Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-15-2013, 02:04 PM
|
#1
|
LQ Newbie
Registered: Jun 2008
Posts: 13
Rep:
|
Sharing DSL connection on Ubuntu 12
I am upgrading my internet/gateway computer from a 1998 450mHz AMD K6 with Slackware 7 to a Dell Studio dual processor with Ubuntu 12.
The Dell has a Ethernet connection to the DSL modem. I am running the modem in bridge mode. I want to connect a windows computer and a WiFi "modem" to the Dell. I have tried it two ways. The first way was to connect an Ethernet switch to a second Ethernet port on the Dell. Then connect the WiFi and Windows computer to the switch. The second way was to have three Ethernet ports on the Dell and connect the WiFi and Windows computer each to separate Ethernet ports on the Dell. In both cases I set up the Ethernet port to the DSL as a DSL connection and the other two ports as "Shared to Other Computers". The Windows computer has no issues but when I connect to the WiFi "modem" with my Archos tablet I have problems. The tablet connects using DHCP and gets an IP Address. I can see the other computers from the tablet. However I have problems connecting to the Internet. I can go to some web sites like Google. But I get timed out for most sites. I have tried setting up the Ethernet port on the Dell that connects to the WiFi with a static IP Address but then the tablet can not even see the Dell. The WiFi modem has a static IP address in the 192.168 range whereas the Dell assigns a 10.42 address to the second and third Ethernet ports and the tablet also gets a 10.42 address. Not sure if that is a problem.
I have also tried using my old computer as a gateway. In this setup the old computer connects to the DSL modem and it's Ethernet card is setup with two IP addresses, the external one and an internal in the 192.168 range. I then set up the Dell with a static IP Address in the 192.168 range and use the old computer as a gateway. Then I hook up the WiFi modem to a second Ethernet port on the Dell which is configured as "Shared to Other Computers". In this configuration the tablet can connect up and access the internet with no problem. The tablet in this case is set up with a staic IP Address, knows the old computer is the gateway and has been give DNS server addresses.
I have attached diagrams of the 2 setups.
Setup #1 uses my old Slackware 7 Linux box as the gateway. The tablet can access all of the internet. The Slackware box connects to the DSL modem through the Ethernet switch. The Ethernet port on the Slackware box has both an internal (192.168....) and an external (determined by internet provider) IP Addresses. The Ethernet port on the Ubuntu box is also configured with a (192.168...) address. The 2nd and 3rd Ethernet ports on the Ubuntu box are configured as "shared to other computer" ports and have IP Addresses in the 10.42.... range. The tablet connects through the WIFI access port and uses dhcp to connect.
Setup #2 is the one I would like to use because I have eliminated the old Slackware 7 Linux box. However the tablet can not access the internet except for Google. I have not tried every internet site but it appears that I can only get to Google. The Ubuntu uses one Ethernet port to connect directly to the DSL modem. That port is configured for a DSL connection and the IP Address is assigned by the internet provider. The other 2 ports on the Unbuntu box are configured as "shared to other computers" and both get IP Address in the 10.42.... range. The windows computer can access all of the internet just like in setup #1. But the tablet only connects to Google. I have tried numeric IP Address and they do not work so I do not think it is a DNS problem.
The MTU was set to 1500 on 2 of the Ubuntu ports. I set them to 1492 but that did not change anything.
In both setups the tablet is connected to the Ubuntu box the same way, through a WIFI access point connected to an Ethernet port set up as "shared to other computers". The difference is how the Ubuntu box is connected to the DSL modem. In setup #1 it connects to the DSL modem via a static IP address to the Slackware box. In setup #2 it is connected directly to the DSL modem through a Ethernet port configured fro DSL.
Anyone have suggestions?
Thanks Bob
|
|
|
07-15-2013, 03:29 PM
|
#3
|
LQ Newbie
Registered: Jun 2008
Posts: 13
Original Poster
Rep:
|
jefro,
Thank you for the reply. I have read those instructions already and they did not help.
Bob
|
|
|
07-15-2013, 05:52 PM
|
#4
|
Moderator
Registered: Aug 2002
Posts: 26,355
|
I would configure the access point for DHCP and see what happens.
|
|
|
07-16-2013, 12:10 AM
|
#5
|
LQ Newbie
Registered: Jun 2008
Posts: 13
Original Poster
Rep:
|
Made WIFI access point DHCP and there was no change.
I thought that had a good chance of working.
The weird thing is I can access Google but nothing else through any browser.
I installed a traceroute app and I can trace to all web addresses.
Bob
|
|
|
07-17-2013, 03:31 AM
|
#6
|
Member
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96
Rep:
|
You need to bridge your two internal interfaces:
# setup eth0 to get IP address via DHCP.... connect to DSL modem
ifconfig eth1 0.0.0.0 netmask 0.0.0.0 down #internal network
ifconfig eth2 0.0.0.0 netmask 0.0.0.0 down #internal network
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Integrating this into Ubuntu's startup scripts is left as an excercise to the reader...
|
|
|
07-17-2013, 04:57 PM
|
#7
|
LQ Newbie
Registered: Jun 2008
Posts: 13
Original Poster
Rep:
|
Did not work
Mike,
I did what you said but it did not work. I could not even connect to the eth1 or eth2 ports. I left in the ppp0 entries in the iptables.
Here are some configuration dumps:
BRCTL:
bridge name bridge id STP enabled interfaces
br0 8000.00e04c534458 no eth1
eth2
IFCONFIG:
br0 Link encap:Ethernet HWaddr 00:e0:4c:53:44:58
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:21:70:15:70:25
inet6 addr: fe80::221:70ff:fe15:7025/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88 errors:0 dropped:0 overruns:0 frame:0
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37279 (37.2 KB) TX bytes:12929 (12.9 KB)
Interrupt:45
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3838 (3.8 KB) TX bytes:3838 (3.8 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:71.116.122.104 P-t-P:10.39.1.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:74 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:34733 (34.7 KB) TX bytes:5242 (5.2 KB)
IPTABLES:
# Generated by iptables-save v1.4.12 on Wed Jul 17 13:44:23 2013
*mangle
:PREROUTING ACCEPT [65:9862]
:INPUT ACCEPT [65:9862]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [63:9222]
:POSTROUTING ACCEPT [122:18196]
COMMIT
# Completed on Wed Jul 17 13:44:23 2013
# Generated by iptables-save v1.4.12 on Wed Jul 17 13:44:23 2013
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [8:756]
:POSTROUTING ACCEPT [6:632]
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jul 17 13:44:23 2013
# Generated by iptables-save v1.4.12 on Wed Jul 17 13:44:23 2013
*filter
:INPUT ACCEPT [61:9038]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [63:9222]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i eth0 -j DROP
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -o ppp0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.0.0/24 -i eth0 -o ppp0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i ppp0 -j ACCEPT
COMMIT
# Completed on Wed Jul 17 13:44:23 2013
|
|
|
07-19-2013, 12:13 PM
|
#8
|
Member
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96
Rep:
|
Hi Bob,
I guess I missed that you were using ppp in your original post and you also have existing firewall rules.
To clean up the firewall rules, remove my line:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
as it is redundant due to the existing line:
(from your iptables-save listing) -A POSTROUTING -o ppp0 -j MASQUERADE
You also have a rule that is being entered twice (in the filter table):
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
And the following should be removed altogether as 192.168.0.0/24 should not be coming in or going out from/to the internet:
-A FORWARD -s 192.168.0.0/24 -i eth0 -o ppp0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i ppp0 -j ACCEPT
Otherwise, the output you have posted is correct. You can see that packets are passing on interfaces eth0 and ppp0.
Once you create the bridge, interfaces eth1 and eth2 are no longer accessible individually; you access both ports as interface br0; it's just like a 2-port switch. To test this connect a computer to eth1 and configure it as 192.168.0.2 netmask 255.255.255.0 and gateway 192.168.0.1 and ping 192.168.0.1 then move the cable to eth2 and ping 192.168.0.1 again. Both should work. Then connect a 3rd computer to eth1 (with the previous still connected to eth2) and configure it as 192.168.0.3 netmask 255.255.255.0 and gateway 192.168.0.1. You should be able to ping .2 from .3 and .3 from .2.
Once the firewall is cleaned up and you can ping all around on your internal network, try to ping something outside of your network. If this works, you're golden; if not, then there is more work to be done with the firewall rules.
As a suggestion, the output of:
`iptables -t filter -L -nv`
`iptables -t mangle -L -nv`
`iptables -t nat -L -nv`
while taking more effort to type, gives a bit more information than `iptables-save` (you get packet and byte counts for each rule which helps with troubleshooting).
Good luck!
|
|
|
07-19-2013, 08:19 PM
|
#9
|
LQ Newbie
Registered: Jun 2008
Posts: 13
Original Poster
Rep:
|
My solution
Mike,
Thank you for the help.
I decided to give over control to the DSL modem. I let it log in to the ISP. The I connected the DSL modem, the two computers and the WIFI access point to a switch. I set the modem to forward ports to the Ubuntu computer. Everything now works but I would have liked to set up the Ubuntu computer as the router/firewall for the whole LAN. I will still look into your corrections for the iptables.
Thanks
Bob
|
|
|
All times are GMT -5. The time now is 11:34 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|