Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am confused with my network settings. The problem I am having is that my linux box is setup as a gateway to my cable modem and although everything works alright on the linux box itself, any machines connected as clients don't get dns. That is, they can ping ip's but not names such as yahoo.com.
running ipconfig -all on a client yields:
(I am copying this by hand)
....
Dhcp enabled . .. : yes
autoconfiguration enabled: . . . : yes
IP address. . . .: 192.168.0.99
Subnet mask . .. .. : 255.255.255.0
Default gateway: . . . : 192.168.0.1
DHCP server . . . . : 192.168.0.1
DNS servers . . .. : 216.69.192.11
216.69.192.12
....
ifconfig -a on gateway:
eth0 Link encap:Ethernet HWaddr 00:50:8D:4B:6D:C8
inet addr:69.133.77.53 Bcast:255.255.255.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:116075 errors:0 dropped:0 overruns:0 frame:0
TX packets:5167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9318394 (8.8 MiB) TX bytes:593489 (579.5 KiB)
Interrupt:19 Base address:0x2000
--------------------------------
iptables (yes I know they are basic, I want to get it working first):
#!/bin/bash
#
# First clear out all the rules and close everything off but let outbound packets through
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -F -t nat
# turn on forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
# Open up the internal network
iptables -A INPUT -i lo -s 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
# Allow SSH from outside
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# IP Masquerading
#iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
#iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 69.133.77.53
# Port Forwarding
#iptables -A FORWARD -p tcp -i eth0 -j ACCEPT
-------------------------------
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
69.133.76.0 * 255.255.254.0 U 0 0 0 eth0
default cpe-069-133-076 0.0.0.0 UG 0 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
You have 2 default routes listed, your external ip and an internal ip...
Delete the internal one;
route del default gw 192.168.0.1
And you only need one Masq/Snat rule, chose 1 and delete the other...
inet addr:69.133.77.53 Bcast:255.255.255.255 Mask:255.255.254.0
Check the netmask setting here.. it's awfully wide...
The broadcast isn't correct either..
From the workstations, in a command prompt, do
nslookup www.something.com
and see if it resolves...
If not, from win machines do
nslookup www.something.com 216.69.192.11 &
nslookup www.something.com 216.69.192.12
to test both servers.
From here I get REJECTs, prob restricted to your ip range.
There's nothing "wrong" with the rule list, but do
iptables-save
to print it on the screen and check what is actually running..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.