Internet gateway with suse 9.0 pro or nat. I got it distribute dhcp, and now I am trying to do so computers on my home network would be able to get on the internet. Allso the firewall that it comes with is not really secure, I did a shields up test so most of my ports are visible, I am looking for a firewall that can do masquerading, open and close ports with iptables and port forwarding, and easy set-up, thx.

This is what I got from your post.

SusE is providing DHCP to your network.
SusE has two network cards, eth0 and eth1
SusE can get to the internet and resolve addresses

If all this is true, then here's my suggestions

1. Set eth1 to a statice IP.
2. Download this firewall script which is well documented and edit it according to your needs
The firewall does NAT, Enables IP_Forward, in my mind pretty secure
3. Execute the firewall on boot

yep, eth0 goes on the net, and eth1 provides dhcp.

how do I do that, the script is .sh. whats the command .

or do I run it with ./file.sh, but that make execute at boot.


Thx..

You'll likely have to make the file executable with if you like, you could add it to /etc/rc.d as well

ok, I have screwd up my suse 9.0 up again. so give me a few days, b4 I will get it back running. I have physed on saturdays, and sundays, so on monday, I should have some time to work on it. well thx. it is an easy script. but since my server will be running 24/7 I can manually run the file if I will restart the system. so I guess I dont really have to put in into rh.d

it aint working, I cant get on the internet

You'd have to be a little more specific. Can it get to the internet but just won't NAT for the rest of the network? Is it that nothing can get to the internet? Do the NIC have IP addresses?

More info would help

well, the script that you gave me, i have modified it to tell it which is my internal network and which one is my expternal network, and what is my gateway of the dhcp server. but when I run the script after I have chmod 755 file.sh. sh -x file.sh I get bunch of errors, like every sigle line of the code gives me probles, like it does not find the commands, or cannot find something, or something is not working when it tryes to execute file.sh. Allso nothing happends when I put it in /etc/...../ folder, I mean after I restart my suse 9.0 pro. But my dhcp works fine, samba works great, other than I cannot get on the net from the mashines that connect to suse. while suse still gets on the net. I have allso tryed to use the firewall that comes with suse, but it just shuts off all of the external network which runs on a different dhcp server, which means after I shut down suse, my network is perfectly fine. here is to visual of my network.

adsl modem->e-smith server which acts as nat,internet gateway,ftp,webserver,(poor firewall cofiguration),dhcp->hub->suse-test server
->computers

here is what I am trying to do.

adsl modem->suse(dhcp,configurable firewall,web,ftp,internet,other servers)->other computers on my network.

the computer which I am testing out suse is pII 350 with 400meg ram.

the that will run suse server and other servers will be and Amd K6-2 550mhz 400 or more ram.( it is currently running Sme(e-smith server))

the reason why I am trying out suse is because it is more confugurable than other Linix distribution( that I have tryed), and allso sme server sucks when it comes to make a game server, no one can see or join the game that I make, even thogh that I do port forwarding, and the other modules that come for it are in beta so they dont work properly. and allso it laks the abile to add other server modules, and has a lot probles one you try to install gcc and similar components.

thx..

Post the error message. If its that the command IPTABLES doesn't exist, then set the "$IPTABLES=/location " line to the correct location. It should be /sbin. If you changed the script, You'll likely have to show the parts your change and what the desired outcome of those changes were supposed to be.

Here's what I tried to decipher from your post
1. The SusE server can get to the internet which is grabbing a DHCP address from the DSL provider. (ETH0)
2. You've set the ETH1 to your private IP address.
3. Your DHCP is working, meaning your internal clients are getting the private network address's from SusE.


Since the clients are not getting out to the internet, check

contents of /etc/resolv.conf {make sure its picking up the ISP's nameservers}
Do an ipconfig/ifconfig on clients to see if they are recieving the IP address, gateway, and DNS address from SusE
contents of /proc/sys/net/ipv4/ip_forward {if SusE forwarding traffic}
list iptables to find out what is really going on.
possibly re-download the firewall script cause I don't know what you changed.


With the info you gave me, thats the best I can do for now. If you post more info or the items above, I can likely help more.

here is the error that it gave me, and the only thing I have changed in the script file was my internal network ip adress.

suse-testing:~/Desktop # sh -x my_firewall.sh > output
+ FWVER=0.80s
+ $'\r'
: command not founde 6:
+ $'\r'
: command not founde 32:
+ $'\r'
: command not founde 33:
'.\nho -e '\nLoading STRONGER rc.firewall - version 0.80s
+ $'\r'
: command not founde 35:
+ $'\r'
: command not founde 36:
+ IPTABLES=/usr/sbin/iptables
+ LSMOD=/sbin/lsmod
+ DEPMOD=/sbin/depmod
+ MODPROBE=/sbin/modprobe
+ GREP=/bin/grep
+ AWK=/bin/awk
+ SED=/bin/sed
+ IFCONFIG=/sbin/ifconfig
+ $'\r'
: command not founde 48:
+ $'\r'
: command not founde 49:
+ EXTIF=eth0
+ INTIF=eth1
' echo ' External Interface: eth0
' echo ' Internal Interface: eth1
' echo ' ---
+ $'\r'
: command not founde 66:
++ $'/sbin/ifconfig\r' $'eth0\r'
: No such file or directoryin/ifconfig
++ $'/bin/awk\r' $'\r'
: No such file or directoryn/awk
/{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'
/{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}: No such file or directory
+ EXTIP=
+ $'\r'
: command not founde 108:
' echo ' External IP:
' echo ' ---
+ $'\r'
: command not founde 111:
+ $'\r'
: command not founde 112:
+ INTNET=192.168.10.0/24
+ INTIP=192.168.10.1/24
' echo ' Internal Network: 192.168.10.0/24
' echo ' Internal IP: 192.168.10.1/24
' echo ' ---
+ $'\r'
: command not founde 119:
+ $'\r'
: command not founde 120:
+ $'\r'
: command not founde 121:
+ $'\r'
: command not founde 122:
+ UNIVERSE=0.0.0.0/0
+ $'\r'
: command not founde 126:
+ $'\r'
: command not founde 129:
' echo ' - Verifying that all kernel modules are ok
+ $'/sbin/depmod\r' $'-a\r'
: No such file or directorysbin/depmod
+ $'\r'
: command not founde 134:
' echo -en ' Loading kernel modules:
+ $'\r'
: command not founde 136:
+ $'\r'
: command not founde 147:
+ $'\r'
: command not founde 154:
' echo -en 'ip_tables,
my_firewall.sh: line 577: syntax error: unexpected end of file

Certain editors will create a line break. The only thing I can think of is the "/r" lines which are completely blank lines should be deleted. Which editor do you use? VI shouldn't do that as it wraps lines.


Simply put, open the file with VI and move the cursor to each line that is blank. press dd to delete that line. Do this for the entire script.

well I have edited the file in windows, then I just copied it over to suse
oh well, I will use vi, so give me like 10 to 15 min, I will try it out.

well, the script worked really, well. Testing if other systems can go on the net.
Nope, my other systems just get the dhcp adress and thats it, they still dont go on the net.

suse it self can go on the net. I will try restarting suse.
here is the output

Loading STRONGER rc.firewall - version 0.80s..

External Interface: eth0
Internal Interface: eth1
---
External IP: 192.168.2.21
---
Internal Network: 192.168.10.0/24
Internal IP: 192.168.10.1/24
---
- Verifying that all kernel modules are ok
Loading kernel modules: ip_tables, ip_conntrack, ip_conntrack_ftp,
iptable_nat, ip_nat_ftp
---
Enabling forwarding......
Enabling DynamicAddr..
---
Clearing any existing rules and setting default policy to DROP..
Creating a DROP chain..

- Loading INPUT rulesets
- Allowing EXTERNAL access to the WWW server
- Allowing EXTERNAL access via SECURE SHELL
- Loading OUTPUT rulesets
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
- NAT: Enabling SNAT (MASQUERADE) functionality on eth0

The FIREWALL Rules are in Place.

pc-00021:~/Desktop #

That all looks good.

However if ETH0 is 192.168.x.x than it isn't your ISP's assigned address. If you are double NAT'ing, that can cause worse problems.