LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-26-2006, 08:06 AM   #1
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Rep: Reputation: 0
How to route traffic on a network - cannot get machine to transfer across interfaces


I'm having some fun and games trying to set up a new machine on my
home network, so I'm after some help, please. My broadband ISP has
failed (Aussies - Veridas :P ), so whilst my churn goes through, I'm
running an old box with dialup to connect to the outside world.

I'm trying to get my other machines routing through it so that they
can all access the modem (I'm sitting on the floor typing this, as the
machine itself is in a very uncomfortable location, plus so that more
than one person can be online at the same time, speed be damned...).

My setup:

- A few machines on the subnet 192.168.0.0, networked wirelessly;
- A wireless router at 192.168.0.1;
- The old box connected to the wireless router by a CAT5 cable (on the
same subnet, eth0);
- The old box is connected to the outside world by a dialup modem.

What works at the moment:

- Each machine can ping the other (including the old box, using eth0);
- The old box can dial out and connect up correctly on the modem
(ppp0).

However, I cannot connect from one of the other boxes, via the old
box, to the outside world:

- ie - main machines -- wireless router -- old box -- modem -- ISP

The issue is the old box (running a 2.4.26 kernel using Damn Small
Linux 3.0) not routing the requests from eth0 to ppp0.

I've played around with the shell (route and a quick go with
iptables), but have failed dismally to get anything working. It's been
a (long) while since I did this, and I have no idea how to get it
working.

What am I doing wrong, and how do I get it working? All advice
gratefully accepted
 
Old 09-26-2006, 11:32 AM   #2
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
You need to implement ip-masquerading and then enable forwarding which is covered here.
 
Old 09-26-2006, 09:15 PM   #3
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks, TigerOC - I'll give that a shot tonight and report back about how it went.
 
Old 09-27-2006, 06:02 AM   #4
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TigerOC
You need to implement ip-masquerading and then enable forwarding which is covered here.
No luck, I'm afraid. The nat table script that is listed on the webpage fails, as iptables claims that it doesn't understand the option 'state', as listed in it.

ie - the lines such as this one fail:

/sbin/iptables -t filter -A FORWARD -i ${WAN} -o ${LAN} state --state RELATED,ESTABLISHED -j ACCEPT

Any ideas?
 
Old 09-27-2006, 07:14 AM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,256

Rep: Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116
Should be iptables ... -m state --state RELATED,ESTABLISHED -j ACCEPT
 
Old 09-27-2006, 08:02 AM   #6
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by michaelk
Should be iptables ... -m state --state RELATED,ESTABLISHED -j ACCEPT
Thanks for that - I'd found that whilst googling, and it removed the error mesage, but it's nice to know that this is correct

However, I'm still not (quite?) there yet. From my desktop box, I can now ping the IP address that my ISP has assigned my modem, but no further. In other words, I'm a step closer to my aim as I can ping the next IP address in the line.

This is the set of rules that I'm using:


LOOPBACK=lo
LAN=eth0
WAN=ppp0

#Flush any rules that may still be configured
/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F OUTPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT

# Set the default policies for the chains
/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT

# Set up the firewall rules
/sbin/iptables -t filter -A INPUT -i ${LOOPBACK} -j ACCEPT
/sbin/iptables -t filter -A INPUT -i ${LAN} -j ACCEPT
/sbin/iptables -t filter -A INPUT -i ${WAN} -m state --state RELATED,ESTABLISHED -j ACCEPT

# Set up the ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t filter -A FORWARD -i ${LAN} -o ${WAN} -j ACCEPT
/sbin/iptables -t filter -A FORWARD -i ${WAN} -o ${LAN} -m state --state RELATED,ESTABLISHED -j ACCEPT

# Set up ip masquerading
# Allow the boxes 192.168.0.2 and 192.168.0.227 on the Internet
/sbin/iptables -t nat -A POSTROUTING -o 192.168.0.2 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o 192.168.0.227 -j MASQUERADE


Anything obviously wrong here?
 
