Obviously my frustration with Linux was taken as an insult. I apologize to all of you that have retorted with flame. I admit that my post was very hard on Linux.

I still want to get a Linux box running. I am searching for solutions to what is stopping my internet forwarding or routing or NAT, or whatever it is.

The C/C++ compiling was a problem with a previous version I had installed. I do not know why it would not work, and as I needed to compile code I reinstalled an older version of Red Hat that did work for that. Currently, with Slack 9.1, I have not tried to compile, but I am assuming it will work.

I have read the HOWTOs on the linux.org site for DSL, ADSL-Bandwidth-Management, Ethernet, Firewall, IP-Masquerade, Masquerading-Simple, Net, Network-Install, and Network-Overview.

I have also searched on Google for this subject and have read many other sites describing how to set this up.

So as you can see I have tried to solve this on my own. The HOWTO's are very informative, but they do not tell you what to try next if it still does not work.

I have also searched through this site for others having the same problem and have only found references to the HOWTO's or other documentation I have read.


Here is my current setup on the Linux box:
Slackware 9.1
eth0 adsl connection with earthlink dynamic IP 192.168.0.3
eth1 lan connection with my Windows XP box through a hub 192.168.0.13

Windows XP 192.168.0.14


ifconfig:
eth0 Link encap:Ethernet HWaddr 00:50:BA: D6:23:AA
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8987 errors:0 dropped:0 overruns:0 frame:0
TX packets:13657 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
RX bytes:8492103 (8.0 Mb) TX bytes:993960 (970.6 Kb)
Interrupt:11 Base address:0xf000

eth1 Link encap:Ethernet HWaddr 00:03:6D:16:B4:06
inet addr:192.168.0.13 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:515 errors:0 dropped:0 overruns:0 frame:0
TX packets:103 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:63768 (62.2 Kb) TX bytes:8254 (8.0 Kb)
Interrupt:10 Base address:0xb000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3236 (3.1 Kb) TX bytes:3236 (3.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:68.164.1.75 P-t-P:172.31.255.247 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:30 (30.0 b) TX bytes:30 (30.0 b)



iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain icmp-in (0 references)
target prot opt source destination

Chain icmp-out (0 references)
target prot opt source destination

Chain log-tcp-state (0 references)
target prot opt source destination

Chain tcp-state-flags (0 references)
target prot opt source destination


iptables -t nat -L:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.14 * 255.255.255.255 UH 0 0 0 eth1
172.31.255.247 * 255.255.255.255 UH 0 0 0 ppp0
localnet * 255.255.255.0 U 0 0 0 eth0
localnet * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 172.31.255.247 0.0.0.0 UG 0 0 0 ppp0


route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.14 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
172.31.255.247 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.31.255.247 0.0.0.0 UG 0 0 0 ppp0





Once again, sorry about my upsetting post. I am getting frustrated at the fact that no matter what I try it still does not work. What am I missing here.

Thanks for any help that anybody can give.
Agent0013

Slghtly confused by the eth0 and ppp0, this is assuming ppp0 is your connection to the internet ( which it looks like it is) Cut and paste this and save it to a file, make it executable and run it AFTER you have connected to the internet. Haven't been able to test it, but give it a whirl.



echo 1 > /proc/sys/net/ipv4/ip_forward #make sure forwading is enabled

wanInterface="ppp0"

#get the dynamic ip address of the interface that's attached to the internet
ipAddress=`/sbin/ifconfig|grep $wanInterface -2|grep inet|cut -f2 -d:|awk '{print $1}'`

iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p ALL -i eth1 -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s $ipAddress -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.0.13 -j ACCEPT




iptables -A INPUT -p ALL -d $ipAddress -m state --state ESTABLISHED,RELATED -j ACCEPT


iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s $ipAddress -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.0.13 -j ACCEPT

iptables -t nat -A POSTROUTING -o $wanInterface -j SNAT --to-source $ipAddress

The first big thing that jumps out at me is that both your inside card and outside card are on the same subnet:
192.168.0.0 w/ mask of 255.255.255.0, or 24 bit (192.168.0.0/24)

Normally a firewall, or any kind of router, makes some of its decisions about where to send packets based on the subnet they are addressed to. The way this is set up, when the box gets a packet for the 192.168.0.0/24 subnet, it doesn't know what to do with it (it probably sends them all to eth0, just because it's first). In other words, when you try to send a ping to the Windows box, the machine is most likely sending it to the DSL modem instead.

It might be possible to use the setup with this configuration by setting up a static route to the Windows box, but this wouldn't make any sense, and would make adding more machines to the network very overly complicated (besides which, I am by no means certain that you could get it to work correctly). It would make more sense to do it the conventional way and set up a different subnet for the inside network (since the outside network is set up by the DSL modem).

You could set up the inside network on the 192.168.1.0/24 subnet (give eth1 and the XP box addresses between 192.168.1.1 and 192.168.1.254). This is slightly unorthodox because the network address of your entire network and for the DSL/eth0 subnet would both be 192.168.0.0, but it would work fine (this is because whoever set up the DSL modem did so with a 192.168.0.0/24 network address, which is slightly unorthodox). Alternatively you could set it up with an entirely different private network address, like one from the 10.0.0.0 subnet, giving the inside devices addresses between 10.1.1.1 and 10.1.1.254, for example, with a 24 bit netmask (255.255.255.0).

It would seem that the issues you are having a probably due to an unfamiliarity with routing and the hierarchical structure of TCP/IP in general rather than something specific to Linux.

I have now tried to change my eth0 card to another subnet.

I have set it to the 10.1.1.1 like Rodrin suggested and it still does not pass any data through to the internet.

I have the policy for INPUT, OUTPUT, and FORWARD set to ACCEPT. Shouldn't that just pass everything through and be unprotected. It still does not let stuff through.

Never tried it without setting explicit rules. Try it with the bunch of stuff above saved to a file called trythisnow , then chmod +x trythisnow

then as root

./trythisnow


change the couple of lines to

wanInterface="eth0"

ipAddress="10.1.1.1"

you can but try.

I have tried using the settings that Looking_Lost has suggested, and it stopped the Linux box from accessing the internet at all.

No clue why! No clue what to try next!

You actually changed the address of eth1 rather than eth0, right? The eth0 interface is the one that was connected to the DSL modem and assigned dynamically, so you need that for connection to the Internet.

Also make sure that the Windows box has an address on the same subnet, like 10.1.1.2, for example. The gateway setting for the Windows box should be pointed to the inside address on the Linux box, 10.1.1.1 (this is analogous to the "default" route on the Linux box).

Speaking of the default route on the Linux box, it is not correct. It should be pointing to the address of the DSL modem on eth0 rather than whatever address that is on ppp0. You should only have one entry that shows up as localnet which in actuality (route -n) should be 10.1.1.0 and should be on the eth1 interface, but otherwise should match what you have in the two entries that exist (they were entirely conflicting routes, because they told the computer to send the same packets to two different places). It looks like you did have a static route to the Windows box in your routing table; you shouldn't need that anymore with separate subnets. I'm sorry I didn't look closely at the routing table before and give you this information; I was pressed for time when I posted before.

I have tried changing the default route to eth0 and the Linux box could no longer get to the internet.

I actually changed the eth0 ip before to 10.1.1.1

This is my rc.inet1.conf file:
\# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").

# Config information for eth0:
IPADDR[0]="10.1.1.1"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.0.13"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""

# Config information for eth2:
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""

# Config information for eth3:
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""

# Default gateway IP address:
GATEWAY="ppp0"

# Change this to "yes" for debugging output to stdout. Unfortunately,
# /sbin/hotplug seems to disable stdout so you'll only see debugging output
# when rc.inet1 is called directly.
DEBUG_ETH_UP="no"





I did try taking out the ip for eth0 and leaving it as nothing. Then it could not connect to the internet at all. adsl-start resulted in a timeout error.

I have noticed that the eth0 ip address is not related to the ip the earthlink assigns. The earthlink ip is associated with the ppp0 item in ifconfig.

I'm sorry; I didn't realize you were using PPP over Ethernet. That changes a lot. I've never actually set up a computer to use PPPoE, but you apparently had that working, so it should not be difficult to restore that part.

There seems to be some confusion as to which ethernet interface was connected to you modem and which to your other computer. The one that was connected to the modem, which I thought was eth0, should be restored to what it was to begin with. If it was assigned dynamically, then you need to do more than leave its address blank; you also need to turn on DHCP by setting the line (assuming it was eth0):

USE_DHCP[0]=""

to

USE_DHCP[0]="yes"

If it was not assigned by the modem dynamically, then just restore it to the address it was before. The other interface (what I thought was eth1) should have the address 10.1.1.1

The default route should be as you had it; it was correct because the ppp connection was actually handling your Internet traffic. So go ahead and leave it on ppp0 and pointed to the address you had before.

Since Internet traffic is actually being handled over ppp0, you have 3 (virtual) interfaces, and two of them are local, but they still can't be on the same subnet, or your computer will not know which place to send packets. If eth0 is actually being assigned to the 192.168.0.0/24 subnet, as it appeared to be from what you posted before, then you need the localnet route for that to be what it was originally, but the route for eth1 should be different. The output from route -n should look like this:

(As you can see, this only has the slight changes from your original of putting eth1 on a different subnet than before and removing the static route to the Windows box, which should not be necessary and could cause unnecessary complications if you ever wanted to expand the network to another computer. It looks like the only problem you had with the routing table was the conflicting routes for 192.168.0.0/24 traffic to both eth0 and eth1.)

Your Windows IP address and gateway should be what I wrote in my last post, pointing to the Linux box as a router and on the same subnet as the interface on the Linux box it is connected through. This is all assuming the modem is connected to eth0 and the hub leading to the Windows computer is connected to eth1.

P.S.
I have not made up a set of routing rules for a firewall since Linux changed from ipchains to iptables. What I would do is set it up to allow everything until I had the routing working and then change the rules to good firewalling rules after I was sure the routing was working correctly. Looking_Lost could probably give you more immediate help with the rules, since he appears to have been working with them more recently.

I didn't realize that I didn't specify that it was pppoe, sorry about that.

I have tried what you said, and it is the same. Linux machine works, Windows machine does not.

eth0 is 10.1.1.1
eht1 is 192.168.0.13

windows machine is 192.168.0.14 with gateway set to 192.168.0.13



the firewall is set to accept everything.
the firewall script I have running is:
#!/bin/bash

# This script is designed to be run as: /etc/dhclient-enter-hooks

###############################################################
# Copyright (C) 1997 - 2003 Robert L. Ziegler
#
# Permission to use, copy, modify, and distribute this software and its
# documentation for educational, research, private and non-profit purposes,
# without fee, and without a written agreement is hereby granted.
# This software is provided as an example and basis for individual firewall
# development. This software is provided without warranty.
#
# Any material furnished by Robert L. Ziegler is furnished on an
# "as is" basis. He makes no warranties of any kind, either expressed
# or implied as to any matter including, but not limited to, warranty
# of fitness for a particular purpose, exclusivity or results obtained
# from use of the material.
###############################################################


# Load the FTP connection state helper module.
modprobe ip_conntrack_ftp

# Load the FTP NAT module.
modprobe ip_nat_ftp

# ----------------------------------------------------------------------------
# Some definitions for easy maintenance.
#
# EDIT THESE TO SUIT YOUR SYSTEM AND ISP.

# Toggle firewall service rules on/off

NAT_ENABLE="2" # 0=disable; 1=SNAT; 2=MASQUERADE
DHCP_CLIENT="0"
LAN_ACCESS="1" # ssh & ftp access from firewall to lan

DNS_CACHE="1" # caching nameserver for LAN
ACCEPT_AUTH="0"
SMTP_SERVER="0"
SSH_SERVER="0"
FTP_SERVER="0"
WEB_SERVER="0"
NTP_CLIENT="0"
NTP_SERVER="0" # LAN server (not public)
MULTICAST_ENABLE="0" # must subscribe to multicast


INTERNET="eth0" # network interface to the DMZ
LAN="eth1" # network interface to the LAN
LOOPBACK_INTERFACE="lo" # however your system names it

INTERNET_IPADDR="172.31.255.247" # gateway firewall - public IP

LAN_ADDR="192.168.0.13" # LAN IP address
LAN_ADDRESSES="192.168.0.0/16" # LAN IP address range
LAN_NETWORK="192.168.0.0" # DMZ subnet base address
LAN_BROADCAST="192.168.0.255" # DMZ broadcast address
LAN_NETMASK="255.255.255.0"

NAMESERVER_1="198.41.0.4"

#MAIL_SERVER="any/0" # address of a remote mail gateway
#POP_SERVER="your.pop.server"
#NEWS_SERVER="your.news.server"

#TIME_SERVER="your.time.server"

DHCP_SERVER="any/0" # some ISPs tell you the address

LOOPBACK="127.0.0.0/8" # reserved loopback address range
CLASS_A="10.0.0.0/8" # class A private networks
CLASS_B="172.16.0.0/12" # class B private networks
CLASS_C="192.168.0.0/16" # class C private networks
CLASS_D_MULTICAST="224.0.0.0/4" # class D multicast addresses
CLASS_E_RESERVED_NET="240.0.0.0/5" # class E reserved addresses

BROADCAST_SRC="0.0.0.0" # broadcast source address
BROADCAST_DEST="255.255.255.255" # broadcast destination address

UNPRIVPORTS="1024:65535" # unprivileged port range

###############################################################

# WARNING:

# The following section is written for dhclient.
# This section demonstrates what needs to be done
# to dynamically modify the IP address and name servers.

# See the "dhclient-script" man page
# and the "dhclient.conf" man page for details.

if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || [ x$reason = xREBIND ]; then

IPADDR=$new_ip_address

# Some ISPs use more than one DHCP server.
# In that case, you can leave DHCP_SERVER set to any/0,
# or you can hard-code duplicate DHCP rules that
# reference the specific server IP addresses.

DHCP_SERVER=$new_dhcp_server_identifier

elif [ x$reason = xPREINIT ] || \
[ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xTIMEOUT ]; then

IPADDR="any/0"
DHCP_SERVER="any/0"

fi

###############################################################

# Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Enable TCP SYN Cookie Protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Enable broadcast echo Protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Enable bad error message Protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Drop Spoofed Packets coming in on an interface, which if replied to,
# would result in the reply going out a different interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
echo 0 > $f
done

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f
done

# Log packets with impossible addresses.
# Includes Multicast src, Class E src/dst, Loopback src/dst,
# Zero net src/dst
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
echo 1 > $f
done

###############################################################

# Remove any existing rules from all chains
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

# Set the default filter table policy
iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT

# Remove any pre-existing user-defined chains
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

# Create any user-defined chains
iptables -N tcp-state-flags
iptables -N log-tcp-state
iptables -N icmp-in
iptables -N icmp-out

# Unlimited traffic on the loopback interface
# Do immediately in case of firewall script errors!
iptables -A INPUT -i $LOOPBACK_INTERFACE -j ACCEPT
iptables -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT


###############################################################
# Enable Source NAT

if [ $NAT_ENABLE = "1" ]; then
iptables -t nat -A POSTROUTING -o $INTERNET \
-j SNAT --to-source $INTERNET_IPADDR
elif [ $NAT_ENABLE = "2" ]; then
iptables -t nat -A POSTROUTING -o $INTERNET \
-j MASQUERADE
fi

###############################################################



###############################################################
# Using Connection State to By-pass Rule Checking

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

###############################################################








###############################################################
# ICMP Control and Status Messages

iptables -A icmp-in -p icmp \
--icmp-type source-quench -j ACCEPT

iptables -A icmp-in -p icmp \
--icmp-type parameter-problem -j ACCEPT

iptables -A icmp-in -p icmp \
--icmp-type destination-unreachable -j ACCEPT

# Intermediate traceroute responses
iptables -A icmp-in -i $INTERNET -p icmp \
--icmp-type time-exceeded -j ACCEPT

# -----------------------------------------------------------

iptables -A icmp-out -p icmp \
--icmp-type source-quench -j ACCEPT

iptables -A icmp-out -p icmp \
--icmp-type parameter-problem -j ACCEPT

iptables -A icmp-out -p icmp \
--icmp-type fragmentation-needed -j ACCEPT

# allow outgoing pings to anywhere
iptables -A icmp-out -p icmp \
--icmp-type echo-request \
-m state --state NEW -j ACCEPT

iptables -A icmp-out -o $LAN -p icmp \
--icmp-type destination-unreachable -j ACCEPT

# Don¹t log dropped outgoing ICMP error messages
iptables -A icmp-out -o $INTERNET -p icmp \
--icmp-type destination-unreachable -j DROP

# -----------------------------------------------------------

iptables -A INPUT -p icmp -j icmp-in

# allow incoming pings from trusted hosts
iptables -A INPUT -i $LAN -p icmp \
--icmp-type echo-request \
-m state --state NEW -j ACCEPT

iptables -A OUTPUT -p icmp -j icmp-out
iptables -A FORWARD -o $LAN -p icmp -j icmp-in
iptables -A FORWARD -o $INTERNET -p icmp -j icmp-out

###############################################################








route -n is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.31.255.247 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.31.255.247 0.0.0.0 UG 0 0 0 ppp0



iptables -L is:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
icmp-in icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
icmp-in icmp -- anywhere anywhere
icmp-out icmp -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
icmp-out icmp -- anywhere anywhere

Chain icmp-in (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded

Chain icmp-out (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere icmp destination-unreachable

Chain log-tcp-state (0 references)
target prot opt source destination

Chain tcp-state-flags (0 references)
target prot opt source destination


ifconfig is:
eth0 Link encap:Ethernet HWaddr 00:50:BA6:23:AA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:241 errors:0 dropped:0 overruns:0 frame:0
TX packets:289 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:141100 (137.7 Kb) TX bytes:35737 (34.8 Kb)
Interrupt:11 Base address:0xf000

eth1 Link encap:Ethernet HWaddr 00:03:6D:16:B4:06
inet addr:192.168.0.13 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:183 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16587 (16.1 Kb) TX bytes:674 (674.0 b)
Interrupt:10 Base address:0xb000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)

ppp0 Link encap:Point-to-Point Protocol
inet addr:68.165.60.3 P-t-P:172.31.255.247 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:324 (324.0 b) TX bytes:223 (223.0 b)



I did not remove the 10.1.1.1 from eth0, but in ifconfig it does not have that ip anymore due to the dhcp.

rc.inet1.conf is set like you said:
\# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").

# Config information for eth0:
IPADDR[0]="10.1.1.1"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.0.13"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""

# Config information for eth2:
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""

# Config information for eth3:
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""

# Default gateway IP address:
GATEWAY="ppp0"

# Change this to "yes" for debugging output to stdout. Unfortunately,
# /sbin/hotplug seems to disable stdout so you'll only see debugging output
# when rc.inet1 is called directly.
DEBUG_ETH_UP="no"





I can ping the windows machine, or a web site from the linux box.

I can ping the linux machine from windows.

But I can't ping a web site from windows. And I am pinging the ip address, not the name. 198.182.196.56 is www.linux.org

Still no clue what is stopping this from working.

This is why I am so frustrated with Linux. I have had four years of this. Everytime I try to set up another Linux box I can not get it to do a few simple things. This is actually the first time I have ever had the Linux box accessing the Internet, so it is actually a lot of progress. A computer that can't use the internet is pretty useless these days.

Any other suggestions?

I am having trouble connecting to the net can anyone help me. I am a newbie to Linux also.

OK. You have your interfaces all working properly. Everything looks OK for a machine set up with PPPoE on the routing side.

The firewall script you have running here, however, does not have all the right settings. It is written as though eth0 is your connection to the Internet, when in reality ppp0 is.

The line that reads:

INTERNET="eth0" # network interface to the DMZ

should read:

INTERNET="ppp0" # network interface to the DMZ

and according to the output of ifconfig the line that reads:

INTERNET_IPADDR="172.31.255.247" # gateway firewall - public IP

is pointed to the IP address of the PPP server when it should be pointed to your address on the ppp0 interface, which is different in your first post than in the last one. You need to enable the firewall to read your DHCP assigned address to enable masquerading. This could very well be the root of your problem. (EDIT: I wanted to correct this notion. iptables does not need to know your outside address to do masquerading; it only needs it to do SNAT; so the INTERNET_IPADDR="x.x.x.x" variable here is not being used for anything, and it doesn't matter how it's set in this case.) I would have to look into this further myself to find out how to do this, but it looks like this script may have a provision for handling it. However, it could be complicated by the fact that your network interface is a PPP interface or that you have to use PPPoE.

Also the netmask for your local subnet according to the LAN_ADDRESSES line of the firewall script is 16 bits (or 255.255.0.0) when in reality you have it set to 24 bits (255.255.255.0). These settings really should match.

Disclaimer: I could be mistaken about some of my advice due to my unfamiliarity with PPPoE.

That last post of yours has helped some. I can now ping out from the windows box to an ip address on the internet.

Now I just need to get the DNS to be forwarded through the gateway. I'll work on that next.

Thanks, You have been very helpfull
Agent0013