192.168.1.3

but the rest just dont work..
still the same, i cant ping 192.168.1.1
and i also did the forwarding

http://img353.imageshack.us/img353/8787/48767109td0.jpg

Do you have some sort of firewall software running on the linux gateway? Perhaps that is blocking the ping response (echo reply)?

You should be able to run tcpdump or wireshark on the linux gateway, and see if the ping (echo request) and it's response are being seen.

there is no firewall.
I'll try tcpdump and wireshark, and post you the output.
but there is something interesting going on, because my 2nd NIC's name is always changing (mostly its eth4 but its sometimes eth1 or eth2..), it changes on reboots.

and if I try to use the 'ifup eth2' command I get this: eth2: timeout waiting for Tx RDC.
(I didnt get it until now) -.-

To summarise;

1.eth0 must be on the same subnet as the router. i.e. they must both have addresses in 192.168.1.X
2. eth1 must be on a different subnet i.e. 192.168.0.X or 192.168.2.X or 10.X.X.X and all boxes connected to this card must have addresses in this subnet.

In order to access the Internet from boxes connected to eth1 you need to implement ip-masquerading and forwarding which is covered pretty well here. I personally have implemented ip-masquerading and use MonMotha's firewall to handle the rest.

Basically the setup is this;

the gateway for the box connected to the router is the router address. The gateway for boxes connected to eth1 is the address of eth1.
I suggest you manually edit the /etc/network/interfaces file to something like;

auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.X.X
gateway 192.168.1.3

Of course you need to restart networking by doing in a root consol;

/etc/init.d/networking restart