Old 09-27-2006, 08:15 AM   #7
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Some more information - my routing table:

Destination Gateway Genmask Flags Metric Ref Use Iface
203.220.236.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 203.221.53.*** 0.0.0.0 UG 0 0 0 ppp0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

192.168.0.1 is my wireless router; 203.221.53.*** is my dialup IP address for tonight. No idea what the 203.220.236.xxx address is.
 
Old 09-27-2006, 08:38 AM   #8
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by captainpotato
/sbin/iptables -t nat -A POSTROUTING -o 192.168.0.2 -j MASQUERADE
Anything obviously wrong here?

The ouput device -o needs to be the device not the ipaddress, try:

Code:
/sbin/iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
Or to use a source ipaddress:

Code:
/sbin/iptables -t nat -A POSTROUTING -o $WAN -s 192.168.0.2 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o $WAN -s 192.168.0.227 -j MASQUERADE

Last edited by fotoguy; 09-27-2006 at 08:44 AM.
 
Old 09-27-2006, 08:41 AM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,256

Rep: Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116
Not really a iptables guru but I would use:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

and limit the two internal IP address via a foward rule.
 
Old 09-27-2006, 09:40 AM   #10
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by michaelk
and limit the two internal IP address via a foward rule.
Yeah that would be the better way, should seen that myself
 
Old 09-27-2006, 07:16 PM   #11
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
michaelk, fotoguy - thanks for your assistance. I'll give it a shot (again) tonight.

So the error you both pointed out would therefore explain why I could ping the external IP address, but couldn't go any further? Or does POSTROUTING only deal with where the incoming information is directed?
 
Old 09-27-2006, 11:08 PM   #12
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by captainpotato
So the error you both pointed out would therefore explain why I could ping the external IP address, but couldn't go any further?

I'm no guru myself as well, but I think it's because the rule wasn't in the correct format for the rule to work so the rule could not be used to match any packets of data. So instead of change the internal ipaddress to the external ipaddress it was left as the internal ipaddress and sent out to the default gateway of the exteral ipaddress network.

A default networking standard, if a packet of data has an address that is not the same as the network it is currently on, push it out the default gateway and let the next network process the packet.

So by pinging your external ip address and having both internal and external networks, there would be information in the routing tables about both networks so the packet would know how to return back to the original host.

But if you pinged the gateway of the external ipaddress, it would receive a ping from your internal ipaddress, and since it's not on the same network it will check it's routing table for entries for that ipaddress to see where to send it, since none will exist, (unless it has been added to the routing table) it will be pushed out to it's default gateway.

Hope this helps
 
Old 09-28-2006, 07:02 AM   #13
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks again for your help, but I'm still no closer. I can still ping internally, but nothing from outside. I'm not getting any errors on the iptables setup, but I still cannot get the traffic to flow as I want it to.

I'm beginning to wonder whether it's something else that is causing the issue, but I've no idea what else to check.

I'd be pulling out my hair by now, were it long enough to grab :P
 
Old 09-28-2006, 08:35 AM   #14
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,256

Rep: Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116Reputation: 6116
You need to change the gateway to ppp0
 
Old 09-30-2006, 09:02 PM   #15
captainpotato
LQ Newbie
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by michaelk
You need to change the gateway to ppp0
On which box? The following is the route table from the box with the modem:

Destination Gateway Genmask Flags Metric Ref Use Iface
203.220.236.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 203.221.52.xxx 0.0.0.0 UG 0 0 0 ppp0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

I'm assuming the gateway is set correctly here because I'm able to be online using it.

The wireless router only lets me set the gateway to the 'Internet port', which is the specific ethernet port on it to which one normally connects the broadband modem. If I plug the modem box into it, I don't seem to be able to get the two to talk, so i've got it plugged into one of the LAN ports on the router.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to route thru virtual interfaces? huseki Linux - Networking 4 03-14-2006 08:13 AM
How to Transfer files between Linux machine and Window Machine rktech83 Linux - Networking 7 03-14-2006 03:10 AM
natting traffic between 2 interfaces nukenstien Linux - Networking 2 02-13-2005 11:12 PM
Traffic on both interfaces geomonap Linux - Networking 1 01-13-2005 02:56 PM
Wireless traffic stomps isdn traffic on gateway machine Radix999 Linux - Wireless Networking 0 11-14-2003 12:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration