help me to setup server for internet access in my cafe
hi guys,
I am working for internet cafe, which is having 18 clients with one server.All the clients are running on windows xp. And on the server i have installed fedora core 4 1) Linksys Wireless-G ADSL Home Gateway for the internet access (ip address is 192.168.1.1) 2)in my server i have 2 lan cards (eth0 and eth1). eth0 i have configured as a dynamic ip (dhcp) eth1 is connecting to the 24 port switch to the clients (ip address is 192.168.0.100) 3) all the client ip adress i have configured according to the server (ie. pc1 - 192.168.0.1 and the default gateway i assigned 192.168.1.1 (adsl gateway) and in the dns field i assigned 192.168.0.100). the problem is that i am unable to setup adsl from my linux box. i can ping from my server to adsl gateway. and even with the client machine i can ping. even i setup iptables in my linux box. it goes like this iptables -A INPUT -p TCP -i eth0 --destination-port 22 -j ACCEPT iptables -A INPUT -p TCP -i eth0 --destination-port 80 -j ACCEPT iptables -A INPUT -p TCP -i eth0 --destination-port 113 -j ACCEPT iptables -A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT iptables -A INPUT -p UDP -i eth0 --destination-port 2074 -j ACCEPT iptables -A INPUT -p UDP -i eth0 --destination-port 4000 -j ACCEPT iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT iptables -A OUTPUT -p ALL -s 192.168.0.100 -j ACCEPT iptables -A OUTPUT -p ALL -s 82.167.30.127 -j ACCEPT but invain i am still unable to setup my server Please can anybody help me out thanx a lot in advance from sachin |
3) all the client ip adress i have configured according to the server (ie. pc1 - 192.168.0.1 and the default gateway i assigned 192.168.1.1 (adsl gateway) and in the dns field i assigned 192.168.0.100).
---- I'd set up a DHCP server (dhcpd) on the Linux box. That way you can forget about managing 18 static IP addresses on the clients. Then make sure that DHCP server has the correct "routers" (gateway) setting. You must then configure your Linux box to do IP Masquerading. There is a IP Masquerade howto available on the net. Instead of using iptables manually you might want to consider the excellent fwbuilder program. If you don't want any of the hassle with chains and policies then you could try firestarter or guarddog. Hopefully I did not misunderstand your configuration. If the Internet cafe is meant strictly for browsing (not for Windows-specific tasks) then you could also experiment with thin-client approach, in which you have one or two very powerful X server machines and all the clients use the desktop and resources of those servers. With XDMCP this is trivial to accomplish. If you are worried about security you can secure the (plaintext) traffic from clients to servers with IPSec or SSH tunnels. I've used several old (120-233Mhz) desktop computers as "thin" clients with XDMCP for maybe three years and I can tell that they require no mainteinance unless some hardware part breaks. The clients are in effect only "windows" to the server's desktop. Hopefully I did not stray too far from the subject :) |
Sounds like to me you really need an IPCop. http://www.ipcop.org/
|
Suggestions aside, perhaps it would be helpful to actually address his question?
I don't exactly understand the situation. As I see it, the Linksys router/NAT device is connecting to your ADSL, and giving out the server a connection over DHCP. In that case, the router should handle the actual PPPoE authentication, and you should need nothing more than to have the server pull a DHCP lease from it on eth0. What exactly is the failure? Can you ping a WAN IP? Can you resolve hostnames? |
What exactly is the failure? Can you ping a WAN IP? Can you resolve hostnames?
yes i can ping as i told you in my earlier post either of wan and my lan is pinging properly [root@localhost ~]# ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.726 ms 64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.731 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.760 ms [2]+ Stopped ping 192.168.1.1 [root@localhost ~]# ping 192.168.1.119 PING 192.168.1.119 (192.168.1.119) 56(84) bytes of data. 64 bytes from 192.168.1.119: icmp_seq=0 ttl=128 time=1.15 ms 64 bytes from 192.168.1.119: icmp_seq=1 ttl=128 time=0.213 ms 64 bytes from 192.168.1.119: icmp_seq=2 ttl=128 time=0.205 ms [3]+ Stopped ping 192.168.1.119 [root@localhost ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 yes i already configured dhcp from my linux box. and even my linux server can access the internet. Now the problem with my clients. they are unable to get the internet service from the server Please help me out with regards sachin j shetty |
These are details you didn't give in the first place. You never said that the server could connect to the Internet.
How are you handling NAT between eth0 and eth1? Because your iptables rules do not say you are doing that. You need to do something like: Code:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE |
yes my friend thanxs for the NAT i wasnt configured it before.
now i have the problem with my squid configuration file its giving error something like Bungled squid.conf line 53: http_port 192.168.1.100 :8080 i tried lot to solve this problem. and i end up with the squid. because now it say something like attention swap file is created.i dont know how to eliminate it. could you please help me to delete squid.conf.swp file. i tried with this command rm -rf squid.conf.swp but no use that file is still existing. i will be ever greatful to you. plz help me out thanks in advance sachin |
To
MS3FGX (sorry i dont know your name) my iptables now goes like this (after configuring NAT) [root@localhost ~]# iptables-save # Generated by iptables-save v1.3.0 on Thu Oct 26 12:42:36 2006 *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [602:231257] :OUTPUT ACCEPT [416:87848] -A FORWARD -i eth1 -j ACCEPT COMMIT # Completed on Thu Oct 26 12:42:36 2006 # Generated by iptables-save v1.3.0 on Thu Oct 26 12:42:36 2006 *nat :OUTPUT ACCEPT [41:2762] :POSTROUTING ACCEPT [5:308] :PREROUTING ACCEPT [62:7107] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Thu Oct 26 12:42:36 2006 |
All times are GMT -5. The time now is 06:38 PM. |