Hi LQ:
I am trying to turn an old desktop that has slackware 12.2 installed on it into a dhcp server that performs nat on a certain range of the subnet... the server's hostname is nutshell.
Once I have it set up, I am testing it with a slackware64-13.1 laptop whose hostname is firebolt.
Nutshell has a static ip. Before messing with the DHCP side of things, I thought I would start with getting NAT working. The steps I have taken are as follows:
- I modified the /etc/rc.d/rc.inet1.conf script so that the interfaces would be setup on boot. Eth0 has ISP's static ip assigned to it, and I assigned 172.0.0.1 to eth1.
- I opened the box as wide as possible, so that former firewalls and security settings would not interfere. The contents of /etc/hosts.allow is All:All, and /etc/hosts.deny is an empty file. The firewall is set to allow everything, i.e., iptables -L has "ACCEPT" as default policy on all chains.
- Next I used iptables to start nat with the command:
Code:
iptables -t nat -A POSTROUTING -s 172.0.0.0/11 -o eth0 -j SNAT --to ##.##.##.##
(the static ip I am not typing for security reasons, since the box is open wide at the moment)...
Then I connect firebolt to nutshell with a category 5 ethernet cable and test it out. I can ping nutshell:
Code:
firebolt% ping 172.0.0.1
PING 172.0.0.1 (172.0.0.1) 56(84) bytes of data.
64 bytes from 172.0.0.1: icmp_req=1 ttl=64 time=1.24 ms
64 bytes from 172.0.0.1: icmp_req=2 ttl=64 time=0.105 ms
64 bytes from 172.0.0.1: icmp_req=3 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=4 ttl=64 time=0.103 ms
64 bytes from 172.0.0.1: icmp_req=5 ttl=64 time=1.29 ms
64 bytes from 172.0.0.1: icmp_req=6 ttl=64 time=0.100 ms
64 bytes from 172.0.0.1: icmp_req=7 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=8 ttl=64 time=0.102 ms
64 bytes from 172.0.0.1: icmp_req=9 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=10 ttl=64 time=0.103 ms
64 bytes from 172.0.0.1: icmp_req=11 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=12 ttl=64 time=0.105 ms
64 bytes from 172.0.0.1: icmp_req=13 ttl=64 time=0.167 ms
64 bytes from 172.0.0.1: icmp_req=14 ttl=64 time=0.100 ms
64 bytes from 172.0.0.1: icmp_req=15 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=16 ttl=64 time=0.101 ms
64 bytes from 172.0.0.1: icmp_req=17 ttl=64 time=1.28 ms
64 bytes from 172.0.0.1: icmp_req=18 ttl=64 time=0.102 ms
64 bytes from 172.0.0.1: icmp_req=19 ttl=64 time=1.28 ms
The ping seems very erratic. Notice it fluxuating between a tenth of a millisecond and a whole millisecond, almost alternating? Is this normal?
The same result occurs if I ping firebolt from nutshell.
Next I try to ping the public static ips of my ISP's nameserver:
Code:
firebolt% ping ##.##.##.##
PING ##.##.##.## (##.##.##.##) 56(84) bytes of data.
64 bytes from ##.##.##.##: icmp_req=1 ttl=61 time=7.54 ms
64 bytes from ##.##.##.##: icmp_req=2 ttl=61 time=8.74 ms
64 bytes from ##.##.##.##: icmp_req=3 ttl=61 time=7.53 ms
64 bytes from ##.##.##.##: icmp_req=4 ttl=61 time=8.58 ms
It too alternates by a millisecond.
OK, yeah, I can ping external ips from firebolt, so the NAT appears to be working properly. I fire up x-windows and surf a little. While I am surfing it freezes. Checking the pings again, suddenly firebolt cannot ping isp's dns anymore. Checking on nutshell, it can no longer ping external ips either. However, after running /etc/rc.d/rc.inet1 restart on nutshell, all is well, and it is pinging out again. I go back to firebolt and resume my surfing.
Everything seems ok, for a while, but then it freezes again, and I have to go back to nutshell and run rc.inet1 restart again.
In the time it has taken to type this blog, I have had to restart nutshell three times.
Could anyone shed any light on this erratic behavior?