Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, everything is working fine, though, I don't know what I did.
My router is external 192.168.1.254
My static addresses ending .64 (linux) and .65 (windows 98)
Windows machine, set dns accroding to info in router, set gateway as router's address and connected to the internet ok.
Linux machine set dns and gateway as well. No connection TO THE INTERNET.
Stop firewall, no connection to internet
Rebooted, no connection to internet.
Ping windows machine and itself, and link ok, but could not ping to the internet.
Stopped firewall again, unchecked the box "protect from internal zone" save configuration and CONNECTION OK to the internet.
Started firewall and still connection. Stop firewall, Check the box "protect from internal network" saved configuration and started fireweall again. Still connection, so I got lost.
Now I have connection and I can not go back to previous situation to understand what happened.
In anycase, I don't understand very well those things of Interna, External Zone; as to IP Forwarding as far as I understand it only makes sense if the Linux machine is the router (as it was when the Linux box's modem was the link to the internet), but now that the router is the DSL modem, IPForwarding doesn't make sense and its box is unchecked. Masquerading, I see it as just an internal trick to link to the internet without showing the local network addresses of each individual machine but still being able to send the packets to the right place.
¿Where should I go to understand better what's going on?
Ok, in order to help you out you will need to provide a little bit more info.
>My router is external 192.168.1.254
This is not your router's external Internet address. This is your router's internal LAN address. ANy address that starts in 192.168.X.X or 10.X.X.X is an internal private address reserved for LANs.
What brand and model is your router?
>Stop firewall, no connection to internet
I'm assuming this is the firewall software on your linux box.
What firewall software are you using? (include the version number)
What Linux distribution are you using?
>unchecked the box "protect from internal zone"
Where is this box? In your Linux software? In your router admin page? How do you access your router for configuration?
>Now I have connection and I can not go back to previous situation to >understand what happened.
>In anycase, I don't understand very well those things of Interna, External >Zone; as to IP Forwarding as far as I understand it only makes sense if the >Linux machine is the router (as it was when the Linux box's modem was the >link to the internet), but now that the router is the DSL modem, >IPForwarding doesn't make sense and its box is unchecked. Masquerading, I
>see it as just an internal trick to link to the internet without showing the
>local network addresses of each individual machine but still being able to >send the packets to the right place.
"Internal" zone refers to all the PCs connected on the inside of your LAN (i.e. they are connected to the built in hub/switch in your router). "External" zone refers to the Internet. The only device exposed to the external zone here should be your router, which is directly connected to the internet through the DSL modem. Everything else is internal and only indirectly connected to the Internet by being connected to the router.
Masquerading is a Linux specific term for Network Address Tanslation (NAT) which is the trick your router performs to allow all internal devices access to the Internet. IPForwarding is only needed if you want to run a server on your LAN that is accessible from the Internet. You probably don't want to do this.
The easiest way to set all of this up is to setup your router to be a DHCP server and then setup your Linux and Windows PCs to use dynamic IP addresses (DHCP) - so you don't have to fiddle with assigning IPs, gateways, DNSs etc... Your router should then connect to the Internet via your DSL modem and assign internal addresses to all your computers on the LAN. Using default settings of most routers, this is all you should need to get access to the Internet.
Router Address: ok, the internal for the lan is such 192.... The internet address changes every time I restart the router, it's a 2Wire 1701HG.
Firewall. Right, there is one in the router and one in the Linux. When stopping/restarting, I meant the Linux firewall. The one I'm using: "iptables v1.3.1"
Linux, SuSE 9.3
"Protect Firewall from internal zone", right, in the Firewall through YaST.
I personally feel more confortable with DHCP, it's all very easy, but I read comments about "better to use fixed addresses". After I switched from fixed to DHCP, my servers HTTP, MySQL, CUPS, Samba, Cron and other few, STOPPED loading at boot time. I had to either load them later (rc[daemon] start) or boot WITHOUT the ethernet cable connected to the router. I worked like that (with router off or ether cable off for 8 months) Then I switched back to fixed IP addresses, and more servers are loaded at boot time, though the USB detection fails if the ethernet cable is connected at boot time. When this cable is disconnected during boot, all servers load fine and there is correct autodetect of USB memory, flash cards, etc. Then after boot and after conecting ethernet cable back to the router everything is fine.
So in the end, the main problem around all this was the not loading of those servers at boot. Still the solution has been to keep the ethernet cable disconnected during boot.
The second problem was the imposibility to connect to the internet, but after stopping and restarting the firewall through YaST unchecking or checking this checkbox for "protect firewall from internal zone" corrected the problem, but after repeating this operation back to original it does't block internet connection. So I don't know what was wrong in the begining. Perhaps there was a cleanup of the tables made by YaST? (it sounds confortable to think that's the reason, but who knows, I've read of people not trusting YaST, but I usually go to the "files" where YaST fiddles about, and they have correct information. As in this case, YaST had collected long TABLES with masquerading, IP forward, etc., and after this switching, all that disappeared, but now those rules in the tables possibly blocking my traffic to the internet haven't returned despite of the checkbox of "Protect Firewall from Internal Zone", perhaps because I haven't switched IP Forward and Masquerading back on.....?¿)
Thanks Joe
Status of iptables now:
Quote:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.