LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-19-2004, 12:12 AM   #1
emaayan
LQ Newbie
 
Registered: Nov 2003
Posts: 14

Rep: Reputation: 0
HELP! can't get routing to work on RH9


hi..

i have a small laptop which has RH 9 installed on it.

eth0 is internal network card connected to cable modem.
eth1 is edimax pcmcai network card connected the hub which has several
computers connected to it:

problem is when i try to use the internet from one of the client
computers (windows) i cannot get a response.

here is my iptable;

ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination
ACCEPT udp -- sdns.goldenlines.net.il anywhere udp
spt:domain dpts:1025:65535
ACCEPT udp -- cachedns.goldenlines.net.il anywhere
udp spt:domain dpts:1025:65535
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere


and here is my dmesg


IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.128.6 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1534 PROTO=UDP SPT=3017 DPT=53 LEN=38
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.128.6 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1535 PROTO=UDP SPT=3017 DPT=53 LEN=38
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=216.136.173.161 LEN=92 TOS=0x00
PREC=0x00TTL=63 ID=1536 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=56576
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.129.5 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1537 PROTO=UDP SPT=3017 DPT=53 LEN=38
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.128.6 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1538 PROTO=UDP SPT=3017 DPT=53 LEN=38
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=216.136.173.162 LEN=92 TOS=0x00
PREC=0x00TTL=63 ID=1539 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=56832
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.129.5 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1540 PROTO=UDP SPT=3017 DPT=53 LEN=38
IN=eth1 OUT=ppp0 SRC=192.168.1.33 DST=212.117.128.6 LEN=58 TOS=0x00
PREC=0x00 TTL=127 ID=1541 PROTO=UDP SPT=3017 DPT=53 LEN=38


when 192.168.1.33 is the ip from the windows.

as u can see the window does send signal out, but shouldn't i get an
out=eth0 as well? sending signals back to the windows?
 
Old 10-19-2004, 02:19 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
yep, your windows try to resolve a domain name. i think the trouble is yor iptables rules u dont have any NAT rule. u can visit www.iptables-script.dk and generate MASQUERADE rule.
 
Old 10-19-2004, 04:32 AM   #3
mardanian
Member
 
Registered: Mar 2004
Distribution: Fedora
Posts: 254

Rep: Reputation: 30
okay here is a simple iptables rulesset for your router, however you must define the gateway/dns as your router, and on router box your must configure properly the /etc/resolve.conf with the dns entries for your ISP


#!/bin/bash
# Rules for gateway
#Clear \ Flush all the rules from the different chains and tables

iptables --flush
iptables --flush INPUT #Flush the INPUT chain
iptables --flush OUTPUT #Flush the OUTPUT chain
iptables --flush FORWARD #Flush the FORWARD chain
iptables -t nat --flush #Flush the nat table
iptables -t mangle --flush #Flush the mangle table
iptables --delete-chain #Delete any pre-existing chains
iptables -t nat --delete-chain #Delete any pre-existing chains from nat table
iptables -t mangle --delete-chain #Delete any pre-existing chains from the mangle table
iptables --policy INPUT DROP #Setting the default policy for INPUT chain

iptables --policy FORWARD ACCEPT #Setting the default plicy for FORWARD chain

iptables --policy OUTPUT ACCEPT #Setting the default policy for the OUTPUT chain
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW, ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW, ESTABLISHED,RELATED -j ACCEPT

## allow ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

###
echo 1 > /proc/sys/net/ipv4/ip_forward ## enable forwarding
 
Old 10-19-2004, 08:29 AM   #4
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
Quote:
Originally posted by mardanian

iptables --policy FORWARD ACCEPT #Setting the default plicy for FORWARD chain
iptables -A FORWARD -m state --state NEW, ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward ## enable forwarding
is it secure?

i think the followings are better

Code:
iptables --policy FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth_local -s 192.168.0.0/24 -j ACCEPT
good luck.

Last edited by maxut; 10-19-2004 at 08:35 AM.
 
Old 10-19-2004, 01:39 PM   #5
mardanian
Member
 
Registered: Mar 2004
Distribution: Fedora
Posts: 254

Rep: Reputation: 30
well for a n00b its kinda easy to start with such setup and steadily on there way leanring iptables things they could deploy a "recommended" default DROP policy

regards
 
Old 10-20-2004, 02:04 AM   #6
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
i see. u r right.
 
Old 10-20-2004, 05:19 AM   #7
james.farrow
Member
 
Registered: Mar 2003
Location: UK Darlington
Distribution: Fedora Freebsd Centos
Posts: 296

Rep: Reputation: 31
Try below:-

http://projectfiles.com/firewall/
 
Old 10-20-2004, 03:06 PM   #8
emaayan
LQ Newbie
 
Registered: Nov 2003
Posts: 14

Original Poster
Rep: Reputation: 0
tried using the iptables i was given

and the one on the last post..
but still NOTHING

it's has something deeper right?

i mean no matter what i do windows cannot get a reply,
how can i even know that linux receives the signal from the outside?

my naemsevers are ok (i do have the ppp connection ok after all i can access the internet from the router), windows has a fixed ip, and the dns's are defined in it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How does DID routing work with hylaFax? etech Linux - Software 1 05-17-2005 01:00 AM
Routing question on RH9, two gateways tscman Linux - Networking 2 11-25-2004 06:39 AM
routing table problem RH9 John Micheal Red Hat 5 04-15-2004 01:06 PM
rh9 Routing Prob. using Linux between router and Win Client blish_blash Linux - Networking 17 12-10-2003 08:09 AM
RH9/RH6 Routing Issue kdd281 Linux - Networking 1 11-05-2003 03:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration