LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-22-2005, 06:37 PM   #1
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Rep: Reputation: 47
dhcpd will not stay running


I'm trying to use my Linux box as a router. The one problem I'm having is that dhcpd will not stay running. When I try to launch it, this is what happens:
Code:
[root@slackdell /home/scuzzy]$ dhcpd
Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

** You must add a ddns-update-style statement to /etc/dhcpd.conf.
   To get the same behaviour as in 3.0b2pl11 and previous
   versions, add a line that says "ddns-update-style ad-hoc;"
   Please read the dhcpd.conf manual page for more information. **

If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.

If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the dhcp-server@isc.org
mailing list, please read the section on the README about
submitting bug reports and requests for help.

Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.

exiting.
[root@slackdell /home/scuzzy]$
And this is the content of /etc/dhcpd.conf
Code:
[root@slackdell /home/scuzzy]$ cat /etc/dhcpd.conf
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#
default-lease-time 86400;       # one day
max-lease-time 86400;           # one day

subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.2 192.168.0.250;

        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.0.1;
        option routers 192.168.0.1;

        ## The IP address of the name server
        ##
        option domain-name-servers 68.168.240.2;
        option domain-name "adelphia.net";

}


[root@slackdell /home/scuzzy]$
My question is: what am I missing? The daemon will not stay running:
Code:
[root@slackdell /home/scuzzy]$ ps aux | grep dhcpd
root     14244  0.0  0.5  1672  592 pts/2    S+   19:37   0:00 grep dhcpd
[root@slackdell /home/scuzzy]$

Last edited by scuzzman; 01-24-2005 at 09:11 AM.
 
Old 01-22-2005, 07:53 PM   #2
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 33
My question is: what am I missing? The daemon will not stay running:

THIS:

Code:
# if you do not use dynamical DNS updates:
#
# this statement is needed by dhcpd-3 needs at least this statement.
# you have to delete it for dhcpd-2, because it does not know it.
#
# if you want to use dynamical DNS updates, you should first read
# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt
ddns-update-style none; ddns-updates off;
 
Old 01-22-2005, 08:10 PM   #3
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
Excellent - Thanks!

Code:
[root@slackdell /etc]$ dhcpd eth1
Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on Socket/eth1/192.168.0.0/24
Sending on   Socket/eth1/192.168.0.0/24
[root@slackdell /etc]$
Now how would one get it to load on boot? Add it to /etc/rc.d/rc.local ?
 
Old 01-22-2005, 08:23 PM   #4
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
Also - one more, and I'm not sure if this is Linux or windows related, but:
The Windows box can ping the Linux box, but not outside it... (and hence not resolve hostnames)

More info that may be useful:
Here's the output of route:
Code:
[root@slackdell /home/scuzzy]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
68.235.46.0     *               255.255.254.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         68.235.46.1     0.0.0.0         UG    0      0        0 eth0
[root@slackdell /home/scuzzy]$
Does the "Gateway" column have anything to do with it?
I've also tried completely disabling my firewall with no success.

Last edited by scuzzman; 01-22-2005 at 11:27 PM.
 
Old 01-23-2005, 11:58 AM   #5
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 58
This may help dhcp is near the bottom;
http://www.gentoo.org/doc/en/home-router-howto.xml
 
Old 01-23-2005, 03:14 PM   #6
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
That's still not doing it...
Although there were no error messages when I tried to commands, except for the Gentoo-specific ones of course..

Also - the Windows box is resolving hostnames now...

Last edited by scuzzman; 01-23-2005 at 03:19 PM.
 
Old 01-23-2005, 06:04 PM   #7
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
New information:

My computer, now that I've done all of this - it locking up after being idle for just a couple of hours, which is kind of odd....
I checked out /var/log/messages and found this:
Code:
Jan 23 16:48:09 slackdell gconfd (scuzzy-10046): GConf server is not in use, shu
tting down.
Jan 23 16:48:09 slackdell gconfd (scuzzy-10046): Exiting
Jan 23 16:50:01 slackdell gconfd (scuzzy-27467): starting (version 2.6.2), pid 2
7467 user 'scuzzy'
Jan 23 16:50:01 slackdell gconfd (scuzzy-27467): Resolved address "xml:readonly:
/etc/gconf/gconf.xml.mandatory" to a read-only config source at position 0
Jan 23 16:50:01 slackdell gconfd (scuzzy-27467): Resolved address "xml:readwrite
:/home/scuzzy/.gconf" to a writable config source at position 1
Jan 23 16:50:01 slackdell gconfd (scuzzy-27467): Resolved address "xml:readonly:
/etc/gconf/gconf.xml.defaults" to a read-only config source at position 2
Jan 23 17:14:56 slackdell -- MARK --
Jan 23 17:34:56 slackdell -- MARK --
Jan 23 17:54:56 slackdell -- MARK --
Jan 23 18:01:06 slackdell kernel: 3>eth1: PCI Bus error 6290.
Jan 23 18:57:41 slackdell syslogd 1.4.1: restart.
Jan 23 18:57:42 slackdell kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 23 18:57:42 slackdell kernel: BIOS-provided physical RAM map:
What's this gconf program? And why is it in my system if its not in use?

I don't think this has anything to do with my current situation though.


As for the IP forwarding problem - I read the man page for iptables again (not the clearest thing in the world... I don't understand how anyone can write their own scripts for iptables...). After reading it, I thought this might work (I think it might make sense):
Code:
# iptables -t filter -A FORWARD -i eth0 -o eth1
# iptables -t filter -A FORWARD -i eth1 -o eth0
My thought was this would:
  • All information coming from eth0, filter it to eth1
  • All information coming from eth1, filter it to eth0

Now - writing it out, it doesn't make too much sense, but I think I've got the write idea going on here...
Can someone elaborate on this please? I'm going to print the man pages for iptables and read them tonight while at work until I understand them...

Last edited by scuzzman; 01-23-2005 at 07:21 PM.
 
Old 01-24-2005, 01:04 AM   #8
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
RESOLUTION:

I'm teaching myself IPTABLES scripting, and as a temporary solution, I'm going to use GuideDog for IP Forwarding.

As for the computer locking up, I found gconf and killed it. Im going to check tomorrow when I get home from work as to whether that licked it or not.

Thanks for all the help recieved

--John
 
Old 01-24-2005, 09:24 AM   #9
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
Help needed debugging iptables script

Ok - GuideDog isn't working out as planned - not sure what's wrong. Usually everything that guy writes works, although, it was written for 2.4.xx kernel, so that may pose a problem.

So - I'm writing a custom iptables script (tough) and I need some help debugging it.

Here's the script:
Code:
#! /bin/bash

# firewall.sh -  My custom iptables script
#                     This must be run as root

################### BEGIN Variable declaration

       WAN="eth0"      #WAN
       LAN="eth1"      #LAN
       LOOP="lo"       #LOOP

################### END Variable Declaration

################### BEGIN Pre-run stuff

# Enable IP Forwarding
       echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable SYN Cookies
       echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Allow dynamic ip addresses
       echo 1 > /proc/sys/net/ipv4/ip_dynaddr
#END commenting
# Flush filter table
       iptables -t filter -F
       iptables -t filter -Z
       iptables -t filter -X
# Flush nat table
       iptables -t nat -F
       iptables -t nat -Z
       iptables -t nat -X
# Flush mangle table
       iptables -t mangle -F
       iptables -t mangle -Z
       iptables -t mangle -X

################### END Pre-run stuff

################### BEGIN Custom Chains

# LOGDROP - LOG and DROP packets
       iptables -N LOGDROP
       iptables -A LOGDROP -j LOG
       iptables -A LOGDROP -j DROP

# LOGACCEPT - LOG and ACCEPT packets
       iptables -N LOGACCEPT
       iptables -A LOGACCEPT -j LOG
       iptables -A LOGACCEPT -j ACCEPT

################### END Custom Chains

################### BEGIN General Packet Rules

# DROP all packets of invalid state (packet corrupted in transfer, out of memory, etc
       iptables -t filter -A INPUT -m state --state INVALID -j DROP
       iptables -t filter -A FORWARD -m state --state INVALID -j DROP
       iptables -t filter -A OUTPUT -m state --state INVALID -j DROP

# LOGDROP all packets from obviously spoofed IP's
       iptables -A INPUT -i $WAN -s 10.0.0.0/8 -j LOGDROP
       iptables -A OUTPUT -i $WAN -s 172.16.0.0/12 -j LOGDROP

# LOGDROP all new packets that aren't syn
       iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOGDROP

# Forward all packets coming in on eth0 to eth1 and vice versa - see comments following rules
       iptables -t filter -A FORWARD -i $WAN -o $LAN   # eth0->eth1
       iptables -t filter -A FORWARD -i $LAN -o $WAN   # eth1->eth0

# Default LOGDROP policy - if any packet doesn't meet criteria after this section, DROP it
       iptables -t filter -P INPUT DROP
       iptables -t filter -P FORWARD DROP
       #iptables -t filter -P OUTPUT DROP #reserved, uncomment when possible/if needed

# Allow all connections on the internal interface
       iptables -A INPUT -i $LOOP -j ACCEPT

#LOGDROP connections to the local interface from the outside world.
       iptables -A INPUT -d 127.0.0.0/8 -j LOGDROP

################### END General Packet Rules

################### BEGIN Actual packet handling
                      # see comments following rules for purpose

# filter Table
       iptables -t filter -A INPUT -i $LAN -j ACCEPT   # ACCEPT all packets from eth1 (LAN)
       iptables -t filter -A INPUT -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT # ACCEPT all packets on eth0 from connections ESTABLISHED or RELATED
  # TCP
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 80 ACCEPT # http - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 443 ACCEPT # https - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 53 ACCEPT # dns - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 110 ACCEPT # pop3 - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 25 ACCEPT # smtp - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 22 LOGACCEPT # ssh - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 21 ACCEPT # ftp - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 6665,6666,6667,6668,6669 ACCEPT # irc - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 113 ACCEPT # ident/auth - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --ports 5190,5191,5192,5193 ACCEPT # AIM - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --dports 4000 ACCEPT # ICQ - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --dports 5222 ACCEPT # Jabber - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --dports 1863 ACCEPT # MSNmsgr - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --dports 5050,23 ACCEPT # Y! Auth - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP -src 0/0 --dports 5000,5001 ACCEPT # Y! Conf. - eth0
       
       
  # UDP 
       iptables -t filter -A INPUT -i $WAN -p UDP -src 0/0 --ports 110 ACCEPT # pop3 - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP -src 0/0 --ports 25 ACCEPT # smtp - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP -src 0/0 --ports 22 LOGACCEPT # ssh - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP -src 0/0 --dports 5000 ACCEPT # Y! Conf. - eth0

# nat Table
       iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE # Masquerade internal connections going out.

# mangle Table

################### END Actual Packet Handling

exit 0

#EOF
And what it does:
  • Severs connection between computers
  • Severs Linux connection to the internet
  • Basically takes down my network when it's simply supposed to firewall and provide ICS

And the output:
Code:
[root@slackdell /root]$ ./firewall.sh
iptables v1.2.11: Can't use -i with OUTPUT

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
[root@slackdell /root]$

Last edited by scuzzman; 01-24-2005 at 09:36 AM.
 
Old 01-25-2005, 09:16 AM   #10
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
My newest script

Ok - I have a feeling now I'm missing just possibly one line if someone could be so kind as to point it out... Here's my script as it stands (pardon my debugging symbols)

Code:
#! /bin/bash

# firewall.sh -  My custom iptables script
#                     This must be run as root

################### BEGIN Variable declaration

       WAN="eth0"      #WAN
       LAN="eth1"      #LAN
       LOOP="lo"       #LOOP

################### END Variable Declaration
echo "Load firewall prestart"
################### BEGIN Pre-run stuff

# Enable IP Forwarding
       if [ ! -e /proc/sys/net/ipv4/ip_forward ]
       then
              echo 1 > /proc/sys/net/ipv4/ip_forward
	      echo " - Enabled ip_forward"
       elif [ -e /proc/sys/net/ipv4/ip_forward ]
       then
              echo " - ip_forward already enabled"
       fi
# Enable SYN Cookies
       if [ ! -e /proc/sys/net/ipv4/syn_cookies ]
       then
              echo 1 > /proc/sys/net/ipv4/tcp_syncookies
	      echo " - Enabled tcp_syncookies"
       elif [ -e /proc/sys/net/ipv4/tcp_syncookies ]
       then
              echo " - tcp_syncookies already enabled"
       fi
# Allow dynamic ip addresses
       if [ ! -e /proc/sys/net/ipv4/ip_dynaddr ]
       then
              echo 1 > /proc/sys/net/ipv4/ip_dynaddr
	      echo " - Enabled ip_dynaddr"
       elif [ -e /proc/sys/net/ipv4/ip_dynaddr ]
       then
              echo " - ip_dynaddr already enabled"
       fi
# Turn off ECN
       if [ -e /proc/sys/net/ipv4/tcp_ecn ]
       then
              echo 0 > /proc/sys/net/ipv4/tcp_ecn
	      echo " - Disabled tcp_ecn"
       elif [ ! -e /proc/sys/net/ipv4/tcp_ecn ]
       then
              echo " - tcp_ecn already disabled"
       fi
# Flush filter table
       iptables -t filter -F
       iptables -t filter -Z
       iptables -t filter -X
# Flush nat table
       iptables -t nat -F
       iptables -t nat -Z
       iptables -t nat -X
# Flush mangle table
       iptables -t mangle -F
       iptables -t mangle -Z
       iptables -t mangle -X

       echo " - Flushed tables"

################### END Pre-run stuff
echo "Load custom chains"
################### BEGIN Custom Chains

# LOGDROP - LOG and DROP packets
       iptables -N LOGDROP
       iptables -A LOGDROP -j LOG
       iptables -A LOGDROP -j DROP

# LOGACCEPT - LOG and ACCEPT packets
       iptables -N LOGACCEPT
       iptables -A LOGACCEPT -j LOG
       iptables -A LOGACCEPT -j ACCEPT

################### END Custom Chains
echo "Load general packet handling"
################### BEGIN General Packet Rules

# DROP all packets of invalid state (packet corrupted in transfer, out of memory, etc
       iptables -t filter -A INPUT -m state --state INVALID -j DROP
       iptables -t filter -A FORWARD -m state --state INVALID -j DROP
       iptables -t filter -A OUTPUT -m state --state INVALID -j DROP

# LOGDROP all packets from obviously spoofed IP's
       iptables -A INPUT -i $WAN -s 10.0.0.0/8 -j LOGDROP
       iptables -A INPUT -i $WAN -s 172.16.0.0/12 -j LOGDROP

# LOGDROP all new packets that aren't syn
       iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOGDROP

# Forward all packets coming in on eth0 to eth1 and vice versa - see comments following rules
       iptables -A FORWARD -i $WAN -o $LAN   # eth0->eth1
       iptables -A FORWARD -i $LAN -o $WAN   # eth1->eth0

# Default DROP policy - if any packet doesn't meet criteria after this section, DROP it
       iptables -P FORWARD DROP
       iptables -P INPUT DROP
       iptables -P OUTPUT ACCEPT
       
# Allow all connections on the internal interface
       iptables -A INPUT -i $LOOP -j ACCEPT

# LOGDROP connections to the local interface from the outside world.
       iptables -A INPUT -d 127.0.0.0/8 -j LOGDROP

# Allow DHCP clients.
	iptables -A INPUT -i $WAN -p UDP --dport 68 --sport 67 -j ACCEPT
	iptables -A OUTPUT -o $WAN -p UDP --dport 67 --sport 68 -j ACCEPT

	
# Allow free communication between router and client(s)
	iptables -A INPUT -i $LAN -j ACCEPT 
	iptables -A OUTPUT -o $WAN -j ACCEPT
	iptables -A OUTPUT -o $LAN -j ACCEPT

################### END General Packet Rules
echo "Load firewall"
################### BEGIN Actual packet handling
                      # see comments following rules for purpose

