Another one from noob

I have loaded a system with fedora 4, and trying to use it as a gateway/firewall...

I have a few XP systems behind this gateway, the gateway is dialing up using ppp0...

The gateway has two nics eth0 and eth1. ppp0 uses eth0 and eth1 goes to my switch. I have enabled ip packet forwarding under /etc/sysctl.conf.

From the gateway i can ping google and also ping my xp systems. But cannot ping my gateway from my Xp systems.

Other info:

resolv.conf is set to isp's DNS address
my domain controller is also my DNS server for local pc addresses
I have tried this project with default masquerading firewall that ppp0 loads and also with iptables stopped completely.

I would appreciate any help possible...

hi there

what do u get when u run

ipconfig
and
tracert google.com
on windows machines

and on Linux machine run

route -n

and post all the output here

regards

I can only give you those results tomorrow, but if it would help, I used the Tutorial from this page exactly, the only difference being that i did not make use of the DHCP and DNS sections, and of course that I'm using ppp0 on eth0...

Should I do anything different when using adsl connection on eth0(ppp0)???

Please help, this looks like such a simple project, yet I cannot succeed, I've even reloaded my system...to no avail...

PS: Just a correction to my original thread - I can actually ping my gateway from my Xp systems, but cannot ping the external IP(eth0) or any website or external(outside my network) ip...

well it is simple

you just need to enable
masquerade and ip_forwarding at Linux system
so,are u sure masquerading and ip forwarding are working?

and set default gateway on win machines as that of Linux machine

regards

Well, I know that masquerading is enabled, and so is ip_forwarding, but is there a way of testing whether forwarding is working?

If I run traceroute from windows system, it only points out 192.168.0.30(gateway ip), then nothing further.

I can now from my windows machine ping the eth1(192.168.0.30) and also the ip assigned by the isp to ppp0(eth0).

I'm really getting desperate now, this should be such a simple procedure, but I just can't get it going...

welwhat do u have in /etc/sysctl.conf file

also what rule have u made for masquearding??
how do enable masquerading??

hi,

have all your xp machines been configured to use the DNS server as that of your ISP's? because what u r trying to do is a basic NAT. Even if you are sure that masquerading is working, just try out the following command :-

iptables -t nat -L

it should show you a line that says MASQUERADE under the POSTROUTING chain.

I would suggest you do the following :-

enable NAT on the linux box with the following command :-

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Then type the following command :-

echo 1 > /proc/sys/net/ipv4/ip_forward

Just see to it that you have configured the default gateway as 192.168.10.30 on all the XP machines and also, these XP machines need to be configured to use the ISP's DNS Servers for name resolution.

This works fine for me as even I am using an ADSL connection using a router (not a modem). Hope this solves your problem

I have now tried it all...

I have even resorted to removing the adsl connection itself and replaced that with just another system on a different network, then used my linux box(192.168.0.30) as just a plain router. From my one xp machine i can ping both eth card of linux box, but it still does not let traffic through the "router". I have loaded debian on this box and tried the same config thinking it was maybe something wrong with Fedora, but to no avail.

I have even tried connecting without the firewall enables, just the ip packet forwarding enabled, but still no go...

Any suggestions?

as i mentioned last

how do u make sure that u have masquerading enabled??

only " ip packet forwarding " won;t work for u

regards

I have an old Pentium MMX to be converted into a firewall. In your case, GiX it would be maybe best to implement a distribution called coyote linux. That is a distro especially modified for routers and probably do what you want. It is copied to a floppy. As a floppy disk is limited in space, you need to specify wich drivers are needed for your comp. Then also answer a few questions, like, do you need DMZ(demiltarized zone) and some other questions. Then the installation program prepares a floppy image, i guess, and places it on your floppy. But in fact i stopped with this work somewhere in the middle, as i moved to other place I live in. But now in fact i am installing Slackware on that router machine as I want a proxy too. My wish is to use it as a free wireless network router. First just the router, then slowly add features like proxy, DMZ (for an external server with sendmail, appache and maybe something else). But for now only the router. I also postpone using my wireless card as it is a hard problem itself, on wich i have spent lots of time already. From router machine i can ping external sites. Activated IP_forwarding that was ment during installation. Maybe you can suggest a good source for information where to continue?

I second the previous posting suggesting using Coyote Linux (www.coyotelinux.org).

- Very simple to configure.
- Has a wizard to create the boot floppy on a windows machine.
- Http configuration.
- SSH access.
- Will even run on an old 486 with 16Mb of RAM.