Here's my Network Config

KowCiller · 07-07-2003, 09:12 PM

Ok guys... I'm not sure why this is giving me so much trouble, but here is everything... If you have any idea why my Client machine can't get to the Internet, please post!!! I feel like I've tried everything!

Client runs Win2k, set up to accept dhcp address, gateway statically set to 192.168.69.1 (eth1)

eth0 - obtains dynamic ip from cable modem
eth1 - hands out local ip address to client machine

ifconfig on Linux server:

Code:

eth0      Link encap:Ethernet  HWaddr 00:40:05:7A:F0:30  
          inet addr:65.26.42.131  Bcast:255.255.255.255  Mask:255.255.254.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:754 errors:0 dropped:0 overruns:0 carrier:0
          collisions:18 txqueuelen:100 
          RX bytes:530368 (517.9 Kb)  TX bytes:136649 (133.4 Kb)
          Interrupt:10 Base address:0x3000 

eth1      Link encap:Ethernet  HWaddr 00:09:5B:0B:74:E7  
          inet addr:192.168.69.1  Bcast:192.168.69.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:107 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:12708 (12.4 Kb)  TX bytes:4407 (4.3 Kb)
          Interrupt:9 Base address:0xb000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:700 (700.0 b)  TX bytes:700 (700.0 b)

Here's my dhcpd.conf file that hands out the IP's to the client:

Code:

#dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.69.255;
option routers 192.168.69.1;
option domain-name-servers eth0.kc.rr.com;
option domain-name "kc.rr.com";

subnet 192.168.69.0 netmask 255.255.255.0 {
	range 192.168.69.10 192.168.69.100;
}

Here's the /etc/sysconfig/network file:

Code:

NETWORKING=yes
HOSTNAME='localhost.localdomain'
FORWARD_IPV4=true

iptables --list gives me this:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

ipconfig from client looks like this:
Connection-specific DNS Suffix : kc.rr.com
IP Address : 192.168.69.10
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.69.1

Notes:
Client is able to ping both eth0 and eth1, server can ping client.
Client can NOT ping ww.yahoo.com or it's ip address 216.109.125.78
I've also tried some other major sites... as well as cannot open IE to browse a site.

Again, DHCP works fine, server can hit the net just fine, all that is wrong is the client cannot seem to get through the internet connection of the server.

I'll plan to lock down the input on iptables after i can get this to work....

Please help if you have any idea! I'm so confused!!

Thanks in advance!!

Aaron (KowCiller)

timfair · 07-08-2003, 10:29 AM

You need to set up forwarding rules with NAT. With blank iptables like that, the linux machine doesn't have anything it needs to do with the packets sent from the clients. If you are not comfortable with writing an iptables ruleset, then I highly recommend using "Shorewall" to set up the firewall. You can use the configuration examples off the website www.shorewall.net and have it working in minutes.

I run shorewall/iptables on half a dozen firewalls and it works awesome ... Good luck

hakcenter · 07-08-2003, 12:59 PM

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

thats to get it working.

then if you really want to get into firewalling, reply ill give ya a firewall setup

then try:
ping yahoo.com

not www.yahoo.com :-P

WorldBuilder · 07-08-2003, 05:00 PM

In addition to setting up iptables, do this...

# cat /proc/sys/net/ipv4/ip_forward

If it says "0", type this:

# echo 1 > /proc/sys/net/ipv4/ip_forward

after setting up iptables like hakcenter said, do that and you should be all set. Hope that helps!

Chris

KowCiller · 07-08-2003, 09:10 PM

Guys,

Thanks to all of you that have replied. However, I'm still having problems. I did as the hakcenter and chris suggested, entered those commands, yet still i cannot seem to get any forwarding?

when i do an iptables --list, I still get the same "blank" configuration there, even after trying those commands... is that correct?

However, this is what I see when I do a 'more' on /etc/sysconfig/iptables

Code:

# Generated by iptables-save v1.2.5 on Tue Jul  8 21:01:12 2003
*nat
:PREROUTING ACCEPT [5:1052]
:POSTROUTING ACCEPT [3:252]
:OUTPUT ACCEPT [74:4535]
[71:4283] -A POSTROUTING -o eth0 -j MASQUERADE 
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Tue Jul  8 21:01:12 2003
# Generated by iptables-save v1.2.5 on Tue Jul  8 21:01:12 2003
*filter
:INPUT ACCEPT [606:351287]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [652:106195]
COMMIT
# Completed on Tue Jul  8 21:01:12 2003

Does this look correct?
When I try the route command, I get the following:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.69.0    *               255.255.255.0   U     0      0        0 eth1
65.26.50.0      *               255.255.254.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         CPE-65-26-50-1. 0.0.0.0         UG    0      0        0 eth0

Does any of this shed any light on the subject? Thanks so much for all the help so far... I just need another push! I tried using firestarter previously and had no luck there either....

I know that packets are getting to the linux box though, I can see on the ifconfig command the received packets going up as I try to ping sites... Unfortunately on the client I keep getting "unknown host" for everything I try...

Aaron.

KowCiller · 07-08-2003, 09:44 PM

I CAN'T BELIEVE IT BUT I ACTUALLY GOT IT TO WORK......

SORT OF!

So get this... I was messing around reading some other posts, and I noticed someone talk about a resolv.conf file. I'm a total n00b (as I'm sure you've figured out) so I was poking around in there and it looked like those were some nameserver ip addresses that got resolved from my isp. Well my linux box was using them fine, but they were NOT getting transferred over to my client pc through DHCP and I'm not sure why.

When i statically typed in the a couple IP addresses from my resolv.conf into my client PC's preferred and alternate DNS servers, I got the internet to be shared to the client!!!

So now the question is, what do I need to change on my dhcpd.conf ( you can see the current version on the original post ) so that the dhcpd can dynamically give that information to my client? Now that I mention that does it sound like a legit reason why I would be having so much trouble?

Is there anything else I need to make sure that I do?

THANKS FOR ALL THE HELP!!!!!!

Aaron.

hakcenter · 07-09-2003, 12:27 PM

well, you could always just install named, and set your dhcp clients to use the dns off the eth1 device...

its the way to go for 100% internal support

i thought it was fine, you just wernt dns resolving, heh

edit

/etc/systcl.conf to make sure ipv4 forwarding stays enabled, set to 1

WorldBuilder · 07-09-2003, 12:39 PM

Agreed. Install BIND (DNS) and have DHCP use it. Actually... Lemme look something up, and I will get right back to you...

Ok, back again...

Are you running named? If you are, make sure you have the following line in dhcpd.conf

ddns-update-style interim;

Try that.

Chris

Also, what version of DHCP are you using?

KowCiller · 07-09-2003, 06:59 PM

Guys,

Thanks again for the replies.

I'm not sure what version of dhcp I'm running... whatever comes with Redhat LInux 7.3.

I'm also not sure how to check the version of it either.... it doesn't seem to have a version flag to check (at least that I could find..)

I'll do some reading to figure out how to set up BIND. Any suggestions of how to get dhcp to use the BIND configuration after I get it set up? Actually, I'm open to any suggestions period, so let me know if there's anything that I should keep in mind.

Thanks a heap!

Aaron.

P.S. Oh yeah, almost forgot to mention that I do not have named installed and I'm not running it. Is this something that I need to get ahold of?

WorldBuilder · 07-10-2003, 09:15 AM

Yeah, you do need to install bind (named). Go to Red Hat's website and download the RPM for bind. As a matter of fact, to find out what version of dhcp you have, you should probably be able to run:

# rpm -qa | grep dhcp

That might tell you what version of dhcp you have.

Install Bind, then we can work on it from there.

Chris