LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-22-2003, 05:14 AM   #1
mwarren2
LQ Newbie
 
Registered: Oct 2003
Posts: 9

Rep: Reputation: 0
gShield NAT problem


I have Linux Debian 2.4.17 and I have successfully installed an ADSL connection, and I can do everything I want on the Internet, browse, ftp and so on.
I now want to share this connection with a Windows98 box.

Using gShield I have set up a NAT on the Linux box, and I can ping anywhere on the Internet from Windows98.
If I run iptables --list -t nat
I get the following for the Windows98 machine:
MASQUERADE all -- malcolmmobile2
which looks ok to me.

The two machines can ping each other of course, (Linux 10.0.0.110 and Windows98 10.0.0.105). I have a LanModem, which is only being used as a hub (it's never connected to the net), with 10.0.0.1 address.

The odd part comes next.

Using Internet Explorer from Windows98 I can go to google (though I can't do a search), and another site called english-country-cottages dot co dot uk where oddly enough it seems to let me go anywhere I want on the site.

But on any other site the browser correctly establishes the connection (I can see the connection using netstat -a on the Windows box), but nothing ever comes back to the browser, which just hangs forever, not even timing out.

I have tried adding "net.ipv4.ip_forward = 1" to /etc/sysctl.conf, followed by restarting gShield, but this makes no apparent difference.

I have followed as much as possible the information contained on the page
www dot yolinux dot com/TUTORIALS/LinuxTutorialIptablesNetworkGateway dot html

although I have an important question remaining:
the above page states:
Windows '95 Configuration:

* Select "Start" + Settings" + "Control Panel"
* Select the "Network" icon
* Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
* Select the tabs:
o "Gateway": Use the internal network IP address of the Linux box. (192.168.XXX.XXX)
o "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
o "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.255.0 for a small local office network) of the PC can also be set here.

Fine, but it says nothing about what to put in the Host and Domain fields. I have put the name of the Windows98 machine in Host and "tiscali.it" in the Domain, which is my ISP.

Can anybody help?
 
Old 10-22-2003, 06:58 AM   #2
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
on the 98 box, can u actually ping www.google.com and tha tther site.


what u may be seeing is stuff from cache.
 
Old 10-22-2003, 08:17 AM   #3
mwarren2
LQ Newbie
 
Registered: Oct 2003
Posts: 9

Original Poster
Rep: Reputation: 0
I can ping not only the two sites I mentioned, but anywhere on the internet from Windows98.
I can search from Google - (I wrote that I couldn't in my last post), and on the other site I can do interactive searches, so it's not stuff from the browser cache that I am seeing.
ANY other site that I have tried, establishes the connection (and I can see that the connection has been established using netstat -a), but nothing ever comes back, and it never seems to time out.

I can even go to the protected part of our site using https, and the authorization log-in comes up, but as soon as I put in the password and press ok, then it all blocks as for normal http at all other sites.
 
Old 10-22-2003, 09:50 AM   #4
mwarren2
LQ Newbie
 
Registered: Oct 2003
Posts: 9

Original Poster
Rep: Reputation: 0
P.S. I can also FTP perfectly to a site outside to firewall, even in SSL.
 
Old 10-22-2003, 11:22 AM   #5
mwarren2
LQ Newbie
 
Registered: Oct 2003
Posts: 9

Original Poster
Rep: Reputation: 0
I have a feeling that I have to do what is on this page:
www dot hgfelger dot de/mss/mss dot html

However I would be grateful if an expert could confirm this for me. I am using pppoA, not pppoE, but the problem sounds similar.

If so, could you be very specific about what I have to do with patch-o-matic?
The article says:
1. `make patch-o-matic': then apply the TCPMSS patch,
2. recompile the kernel,
3. build the iptables binary, install and
4. restart..

I already have iptables installed, do I have to do all of these four things?
 
Old 10-22-2003, 12:18 PM   #6
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
yea, it seegs strange and i've never seen this before. i saw that sight and it's worth a shot i guess as long as the patch doesnt do anything bad (i dont trust all software, im paranoid).

hopefully the patch was written with security in mind (after all, i does add stuff to iptables).
 
Old 10-23-2003, 04:48 AM   #7
mwarren2
LQ Newbie
 
Registered: Oct 2003
Posts: 9

Original Poster
Rep: Reputation: 0
Ok, I've solved the problem. I've discovered that TCPMSS was already installed and working. All I had to do was put yes for using TCPMSS in the gShield firewall script configuration file.

Now the gShield NAT is finally working properly for Windows over PPPoA.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
gShield pptp_allowed_hosts Configuration james_jvj1 Linux - Security 0 06-09-2005 06:51 AM
Susefirewall2 Nat Problem / nat 1:1 trubi Linux - Distributions 0 07-20-2004 06:50 AM
Gshield on Mandrake 9 arenaz Linux - General 2 07-10-2003 09:48 AM
gShield and VPN kleanthis Linux - Security 2 05-17-2002 08:10 PM
gShield question natto34 Linux - Newbie 1 04-07-2002 02:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration