I am trying to make my Red Hat Linux 8.0 machine to act as an internet gateway.

I have a Red Hat Linux machine with a dial up modem connecting to the Internet. This works OK.
I have a Windows NT machine connected to the Linux machine by an ethernet cable. The connection between the 2 PC’s is OK, in that each can ping the other.

The IP address on the Linux machine is 192.168.1.2 and the subnet mask is 255.255.255.0

I have enabled IP forwarding on the Linux machine by editing the /etc/sysctl.conf file and changing the value on the appropriate line from 0 to 1, and restarted the machine.


The NT machine has its IP address set to 192.168.1.1 and the subnet mask is 255.255.255.0

On the NT machine I have configured Internet Explorer to use a Proxy Server, and set the address of the Proxy to 192.168.1.2 (the IP of the Linux machine) and the port to 80.

I had hoped that this would enable me to reach the internet from the NT machine, but it doesn’t.

I have read somewhere that this should work without installing Proxy software on the Linux machine.

What have I missed?

Any advice will be much appreciated.

It's not a "Proxy" function to go through another pc to the Internet...

It's called Gateway or Masquerading...

Change the Gateway setting in the local pc's to the Linux ip number, remove the Proxy setting in the browser...

You will also need to add a POSTROUTING rule in the firewall to masquerade the LAN numbers to the external ip number.

do you have iptables installed? Do you know what your firewall rules currently look like?

-Kevin

I wasn't aware of the firewall rules. I just accepted all the defaults when I installed RH8. I tried to add the POSTROUTING rule as Peter suggested, and after this, Linux would not start up. It let me log in but then froze on the logo screen. Not knowing where to go from here, I reinstalled Linux. This time I selected customise the Firewall and said allow TCP/IP WWW & SSH. Is this right? Not had time to test it yet, (its keeping me up late at nights).

try this:

http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

look for example 2.

hth.

My iptables file is as below

# Generated by iptables-save v1.2.6a on Sun Jan 26 00:04:01 2003
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:60]
:OUTPUT ACCEPT [1:60]
-A POSTROUTING -o ppp0 -j SNAT --to-source 192.168.1.2
COMMIT
# Completed on Sun Jan 26 00:04:01 2003
# Generated by iptables-save v1.2.6a on Sun Jan 26 00:04:01 2003
*filter
:INPUT ACCEPT [723:287230]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [795:99830]
COMMIT
# Completed on Sun Jan 26 00:04:01 2003


I looked at the tutorial suggested, but I think it was written for Red Hat 7.1, RH 8.0 seems not to accept some of the lines they suggest.

I have set the gateway on my NT box to 192.168.1.2 (which is the RH box).

The tutorial says that I should set the DNS to that of the ISP on the internet.

I tried pinging my ISP's name from the RH machine and got an IP address returned. I can ping this IP address from the RH machine. Should I also be able to ping it from the NT machine?

I got the Postrouting syntax from the Red Hat Linux 8 for Dummies book.
Worryingly I have found several mistakes in other parts of the book. Is this wrong too?

The SNAT rule is definitely wrong!!!

It needs to reference your EXTERNAL ip number so that packets know where to come back to.
192.168.xxx.xxx is a local number to any machine.

Most times with dial-ups it is better to have this rule instead...
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

This takes care of the dynamically changing numbers from the ISP
There are a lot of rules you will need to add to protect yourself.. This tutorial is very comprehensive and has sample scripts at the end...

Thank you Peter, I am making some progress, though not there yet.
I used your line

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

and I can now ping my ISP or any other external IP address from my NT machine.

I put the IP address of my ISP in the DNS Service Search Order box in TCP/IP properties in Network Neighbourhood.

If I type www.google.com in the address bar of Internet Explorer I get a "Page cannot be displayed" message.

However, if I type in http://216.239.53.101 I get Google's home page.

Same with my ISP.

How do I make the Internet Explorer accept a name instead of only an IP address. I guess it is something to do with DNS, and I have tried every combination I can think of, but nothing seems to work.

You need to put your ISP's DNS servers in the TCP/IP settings of your Windows box.

-K.

This is the information supplied by my ISP

Web site URL http://www.ukonline.net/
Modem Dialup Number 0845 3331121
ISDN Dialup Number 0845 3331122
Incoming (POP3) Mail Server pop3.ukonline.co.uk
Outgoing (SMTP) Mail Server smtp.ukonline.co.uk
News (NTTP) Server news.ukonline.co.uk
Primary DNS Server Assigned
Secondary DNS Server Assigned

As you see, they do not provide any DNS information.
One of the tutorials I read, said I should put my ISP's IP address in the DNS box, but this did not work.

I have emailed my ISP with the details to see if they can help me.
I will post their response when I get it.

On client

mask: 255.255.255.0
ip: 192.168.x.x
DNS: <your server IP>
gateway: <your server IP>

that should work

Get gShield. It will set up a fully-fledged iptables ruleset for you, and it includes NAT (masquerading) support.

Unless of course you actually want to learn how iptables works...

Problem finally solved!!

UKOnline Technical support emailed their PrImary and Secondary DNS addresses.

I put these in the DNS Service Search Order box on the client.

The default Gateway on the NT client machine is the static IP address of the Linux machine.

The iptables entry:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

successfully does the IP translation.

The file /etc/sysctl.conf needs the following entry to turn on IP forwarding:

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

The default value is 0 which means IP forwarding is turned off.

I know I still have to sort out the firewall rules, but thats another story.

Many thanks to all for your suggestions.