LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-24-2004, 05:51 PM   #1
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Rep: Reputation: 0
Question iptables masquerade deconfliction


I have 2 NIC's eth0 (external) and eth1 (internal). I want eth1 to serve dhcp to win machines. When I activate eth0, the internet works. When I activate eth1, the internet stops. The win machines and redhat can ping each other when eth1 is active, but the internet can not be reached. I don't think this is a problem w/ dhcp, but rather with iptables or some other conf file of which I am no aware. The contents of iptables is as follows:

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

I would appeciate any help. I have looked into masquerading and iptables but the explanations are quite esoteric and cryptic. To me it would seem that both NICs think that they are connected to the internet and once both are active, redhat does not know which way is external and which is internal.

Thanks
ttucker
(you'll laugh, you'll cry, you might even get a cheap laugh)
 
Old 07-25-2004, 12:16 AM   #2
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi ttucker,
Your firewall rules applies the same rules to both networks. I don't know the tool you used to build the rules but I guess in this tool there is a way for you to say which ethernet is the world and which is local and, also that your machine is the gateway and must do masquerade. The reason your local net works when eth0 is down is, probably, the firewall rules are applied only when this connection is up.
 
Old 07-25-2004, 06:41 PM   #3
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
try to fix it with

I tried fixing the problem of both NIC's competing by removing GATEWAY=192.168.0.0 from ifcfg-eth1.txt. So now it looks like this.

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.0.0
NETMASK=255.255.255.0
TYPE=Ethernet
USERCTL=no
PEERDNS=no
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
HWADDR=00:0c:41:e5:5f:c7

However, this appears to just disable an active device. Before, neither cards could reach the internet but the internal one could reach the workstations. Now the external card can reach the internet, but the internal card cannot reach the workstations. So I'll restore GATEWAY=192.168.0.0, and I'm right back where I started. Any ideas?

ttucker
(It'd be an even better day Diane if you weren't reminding everyone of their grandmother's clevage.)
 
Old 07-25-2004, 06:57 PM   #4
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi ttuker,
The internet address is composed of 4 characters, for which we use decimal notation separated by dots. So, the internet address range goes from 0.0.0.0 to 255.255.255.255. After this concept was implemented, the scientist felt the need to create sub-nets in this address range for the routers discover easily if a message was for a near computer or have to use some router. So, they established the concept of netmask. The netmask, applied over the address as a binary and will give you the subnet part of the address. The remaining bits are used to identify the station into that subnet. Based on this concept, the address of a network or subnetwork always ends with the remaining bits zeroed. And this address is reserved as "network address". This same network address with all remaining bits on is also reserved and known as "broadcast address". Your board IP address is "192.168.0.0" which is the network address. You must change the last number to a value different of zero. Remember, the address range of your type of network goes from "192.168.0.1" to "192.168.0.254".
I hope it helps!
 
Old 07-25-2004, 08:10 PM   #5
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
take 2, a little progess

O k ....
After changing the subnet to 192.168.0.1, starting dhcp gets the following error message:

dhcpd failed. The error was: Starting dhcpd: Internet Software Consortium DHCP Server V3.0pl1
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
/etc/dhcpd.conf line 4: subnet 192.168.0.1: bad subnet number/mask combination.
subnet 192.168.0.1 netmask 255.255.255.0
^
Configuration file errors encountered -- exiting

If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.

If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the dhcp-server@isc.org
mailing list, please read the section on the README about
submitting bug reports and requests for help.

Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.

exiting.
[FAILED]

On the bright side, this setup now allows the workstation and internal NIC to see each other for some reason that I do not understand, this is with the absence of GATEWAY=192.168.0.1.

So to recap the progress:
internal NIC - 192.168.0.1
dhcp now gets error message
no GATEWAY=192.168.0.1 in ifcfg-eth1.txt
internal NIC and workstation can ping each other

Things are moving forwad, I think.

Thanks,
ttucker
(And now here's Diane being a bitch, Diane)
 
Old 07-25-2004, 08:50 PM   #6
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi ttucker,
Now we have to configure "/etc/dhcpd.conf". Its global section should appear like as
Code:
authoritative;
ddns-update-style             none;
default-lease-time            21600;
max-lease-time                21600;

server-name                   <YOUR-SERVER>;
option subnet-mask            255.255.255.0;
option broadcast-address      192.168.0.255;
option routers                192.168.0.1;
option domain-name-servers    <YOUR-DOMAIN-NAME-SERVER>;
option domain-name            "<YOUR-DOMAIN>";
Use the above as an example. Don't discard the rest of your dhcpd.conf. I'm showing just a piece of. If you have problems, please, post it for we try to fix it. Remember, your server is the gateway for your clients only when they try to reach the outside internet.
 
Old 07-26-2004, 06:30 PM   #7
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
take 3, not working for me

Yeah, ... , didn't do much good with a slightly modified dhcpd.conf. The same error persists. Here is dhcpd.conf:

authoritative;
ddns-update-style none;
ignore client-updates;

subnet 192.168.0.1 netmask 255.255.255.0 {

# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.1;
option broadcast-address 192.168.0.255;
range 192.168.0.2 192.168.0.31;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers ttucker.domain.org;

# host apex {
# option host-name "apex.domain.org";
# hardware ethernet 12:23:34:45:56:67;
# fixed-address 192.168.0.3;
# }
option time-offset -18000; # Eastern Standard Time
option ntp-servers 192.168.0.1;
option netbios-name-servers 192.168.0.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 192.168.0.32 192.168.0.40;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
# host ns {
# next-server marvin.redhat.com;
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address 207.175.42.254;
# }
}

As you can see it looks pretty normal minus a MAC address I took out for show. Any ideas? I haven't got a clue.

Thanks everyone so far,
ttucker
(Well I guess this proves that beggers can be choosers.)
 
Old 07-26-2004, 06:34 PM   #8
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
and one more thing

Pay no attention to:
option subnet-mask 255.255.255.1;
It was a crap shot idea. 255.255.255.0 got the same error.

OK
ttucker
 
Old 07-26-2004, 08:14 PM   #9
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
After some research

I did some digging and got dhcp to work. All I needed to do was change the subnet to 192.168.1.0. So now dhcp starts up, the server can see the internet and the workstation, and the workstation can ping the server. However, I still can't get to the internet from the workstation. I read that firewall rules might be restricting access so I ran Lokkit and configured the firewall through the GUI. Here is iptables now:

# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s xxx.xxx.xxx.xxx --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s xxx.xxx.xxx.xx --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s xxx.xx.xxx.xx --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

It is a little different from the last time. Ignore the x's. I am wondering if the line,
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
should say tcp instead of udp. Any thoughts. Also, I am pretty sure that I should use cross-over cable between the server and workstation, no?

Thanks to all who helped me get this far, there is only a little bit left,
ttucker
(Don't smile any harder Diane or you'll give us all diabetes.)
 
Old 07-27-2004, 12:04 AM   #10
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi ttucker,
If your server can see the station and vice-versa, your cable is correct. If you don't have a hub or a switch you really needs to use a utp cross-over.
Well, let's talk a little about protocol. We have three types of transport protocol: udp (User Datagram Protocol), tcp(Transmission Control Protocol) and icmp(Internet Control Message Protocol). The first is used when we don't need to grant the proper arrival of the message to the receiving side. If the receiver doesn't answer us in a pre-determined time, we can send it again. The second (tcp) is used when we need the message arrive at destination reliably, as when we do ftp. The third is used for control as when we ping some other station. For several types of message, we can use alternately udp or tcp. You and I don't decide the use of one or the other but our computer does it based on the system software. Specifically talking about dns, there are the two options. This port you are showing is bootpc(67)/bootps(68). These are used by dhcp.
By your firewall rules, you would may serving DHCP to the whole world, as you have a rule for eth0 and one for eth1. Besides this, there are redundancy of rule as all udp rules show "-p udp -m udp. The "-p" means "protocol" and "-m" means "matches". If the protocol is udp, it matches udp. This clause is to be used for other purposes. Another problem I see, I don't see any rule authorizing to send a request to a dns server. All the rules presented are for answers. If a dns server does not receive a request, it doesn't answer.
Yesterday, I suggested Davidrios to get out of this RH-Lokkit, and today I received a post where he said he installed "firestarter" and now he can share the internet with a few problems. The links I passed to him was [uri]http://www.linuxguruz.com/iptables[/uri]. This is a big list of firewall scripts, tutorials an howtos. I searched for firestarter in this list and I didn't find it. However here is a link to this project in freshmeat [uri]http://freshmeat.net/projects/firestarter[/uri].
Just for you get a picture: the ethernet you use to connect to the internet is the front door of your home. You must keep it always closed. Everybody who wants to enter your home must knock the door and you will decide if he/she is permitted to enter. The people you have inside home are your relatives and you normally doesn't interfere in his/her affairs. But when somebody goes outside, at return, who is inside must verify if who is knocking out there is a relative or an alien, if deserves access or not; if you will say you don't want to attend him/her or you will pretend nobody is home. This are the rules to open the home door or, in our computer, the firewall.
Returning to the dhcp, does your client computer have dynamic ip or static to work with all the problems you have in the service dhcp?
Waiting you back, I wish luck!
 
Old 07-29-2004, 08:23 PM   #11
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
Nope

Thanks for the suggestion, but it didn't work. The iptables uri didnt work and firestarter didn't help.
Anyone have any iptables suggestions or ways to test dhcpd to see if it is doing its job?
Ugh this bites. So close.

ttucker
(And now a report on the clitoris, nature's rubix cube.)
 
Old 07-29-2004, 08:49 PM   #12
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi ttucker,
I'm sorry but by [uri] I was trying to display an url. This is vB code used in this site. The address I was trying to show you is http://www.linuxguruz.com/iptables. If now it looks ok, you see the real link.
 
Old 08-01-2004, 01:05 PM   #13
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
Nope

Still not working
No clue what is going on.
So to recap:
server:

subnet 192.168.1.0 netmask 255.255.255.0 {

# --- default gateway
server-name ttucker;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
range 192.168.1.2 192.168.1.31;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;

host apex {
option host-name "apex.domain.org";
hardware ethernet 00:0C:6E:54:46:5E;
fixed-address 192.168.1.3;
}
option time-offset -18000; # Eastern Standard Time
option ntp-servers 192.168.1.1;
option netbios-name-servers 192.168.1.1;

client:
Ip address: 192.168.1.3
Subnet mask: 255.255.255.0
Default Gateway: 192.168.1.1
Preferred DNS server: 192.168.1.1

and I have also tried using the internet DNS: xx.xxx.x.xxx
I have tried it with static and with dynamic
the server and workstation can see each other
I tried dhcpd -d -f and i got this

[root@localhost root]# dhcpd -d -f
Internet Software Consortium DHCP Server V3.0pl1
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/eth1/00:0c:41:e5:5f:c7/192.168.1.0/24
Sending on LPF/eth1/00:0c:41:e5:5f:c7/192.168.1.0/24

No subnet declaration for eth0 (xx.xxx.xx.xxx).
** Ignoring requests on eth0. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth0 is attached. **

Sending on Socket/fallback/fallback-net
There's already a DHCP server running.

I am wondering about:
option ip-forwarding off;
in dhcpd.conf
or:
255.255.255.255 dhcp
in etc/hosts
And what is going on with those 0 Leases lines. I've got var/lib/dhcp/dhcpd.leases but there is nothing in it.

I tried:
route add -host 255.255.255.255 dev eth1

Thanks,
ttucker
(I've got wood. ... And on this piece of wood ...)
 
Old 08-01-2004, 04:06 PM   #14
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi Ttucker,
I have researched this days. I suggest you to go to the following link http://easyfwgen.morizot.net/gen/. It is a online firewall generator. You can easily specify your rules and, at the end, it will give you the firewall script.
About your dhcpd.conf, when you ran it, it told you that there is already one dhcpd running. As you use RH, always use "service dhcpd restart" to restart it. Alternately, you can enter "killall -HUP dhcpd; dhcp". The first command will send HANGUP signal to any dhcpd is running, and after the semi-colon, you start it again. You don't have to worry about the warning "eth0", as eth0 is your connection to the internet and you don't want to serve DHCP to all the machines in the world. As a supplement, I'm attaching the dhcpd.conf of my internet access box in the office. This machine has 4 nics, 1 for pppoe, 1 for my department, which has fixed address and the other 2 nics, 1 serving dhcp for 10.0.0.0/255.255.255.0 and the other for 10.16.1.0/255.255.255.0. You can see the definitions are so simple and for each line, the dns server and router addresses are specific to this board. However, both refer to the same machine, which is the box "dis_gw". You can also see I use a unconventional domain name. This is my company. My objective is to don't try to resolve any local address out of my domain. I never read any domain instruction, even example, but domain names are just names. The public domains are responsibility of the root domains and I think that, if I do a configuration mistake using a public domain, the dns protocol will eventually disturb any root server. This is the reason you will not see any of my examples with ".com" or ".org" or ".net" or ... Here it is
Code:
~# cat /etc/dhcpd.conf
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

ddns-update-style               none;
default-lease-time              21600;
max-lease-time                  21600;

server-name                     dis_gw;
option subnet-mask              255.255.255.0;
option domain-name              "dis";

shared-network WORKSTATIONS {
        subnet 10.0.0.0 netmask 255.255.255.0 {
        option broadcast-address        10.0.0.255;
        option routers                  10.0.0.254;
        option domain-name-servers      10.0.0.254;
        authoritative;
        pool {
                range 10.0.0.1 10.0.0.20;
                }
        }

