NAT/DHCP/IP Masq Nighmare
 

I'm utterly stumped...

I'm running redhat 8.0 on a computer I built (troublesome ASUS A7N8X motherboard with dual ethernet jacks).

I want to set up a home network with the linux box acting as a internet gateway for the LAN and a web server. So far, I've managed to connect the linux machine to a router, which is in turn connected to the cable modem. The linux box is connected to the router on eth0, and it accesses the internet just fine. The router assigns it a 192.168.0.2 IP address.

From there I plug a crossover cable into eth1 (the second ethernet jack) on the linux box and into a computer on the LAN (an ibook running OSX). I've set up DHCP (see below for dhcpd.conf file) on the linux box, and it assigns an ip address of 192.168.10.100 to the ibook. Once I get this working, I'd like to plug eth1 into a wireless router which all the computer on the LAN will access -- I'm not going to get into this, however, until I can get the ibook running on its own.

So, DHCP works, and the ibook can ping the linux server. However, no matter what I do, I can't get the iBook to access the internet. I've turned on IP forwarding, and I've tried running a GUI for iptables ("Firestarter") to enable the NAT. I have no idea what I'm doing wrong. Any ideas or a pointer in the right direction would be appreciated!

My dhcpd.conf file looks like this:

ddns-update-style interim;
default-lease-time 2592000;
max-lease-time 5592000;

subnet 192.168.10.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
option routers 192.168.10.1;
}


Thanks in advance for your help!

I am not familiar with "Firestarter"... does it create an rc.firewall or some other configuration file to enable your firewall rules?

-KevinJ

You need to configure iptables to masquerade the connection. Please look into this thread: http://www.linuxquestions.org/questi...les+masquerade for right commands. When you have it running, add the lines to one of your starting scripts (for example /etc/rc.d/rc.local) to start them every boot.

Thanks for your replies -- that link you posted was helpful. However, it's still not working.

Here's where I'm at now. Eth0 on the linux box is connected to the internet (with a router/firewall in between), and eth1 is connected to the ibook (which is getting an IP address from DHCP):

eth0 = 192.168.0.2 (IP address assigned by router connected to internet)
eth1 = 192.168.0.3 (arbitrary IP address assigned at boot)
ibook = 192.168.0.199 (IP address assigned by DHCP on the linux box)

From the iBook, I can ping both 192.168.0.2 and 192.168.0.3 without any problems. I can also ping the iBook from the linux DHCP server.

Typing iptables -L returns the following:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

The iptables are set up at boot by a script I downloaded from the howto linked to in your message. It seems to be working correctly.

So, at this point, I think I have DHCP configured correctly, and I think I have IP masquerading right -- but it's still not working. Any thoughts?

echo "1" > /proc/sys/net/ipv4/ip_forward

I think the problem is in the DHCP servers. You actually have two DHCP servers, one in the router/cable modem and the other on the linux box. Maybe there has to be some kind of acknowledgement between the two DHCP servers. See the dhcp man pages and/or the dhcpd.conf man pages, at least. I think I recall reading that routers are an issue for DHCP servers and that you can run two DHCP servers.

Zdavis:

What nameservers are you using when you setup you ibook? Your ISP's? Or your gateways?

Try setting the primary and secondary nameservers on your ibook to use xx.xx.xx.xx (your isp's nameserver's)? Hope this helps'

Micxz

still no luck
 

Ok -- I entered that command (which I think I had entered before), and I still can't get it to work. Must be something else.

DNS
 

I have my ISP's domain name servers in my dhcpd.conf file on the linux server (see below):

ddns-update-style interim;
default-lease-time 2592000;
max-lease-time 5592000;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.3;
option domain-name-servers 24.29.99.14, 24.29.99.15, 24.29.99.16;
option domain-name "netnewbies";

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.11 192.168.0.200;
}

Thinking this might be the problem, I tried accessing 64.58.79.230 (yahoo's IP address) from the DHCP client -- still no luck. Argh! Thanks for trying though :)

I thought this might be the problem as well -- so I've also tried it without any routers in the configuration. I just tried it with the cable modem plugged directly into the linux box, and then a crossover cable going from eth1 on the linux box to the iBook....still no dice.

Can you ping these IP's from your ibook?

24.29.99.14, 24.29.99.15, 24.29.99.16;

Problem solved
 

Problem solved...and boy do I feel stupid :p

The client was configured to use a proxy server with 192.168.0.1 IP address -- I must have gotten frustrated at some point and just starting entering numbers to get the thing to work -- anyhow, once I took that out, it's up and running.

Thanks so much for your help though (all of yous) -- the links you suggested were a big help, and not only is the thing working now, I feel like I have a better understanding of why. Can't thank you enough!

Tight;

still having problems
 

I thought I had this problem figured out, but now it's not working.

The only problem I'm having now is that the linux box can't access the router connected to the cable modem. It can, however, access the cable modem directly, which makes me think that the ethernet card is fine. Furthermore, my iBook can access the router without any trouble, which makes me think the router is fine.

The router is a dlink DI-604. It's configured to assign ip addresses to it's clients using DHCP. Sometimes the router seems to be able to see the linux box, but not vice versa. Last night, when everything was working fine, I noticed that the linux box would no longer be able to access the internet (or the router at 192.168.0.1) after 10 or 20 minutes... I'm stumped, yet again.

Any thoughts?

Thanks!

further thoughts
 

It seems to me that the linux machine doesn't seem to want to let go of its IP address on reboot (nor does the router). For example, looking at the router's DHCP client table right now tells me that the router has assigned 192.168.0.3 to the linux box. Running IP config on the linux machine tells me that it's IP address is 192.168.0.2. I configured the ethernet card using Redhat's (or perhaps it's KDE's) network device configuration tool, and set it to get it's address using DHCP. Is there a reason why it might be having a hard time getting the right address from the router?

I just rebooted, and the machine started up with the same 192.168.0.2 ip address. The router still thinks I'm at 192.168.0.3. I would think that there is something wrong with the way the computer is getting it's IP address, but then why does it work when it's plugged directly into the cable modem?

Another update -- ok, so now I reset the router, and rebooted the linux machine. The router assigned an ip address to the linux box, and the linux box thinks it has the ip address (good!). However, the linux box still can't access the internet, nor can it access the router at 192.168.0.1. The iBook, however, can access the internet (through the same router) as well as the router itself. I thought maybe there was a problem with my firewall, so I flushed my firewall rules on the linux box -- still can't access the router or the internet. Argh!!!