# filter Table
     iptables -t filter -A INPUT -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT # ACCEPT all packets on eth0 from connections ESTABLISHED or RELATED
       echo " - Finished default filter"
  # TCP
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 80 -j ACCEPT # http - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 443 -j ACCEPT # https - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 53 -j ACCEPT # dns - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 110 -j ACCEPT # pop3 - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 25 -j ACCEPT # smtp - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 22 -j LOGDROP # ssh - eth0 - DROP for now, logging of course, until i get it config'd on a diff. port
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 21 -j ACCEPT # ftp - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 6665:6669 -j ACCEPT # irc - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 113 -j ACCEPT # ident/auth - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 5190:5193 -j ACCEPT # AIM - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 4000 -j ACCEPT # ICQ - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 5222 -j ACCEPT # Jabber - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 1863 -j ACCEPT # MSNmsgr - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 5050 -j ACCEPT # Y! Auth
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 23 -j ACCEPT # Y! Auth - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 5000 -j ACCEPT # Y! Conf. - eth0
       iptables -t filter -A INPUT -i $WAN -p TCP --dport 5001 -j ACCEPT # Y! Conf. - eth0
       echo " - Finished TCP"
  # UDP 
       iptables -t filter -A INPUT -i $WAN -p UDP --dport 110 -j ACCEPT # pop3 - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP --dport 25 -j ACCEPT # smtp - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP --dport 22 -j LOGACCEPT # ssh - eth0
       iptables -t filter -A INPUT -i $WAN -p UDP --dport 5000 -j ACCEPT # Y! Conf. - eth0
       echo " - Finished UDP"
  # ICMP
       iptables -t filter -A INPUT -i $WAN -p ICMP -j ACCEPT
       echo " - Finished ICMP"
       
# nat Table
       iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE # Masquerade internal connections going out.
       echo " - Finished NAT"

# mangle Table

################### END Actual Packet Handling
echo "Firewall loaded"
exit 0

#EOF
The computer on which this is running can access the internet, and can communicate freely with my other computer. The problem is it's not forwarding the packets, but I can't see why not...
Any ideas?

Last edited by scuzzman; 01-25-2005 at 09:20 AM.
 
Old 01-25-2005, 02:32 PM   #11
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 58
Did you Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
not sure if slack is the same
 
Old 01-25-2005, 05:02 PM   #12
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
Yes, at line 16:
Code:
# Enable IP Forwarding
       if [ ! -e /proc/sys/net/ipv4/ip_forward ]
       then
              echo 1 > /proc/sys/net/ipv4/ip_forward
	      echo " - Enabled ip_forward"
       elif [ -e /proc/sys/net/ipv4/ip_forward ]
       then
              echo " - ip_forward already enabled"
       fi
 
Old 01-26-2005, 08:00 PM   #13
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
bump
 
Old 01-26-2005, 09:50 PM   #14
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 58
You could check the kernel .config;
Code:
Networking options  --->[*] TCP/IP networking[*] IP: advanced router[*] Network packet filtering (replaces ipchains)
If you use 2.4.x, you have to enable the following for DHCP:[*] Socket Filtering

   IP: Netfilter Configuration  --->[*] Connection tracking (required for masq/NAT)
         [x] FTP protocol support
         [x] IRC protocol support[*] IP tables support (required for filtering/masq/NAT)[*] IP range match support
         [x] MAC address match support[*] Multiple port match support[*] Packet filtering[*] REJECT target support
            [x] REDIRECT target support[*] Full NAT[*] MASQUERADE target support
         [s] Packet mangling
            [s] MARK target support
         [x] LOG target support

   QoS and/or fair queueing  --->
      [s] QoS and/or fair queueing
         [s] HTB packet scheduler
         [s] Ingress Qdisc
 
Old 01-27-2005, 08:09 AM   #15
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Original Poster
Rep: Reputation: 47
OK - here's what I've got (this si from .config):
Code:
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_PHYSDEV is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
It appears as though everything you have posted is compiled as a module...
You wouldn't happen to know the log file I could look at could you (I'm willing to wade through the noise if I must)? I've checked every file in /var/log and none of them have this information.
Also, might there be something I have to add to my routing table?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant get my Squid to stay running? tdob Linux - Security 13 11-19-2005 04:01 PM
Haldaemon wont stay running RemusX2 Linux - Software 2 04-13-2005 06:19 PM
Help! My computer wont stay running. Shuts down after X amount of time. The_Nerd Linux - Hardware 10 04-07-2005 12:43 AM
DHCP server won't stay running rrwhite Linux - Networking 2 08-14-2004 09:31 PM
APACHE - HTTPD will not stay running thePod Linux - Software 2 04-15-2004 10:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration