Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey all. I've got a linux machine with two ethernet cards. One connects to a router and the other two another PC (winxp) with a crossover cable. I can ping the lnux box from the winxp box.
I'd like to know how to get internet access on the winxp box. What do I need to configure on the linux box? I've been reading about firewalls and advanced routing and i'm getting very confused. All I want to do is use the linux box as a relay, could anyone point me to a simple tutorial or howto?
Linux box is running kernel 2.4.23 with iptables compiled in. eth0 connects to the internet via my router, and eth1 connects to my other computer. I'm not connecting my other computer directly to my router because I've run out of ports, and can't afford new a hub at the moment. Had a spare ethernet card so I figured i'd try this out.
Hi,
yes you need to use iptables.
I'll give you the advices you need to get a basic packet forwarding.
Here's a BASIC sample of an iptables script that does what you need:
Code:
IPTABLES=/sbin/iptables #check the correct path
EXTIF=eth0
INTIF=eth1
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F INPUT
$IPTABLES -P INPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F FORWARD
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -F
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE #this 'hides' internal IPs
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT #this enables connections from the other PC to the internet
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT #What you asked to the internet by the other PC, can enter the network
$IPTABLES -A OUTPUT -o $EXTIF -j ACCEPT #if you're using the linux box directly, this enables connections out
$IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT #what you asked to the internet by the linux box, can enter
#Enabling loopback... you might need the following ones if you're using samba
$IPTABLES -A INPUT -i $LOOP -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOP -j ACCEPT
#The following rules let the other PC to connect to the linuxbox
$IPTABLES -A INPUT -i $INTIF -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -j ACCEPT
I hope I didn't type anything wrong... I did this on the fly. You can run this at boot time.
NOTE: if you're connecting to the internet through PPP, you'd better do so:
EXTIF=ppp0
For more security reference, have a look at the security forum.
Thanks for the reply! It doesn't quite seem to work though. I get the following error when i try to run all that through bash:
Code:
Warning: weird character in interface '-j' (No aliases, :, ! or *).
Bad argument 'ACCEPT'
Try 'iptables -h' or 'iptables --help' for more information.
Warning: weird character in interface '-j' (No aliases, :, ! or *).
Bad argument 'ACCEPT'
Try 'iptables -h' or 'iptables --help' for more information.
Originally posted by TheIrish This is weird... apparently there's something wrong in the kernel module or something like that...
I don't know what to say...
Oh dear... In the kernel I compiled -everything- under the netfilter config option. Is there some stuff I should compile out?
I'm also trying to save up for a 4-port switch and the needed cables. It's a pity though, I would have liked the experience of working with iptables.
In any case, thanks for trying to help!
Well the urge to spend got the best of me and I now have a (relatively inexpensive) 5 port smc switch.
In any case I'm still curious to find out what went wrong. Here's some info:
2.4.23_pre8-gss-r2 (it's a "gentoo stable sources" kernel)
Gentoo
iptables v1.2.9 (that's what "iptables -V" gives, i assume that's the userspace. How do I check the modules?)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.