Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-25-2004, 01:02 AM
|
#1
|
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Rep: 
|
masquerade problem (internet sharing)
The situation is, two boxes, both running slack 9.1. One is called "Frank" and one is called "Iridium". Frank is running 2.4.24 kernel, Iridium is running 2.6.4.
Frank connects to the internet using a dial up modem and I want to access the internet using both machines. They are connected with a crossover cable from eth0 to eth0.
A few details.
Frank :
eth0 Link encap:Ethernet HWaddr 00:C0:26:15:72:CD
inet addr:192.168.1.127 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x6400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.194.10.148 P-t-P:203.194.30.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:20656 errors:63 dropped:0 overruns:0 frame:0
TX packets:21052 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2658661 (2.5 Mb) TX bytes:4229582 (4.0 Mb)
that is a dynamic ip address from my ISP there in ppp0.
Module Size Used by Not tainted
ipt_MASQUERADE 1272 1 (autoclean)
iptable_nat 15928 1 (autoclean) [ipt_MASQUERADE]
ip_conntrack 18120 1 (autoclean) [ipt_MASQUERADE iptable_nat]
iptable_filter 1644 1 (autoclean)
ip_tables 12288 5 [ipt_MASQUERADE iptable_nat iptable_filter]
ppp_async 7552 0 (autoclean)
ppp_generic 15452 0 (autoclean) [ppp_async]
slhc 5040 0 (autoclean) [ppp_generic]
uhci 24496 0 (unused)
usbcore 58400 1 [uhci]
ne2k-pci 5504 1
8390 6000 0 [ne2k-pci]
crc32 2880 0 [8390]
ide-scsi 9424 0
Frank looks good to go. I run this script to get him routing :
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local setup commands in here:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
All seems well. No problems, listing iptables shows these entries. The ip_forward is verified as set to 1. Should be good. Over to Iridium :
eth0 Link encap:Ethernet HWaddr 00:E0:4C:E8:22:3C
inet addr:192.168.1.98 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6792 (6.6 Kb) TX bytes:4007 (3.9 Kb)
Interrupt:5 Base address:0xd800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
Looks fine. Frank and Iridium can see each other no problem, ftp, ssh, ping. I can get internet through ssh forwarding X even. They talk. I make a gateway entry for Iridium.
root@iridium:~# route add default gw 192.168.1.127
This goes into the routing table. At this point I expect things to work, but, there is no routing. Where did I drop the ball ?
|
|
|
|
|
04-25-2004, 01:19 AM
|
#2
|
|
Senior Member
Registered: Oct 2003
Location: Zurich, Switzerland
Distribution: Debian/unstable
Posts: 1,357
Rep:
|
Looks quite fine.
Those rules should allow you to send packages behind the firewall doing nat. Problem is that packages recieved back are not accepted. Rule
Code:
iptables --append FORWARD --in-interface ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
should do it. |
|
|
|
|
04-25-2004, 08:51 AM
|
#3
|
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Original Poster
Rep:
|
Thanks for the reply ToniT.
Alas, adding this rule did not change the situation (my default policy is accept for all my filter chains ... ). It's a strange one. The first time I did it it seemed to work too, I typed in the bits and pieces and it worked (I may just be losing my grip on reality though). Fine, I say to myself, I'll script this and everything will be great. But no.
|
|
|
|
|
04-25-2004, 09:27 AM
|
#4
|
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Original Poster
Rep:
|
All solved. I had failed to add nameserver entries to /etc/resolv.conf silly me. I was duped into thinking everything was ok the first time because after the setup, I yanked the modem from iridium, my main box, and plugged it into frank, dialled up with frank and it was working - because kppp had entered nameserver info temporarily to my /etc/resolv.conf on iridium from the earlier dial up, which obviously did not happen subsequently. Thanks again ToniT for having a stab.
|
|
|
|
|
04-27-2004, 09:24 AM
|
#5
|
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,169
Rep:
|
Looks all dastardly linuxy, I've sent it to myself to try out: BUT: it seems to me that dchp is the more elegant solution, as, given I get it working, I can add a pc or laptop, tell it to respond to dchp, and that was it. So my Linux User mag.
So, any tips on dchp?
And I would be interested to know how you see say, Iridium from Frank? Mounted under Iridium, or how do you actually see it. I presume you have a fairly similar set up on both pcs.
Thanks Peter
|
|
|
|
All times are GMT -5. The time now is 12:57 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
