help me to setup server for internet access in my cafe

sachin_shetty · 10-23-2006, 05:41 PM

hi guys,

I am working for internet cafe, which is having 18 clients with one server.All the clients are running on windows xp. And on the server i have installed fedora core 4

1) Linksys Wireless-G ADSL Home Gateway for the internet access (ip address is 192.168.1.1)

2)in my server i have 2 lan cards (eth0 and eth1).
eth0 i have configured as a dynamic ip (dhcp)
eth1 is connecting to the 24 port switch to the clients
(ip address is 192.168.0.100)

3) all the client ip adress i have configured according to the server (ie. pc1 - 192.168.0.1 and the default gateway i assigned 192.168.1.1 (adsl gateway) and in the dns field i assigned 192.168.0.100).

the problem is that i am unable to setup adsl from my linux box.

i can ping from my server to adsl gateway. and even with the client machine i can ping.

even i setup iptables in my linux box. it goes like this

iptables -A INPUT -p TCP -i eth0 --destination-port 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth0 --destination-port 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth0 --destination-port 113 -j ACCEPT

iptables -A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 --destination-port 4000 -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.0.100 -j ACCEPT
iptables -A OUTPUT -p ALL -s 82.167.30.127 -j ACCEPT

but invain i am still unable to setup my server

Please can anybody help me out

thanx a lot in advance

from
sachin

basileus · 10-24-2006, 12:41 PM

3) all the client ip adress i have configured according to the server (ie. pc1 - 192.168.0.1 and the default gateway i assigned 192.168.1.1 (adsl gateway) and in the dns field i assigned 192.168.0.100).

----

I'd set up a DHCP server (dhcpd) on the Linux box. That way you can forget about managing 18 static IP addresses on the clients. Then make sure that DHCP server has the correct "routers" (gateway) setting. You must then configure your Linux box to do IP Masquerading. There is a IP Masquerade howto available on the net. Instead of using iptables manually you might want to consider the excellent fwbuilder program. If you don't want any of the hassle with chains and policies then you could try firestarter or guarddog.

Hopefully I did not misunderstand your configuration.

If the Internet cafe is meant strictly for browsing (not for Windows-specific tasks) then you could also experiment with thin-client approach, in which you have one or two very powerful X server machines and all the clients use the desktop and resources of those servers. With XDMCP this is trivial to accomplish. If you are worried about security you can secure the (plaintext) traffic from clients to servers with IPSec or SSH tunnels.

I've used several old (120-233Mhz) desktop computers as "thin" clients with XDMCP for maybe three years and I can tell that they require no mainteinance unless some hardware part breaks. The clients are in effect only "windows" to the server's desktop.

Hopefully I did not stray too far from the subject

bioalchemist · 10-24-2006, 12:46 PM

Sounds like to me you really need an IPCop. http://www.ipcop.org/

MS3FGX · 10-24-2006, 05:36 PM

Suggestions aside, perhaps it would be helpful to actually address his question?

I don't exactly understand the situation. As I see it, the Linksys router/NAT device is connecting to your ADSL, and giving out the server a connection over DHCP. In that case, the router should handle the actual PPPoE authentication, and you should need nothing more than to have the server pull a DHCP lease from it on eth0.

What exactly is the failure? Can you ping a WAN IP? Can you resolve hostnames?

sachin_shetty · 10-25-2006, 04:39 PM

What exactly is the failure? Can you ping a WAN IP? Can you resolve hostnames?

yes i can ping as i told you in my earlier post

either of wan and my lan is pinging properly

[root@localhost ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.726 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.731 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.760 ms

[2]+ Stopped ping 192.168.1.1
[root@localhost ~]# ping 192.168.1.119
PING 192.168.1.119 (192.168.1.119) 56(84) bytes of data.
64 bytes from 192.168.1.119: icmp_seq=0 ttl=128 time=1.15 ms
64 bytes from 192.168.1.119: icmp_seq=1 ttl=128 time=0.213 ms
64 bytes from 192.168.1.119: icmp_seq=2 ttl=128 time=0.205 ms

[3]+ Stopped ping 192.168.1.119
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

yes i already configured dhcp from my linux box. and even my linux server can access the internet. Now the problem with my clients. they are unable to get the internet service from the server

Please help me out

with regards

sachin j shetty

MS3FGX · 10-25-2006, 05:17 PM

These are details you didn't give in the first place. You never said that the server could connect to the Internet.

How are you handling NAT between eth0 and eth1? Because your iptables rules do not say you are doing that.

You need to do something like:

Code:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

sachin_shetty · 10-26-2006, 04:38 AM

yes my friend thanxs for the NAT i wasnt configured it before.

now i have the problem with my squid configuration file

its giving error something like

Bungled squid.conf line 53: http_port 192.168.1.100 :8080

i tried lot to solve this problem. and i end up with the squid. because now it say something like attention swap file is created.i dont know how to eliminate it. could you please help me to delete squid.conf.swp file.

i tried with this command rm -rf squid.conf.swp but no use
that file is still existing.

i will be ever greatful to you. plz help me out

thanks in advance

sachin

sachin_shetty · 10-26-2006, 04:43 AM

To

MS3FGX (sorry i dont know your name)

my iptables now goes like this (after configuring NAT)
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.3.0 on Thu Oct 26 12:42:36 2006
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [602:231257]
:OUTPUT ACCEPT [416:87848]
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Thu Oct 26 12:42:36 2006
# Generated by iptables-save v1.3.0 on Thu Oct 26 12:42:36 2006
*nat
:OUTPUT ACCEPT [41:2762]
:POSTROUTING ACCEPT [5:308]
:PREROUTING ACCEPT [62:7107]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Oct 26 12:42:36 2006