        subnet 10.16.1.0 netmask 255.255.255.0 {
        option broadcast-address        10.16.1.255;
        option routers                  10.16.1.254;
        option domain-name-servers      10.16.1.254;
        authoritative;
        pool {
                range 10.16.1.1 10.16.1.20;
                }
        }
}
I would suggest you to get this configuration, exclude the subnet 10.0.0.0 declaration, replace the addresses "10.16.1" with "192.168.1", replace "dis" and "dis_gw" with your server name and domain and give it a try.
It is easy to debug the protocol. You just have to look at the "/var/log/messages". All the protocol development appears in it. Enter "tail -f /var/log/messages" as root in one of the consoles to see the things happening real time. Here I'm putting an excerpt of the log which you have to expect.
Code:
Jul  6 18:17:29 dis_gw dhcpd: Internet Software Consortium DHCP Server V3.0pl2
Jul  6 18:17:29 dis_gw dhcpd: Copyright 1995-2003 Internet Software Consortium.
Jul  6 18:17:29 dis_gw dhcpd: All rights reserved.
Jul  6 18:17:29 dis_gw dhcpd: For info, please visit http://www.isc.org/products/DHCP
Jul  6 18:17:29 dis_gw dhcpd: Wrote 21 leases to leases file.
Jul  6 18:17:29 dis_gw dhcpd: Listening on Socket/eth2/WORKSTATIONS
Jul  6 18:17:29 dis_gw dhcpd: Sending on   Socket/eth2/WORKSTATIONS
Jul  6 18:17:29 dis_gw dhcpd: Listening on Socket/eth1/WORKSTATIONS
Jul  6 18:17:29 dis_gw dhcpd: Sending on   Socket/eth1/WORKSTATIONS

Jul  6 19:47:45 dis_gw dhcpd: DHCPDISCOVER from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:47:46 dis_gw dhcpd: DHCPOFFER on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:47:51 dis_gw dhcpd: DHCPDISCOVER from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:47:51 dis_gw dhcpd: DHCPOFFER on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:47:51 dis_gw dhcpd: Wrote 21 leases to leases file.
Jul  6 19:47:51 dis_gw dhcpd: DHCPREQUEST for 10.16.1.20 (10.16.1.254) from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:47:51 dis_gw dhcpd: DHCPACK on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2

Jul  6 19:49:42 dis_gw dhcpd: DHCPREQUEST for 10.16.1.20 from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 19:49:42 dis_gw dhcpd: DHCPACK on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2

Jul  6 20:32:19 dis_gw dhcpd: DHCPREQUEST for 10.16.1.20 from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 20:32:19 dis_gw dhcpd: DHCPACK on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2

Jul  6 20:34:44 dis_gw dhcpd: DHCPREQUEST for 10.16.1.20 from 00:40:c7:2d:93:e6 (norton) via eth2
Jul  6 20:34:44 dis_gw dhcpd: DHCPACK on 10.16.1.20 to 00:40:c7:2d:93:e6 (norton) via eth2

Jul  6 20:40:03 dis_gw dhcpd: DHCPINFORM from 10.16.1.20 via eth2
Jul  6 20:40:03 dis_gw dhcpd: DHCPACK to 10.16.1.20
The empty lines into this log represents other messages not related to dhcpd.
 
Old 08-01-2004, 05:50 PM   #15
ttucker
LQ Newbie
 
Registered: May 2004
Location: TX. boo TX
Distribution: RH 9
Posts: 12

Original Poster
Rep: Reputation: 0
Awesome, it works!

Well now I got the leases file recieving an entry.
I used the dhcpd.conf file suggested and the iptables script generated by that website.
I can ping the internet from the workstation.
But I can not get to the internet from the workstation through my browser.

...

check that ...

I changed the DNS setting in dhcpd.conf to my isp's DNS and HPFM it worked!
This is so freaking awesome.
Oh yeah, and ever since I started running that firestarter program, I've noticed so many hits.
What the hell do I do about this mess?
Is this a job for ethereal?


ttucker
(Neil? I've been calling him Ned all week)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables Masquerade Broken in Mandrake 10? lnxconvrt Mandriva 7 06-10-2004 06:33 AM
iptables - true nat AND masquerade rebuke Linux - Security 3 11-11-2003 02:02 PM
Masquerade - iptables amphion Linux - Security 6 06-08-2003 09:59 PM
Iptables Forward + Masquerade + Vmware ! sapilas Linux - Networking 2 12-07-2002 06:18 PM
RedHat 7.1 iptables masquerade setup sromej Linux - Networking 1 07-13-2001 01:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration