|
Cable modem
Hi people,
Could anyone help for this situation. I have got a cable modem and 2 nics in ubuntu server. 1st -> when I connect the cable modem to one nic it catch the ip defined by ISP. I've got a DHCP in the same machine so in my /etc/network/interfaces auto eth0 iface eth0 inet dhcp I've got eth0 ha dhcp. (when I try to restart dhcp it gets an error because eth0 (by syslog)) So I 've done the following /usr/sbin/dhcp eth1 To start dhcp to the 2 nic. 2nd -> My DHCP configuration is something like this subnet 192.168.1.0 range 192.168.1.1 192.168.1.255 mask 255.255.255.0 option router 192.168.1.2 and Network interfaces /etc/network/interfaces auto eth1 iface eth1 inet static address 192.168.1.3 subnetmask 255.255.255.0 gateway 192.168.1.1 I don't know if this is the best way to have dhcp making attribution to all the machines that I have and have the internet to all of them. If could anyone help that would be cool. |
Help
Hi people,
Is there anyone who could help ? |
It's hard to understand the situation, can you try to clarify:
1) How many computers are your trying to get internet for, including the server ? 2) How many NICs does each computer have, again including server ? |
Computers
Thnaks for awnsering to me
1) 4 computers ina local network (1 NIC for each) 2) The computers have only one nic but I've got a hub and the server has got 2 nics 1 internet connection and one for local network. Thanks |
Your config does not look right. You seem to be assigning your router a static IP that overlaps with the DHCP range, which means some machine might be assigned it and you'll have two computers with the same IP (a no-no). Also, you seem to want to give your router an internal IP of 192.168.1.3 but in your DHCP config you tell other machines on the LAN that the router has 192.168.1.2, so they will not get the correct gateway. Finally I'm not sure where 192.168.1.1 is coming in as the gateway for this machine. The default gateway should be your ISP's default gateway, as this is an Internet facing machine.
|
Internet IP
The internet IP it's dynamic.
And What I intent to do it's something like this. 1 - Connect PC to one ethernet on server the other nic serve the local area network 2- I must give a route to the default gateway of internet and to local area network 3- the second ethernet uses a dhcp that only works with local area network. thanks |
You should understand DHCP is nothing but configuration helper for boxes on your LAN. Your router has to do NAT to pass internet to LAN, or at least you should run a proxy and DNS cache for this to work. Computers on LAN can be configured manually or using DHCP, it does not matter.
|
You actually are needing 2 diffrent things here a DHCP client and a DHCP server. The server would be needed to assign your computers on your network addresses and the client would be needed to obtain a net address for your cable modem. Also as mentioned before you would need to do NAT to get internet working on yoru internal computers. Look into iptables to do this pretty simply.
I hope this helps. The DHCP client that I use is DHCPCD |
Why are you using the server as a NAT gateway/Firewall ?
...or was it with purpose you use the server as a Firewall ? Is it not easier and better to buy a simple NAT gateways instead for $40 ? (e.g. Netgear) What is the reason you have placed the server between Internet and your PC's ? Or do you only get one dynamic IP-address from your ISP ? |
If you don't have a nat router, you will need to configure a host with two nic interfaces. You will need to configure the firewall to masquerade IP addresses for the lan hosts. You will also need to run a dhcp server for the lan. The second NIC IP address will be supplied by the dhcp server as the gateway address of the LAN.
Like a previous poster stated, it would be easier to purchase a cable/dsl NAT router. It would also have a switch for the LAN which would give you better performance than a hub. |
Yes, but if your ISP delivery 5 IP-addresses with DHCP (without any extra cost) why are you using a NAT ?
I try to identify the real problem.... May he want to protect his PC with a Firewall ? Then it's even better to use a real firewall ( not onle a NAT) with e.g. protocol filtering. /Uffe2 PS My ISP delivery 5 IP address as default Quote:
|
His first post implies a single dynamic IP address. He can post whether that isn't the case.
Also, a cable modem will only connect to a single device with a certain MAC address. If connecting it to another device it needs to be registered with the new device before getting internet access. If he want's do dedicate a host for a firewall rather than using a NAT router that is fine. If he want's to run proxy servers or an HID as well, more power to him. |
First of all
Hi people,
First off all, let me to be thankful to all who have posted to help me in this journey. I intent to do with cable modem and 2 nics to have local network and internet. Without more equipment. But I need to know how to do it, so I will need a step by step or a little patient from someone who could explain to me something related with back posts. I'm curious about and I probably could make some good questions and others probably not in the mood. But in the first phase I just need to make connection from cable modem, configure a DHCP server (and probably a client for the internet) to get to go. Then in the second phase I would like to have a firewall on the local network (with iptables or firestarter whatever the best scheme)and this would be in the same server. That's the ideia that I have probably with some opinion I could change something but that's what I intented to do for now and to open the knowledge with linux. If there is some step by step or if someone has the steps to do this (or the order that could be done) it would be a great help. Thanks once again to all. |
Sorry, I missed that you only have one public dynamic IP-address !
A solution: 1) Use your server as a NAT gateway. 2) Connect one NIC card to the modem (or Internet) (defined as the NAT-servers WAN interface) 3) Connect the other NIC card to a switch with serveral Ethernet ports (defined as the NAT-servers LAN interface) 4) Connect all other PC's to the switch 5) Install a DHCP-server and DHCP-client software on your server 5) The servers WAN interface should be defined as a DHCP-client (the DHCP client should get one public IP-address from the ISP with DHCP when the server start up) 6) The server LAN interface should be defined as a DHCP-server (the DHCP-server on the LAN interface delivery private IP-addresses to all your PC's) (=>one unique private IP-address for each PC) 7) Configure the DHCP server (on your servers LAN interface) 7.1 Set a private IP-address of the servers LAN interface (e.g. 192.168.0.100 7.2 Set a subnet mask (e.g. 255.255.255.0) 7.3 Definde a scope of private IP-address to your servers DHCP-server (e.g. 192.168.0.10-192.168.0.99). 7.4 Set a default gateway to the LAN interfaces IP-address (e.g. 192.168.0.100) |
Thanks for the help being helded .
1) Use your server as a NAT gateway.Is there a way to define this ? 2) Connect one NIC card to the modem (or Internet) (defined as the NAT-servers WAN interface) How could be define the NAT-servers as WAN interface ?Is it defined on the /etc/network/interfaces file ? 3) Connect the other NIC card to a switch with serveral Ethernet ports (defined as the NAT-servers LAN interface) How could be define the NAT-servers LAN interface ? Is it defined on the /etc/network/interfaces file ? 4) Connect all other PC's to the switch Done 5) Install a DHCP-server and DHCP-client software on your server I think I can handle with this. 5) The servers WAN interface should be defined as a DHCP-client (the DHCP client should get one public IP-address from the ISP with DHCP when the server start up)So my problems start in here, this is defined on the dhcp or in other local ? 6) The server LAN interface should be defined as a DHCP-server (the DHCP-server on the LAN interface delivery private IP-addresses to all your PC's) (=>one unique private IP-address for each PC)Ok here I think with this I could define where dhcp will work /usr/sbin/dhcp dev ethx (ethx belong to eth to define dhcp) 7) Configure the DHCP server (on your servers LAN interface)I think this is an introduction to the below points 7.1 Set a private IP-address of the servers LAN interface (e.g. 192.168.0.100) This could be defined like this auto eth1 iface eth1 inet static address 192.168.0.101 netmask 255.255.255.0 gateway 192.168.0.100 7.2 Set a subnet mask (e.g. 255.255.255.0) Couldn't this be done in the above point ? if not where I could define it ? 7.3 Definde a scope of private IP-address to your servers DHCP-server (e.g. 192.168.0.10-192.168.0.99).This could be probably defined on the dhcp (/etc/dhcp.conf) and must start with range 192.168.0.10 192.168.0.99 7.4 Set a default gateway to the LAN interfaces IP-address (e.g. 192.168.0.100)This probably would be the same has the above point, if not, where it can be defined. Thanks for your patient and once again thanks a lot |
1) I always suggest reading the IP Masquerading HOWTO for information on this. You need to make sure that the net.ipv4.conf.default.forwarding sysctl variable is set to 1 (you can use /etc/sysctl.conf for this). IIRC the last time I did this the sysctl variable was net.ipv4.ip_forward so some systems might do this, but my Kubuntu 7.10 machine tells me net.ipv4.conf.default.forwarding is the correct variable for it. You'll also need to set up some iptables rules to handle the packet mangling -- the link I posted for you tells you how to do that.
2) Yes -- sounds like you just need to tell the WAN interface to configure itself via DHCP and it sounds like it will work (DSL users like myself have a few extra hoops to jump through with PPP, but cable modem users are in the clear on this). 3) Again, yes -- just set it to a static IP address -- I always set my router to the first address on the subnet, i.e. X.X.X.1, but there's no reason it has to be done that way. 5) Don't understand your question -- so long as you tell Ubuntu that the interface ahould be configured via DHCP in /etc/network/interfaces you should be set for this part. 6) Best to have a startup script that starts dhcpd on boot, but yes, you want to tell it to listen on your LAN interface and hand out a range of addresses. 7) You set the IP configuration params for your machine in /etc/network/interfaces. You set all of the IP address, netmask, default gateway (your box), and optionally name servers gfor the DHCP clients on your network in the dhcpd.conf. You just have to make sure that these are correct, and you should be good to go. |
Quote:
|
NAT Software
So first of all I must install a NAT software probably with
apt-get install <NAT software> I could have it, what is the best to install,or could iptables do it ? Quote:
Quote:
In the end I think that the basic ideia of all of this it's around NAT software with IPMASquerade could be done ? |
Quote:
I would also recommend downloading the NAG Guide from the www.tldp.org website. ( Network Administrators Guide ) Also read the IP Masquerading HOWTO linked to in the previous post. You had put the firewall last in your list. Without a NAT router, it should be the first in the list, even if you have only one computer. Your public IP address will be banged on by hackers and bots. You need to configure your firewall to make sure you have all ports closed (unless you are running a public server). |
So if I use iptables has firewall it's correct and just one more opinion, I must have the firewall at the first ethernet device (internet connection) or configure in the local ethernet.
|
A Defense in Depth strategy would have all interfaces firewalled on all computers. Only needed ports would be opened, depending on what services you need. If you have a computer running as a firewall for a network, it is normal practice to only have a bare minimum of software installed, and to even do things like scan for suid and guid commands and uninstall any that aren't necessary. Often a gateway host won't even have Xorg installed. It would be better to have any file server inside the lan and not use your gateway computer for that. Novell published a book on Linux Firewalls. The author put it this way: "Let a firewall be a firewall".
This gateway computer doesn't need to be a powerful machine. If you have an old computer gathering dust because it is outdated, you could dust it off and use it for the firewall. --- I'm not sure I understood your last question. Quote:
The iptables commands may create rules that effect only one interface. Maybe that is what you were getting at. Actually, most firewall setups will configure the firewall to deny everything by default, and then add rules to open up particular ports. --- Some people will also configure a proxy server for certain services that can dig inside the packets of a particular protocol. This is sometimes referred to as an application firewall. The regular firewall does track the state of connections and can use plugins to handle particular applications, but generally it is best at what it is designed to do. --- It may be best to first see if your distro has its own firewall configuration wizard and use it until you understand iptables and the internet protocols enough to roll your own. On SuSE for example, the firewall wizard uses 3 zones. Outside, Inside & DMZ. It defaults to enabling everything on the inside and walling off connections from the inside. The DMZ zone is the default zone for a public server. If you were running a web server for example, you would open up port 80 and forward it to the DMZ interface. You could even add more zones if you wanted to. If you simply want to connect your regular desktop to the DSL modem and share the network connection, then you wouldn't assign any interface to the dmz zone and would close all ports on the internet side (the dsl modem) and open up ports that you need on the LAN interface. You should be able to do all of this from your distro's configuration utilities. You do need to run a dhcp server as well (for the LAN). You probably have a configuration wizard for that as well. --- Good Luck! |
Salutations!
First off let me say this. I'm 21 and know the most about computers in my family. I'm in college but not in the computer/programming type. So I know the basics of what the norm or basics is. I know how to turn a computer on and if everything works good I can do a few programs. But mainly I use it for the internet and to play Xbox live, or type term papers. My problem is this and I don't know how to type it as most other people do in this community. I wanted to hook up my xbox 360 to the internet so I may play online. So I bought a Linksys router. Model BEFSR41, It's a etherfast cable/dsl router. I'm guessing that it's a pretty basic router. I have a cable Modem. Thats about all I know about it. I did the set up cd for it. and when it starts doing the system configurations and tells me that the router could not access the internet. I went to the routers IP address with a friend of mine who is just a wee little bit smarter about computers then I and somehow we got it to were I could access the internet and play Xbox live. Everything was fine. Then after a week everything went to shit. My modem was saying that it was on and the receiving light was blinking. I could not access the internet or play online on my xbox. I have no idea on what to do or whats wrong. Can anyone help me at all. If you need information about something I could tell you if that would help you come up with a answer for me. Many thanks. EyeHateChex |
eyehatechex
Hi eyehatechex
Could you please confirm if your router is wireless ? Could you try to make a reset behind the router there is always a button saying reset. Then you must configure like the last time. I hope I had help for you. |
Kernel differences
Hi people,
Thanks for the help being helded, I've tried to work with IPMAsquerade HOW To and I have a slightly difference When I execute this command uname -a I've got the following 2.6.22-14-server, probably it's the version of kernel. I've tried to walk a little bit but I 've some problems like this. When executing this command ls /proc/sys/net/ipv4 No problem ip_dynaddr ip_forward Althought when I execute the other two commands /sbin/lsmod ls /proc/net/ I couldn't find the above files. ip_masquerade ip_conntrack ip_tables_names But the problems still persist When executing this one ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ ip_conntrack.o = dosen't even appear ip_conntrack_ftp.o = dosen't even appear ip_conntrack_irc.o = dosen't even appear ip_nat_ftp.o = nf_nat_ftp.ko -> Couldn't mean the same thing ip_nat_irc.o = nf_nat_irc.ko -> Couldn't mean the same thing ip_tables.o = ip_tables.ko ipt_MASQUERADE.o = ipt_MASQUERADE.ko iptable_nat.o = iptable_nat.ko iptable_mangle.o = arpt_mangle.ko -> Couldn't mean the same thing iptable_filter.o = iptable_filter.ko And some optional ones like: ipchains.o = dosen't even appear ipt_REJECT.o = ipt_REJECT.ko and ipt_tcpmss.o = dosen't even appear Probably the slightly difference could be by the version of kernel,so the question is, is it better to have kernel 2.4 and then recompile kernel 2.6 ? This is in the http://tldp.org/HOWTO/IP-Masquerade-...piling3.1.html |
Quote:
|
Quote:
|
Recently, the modules were changed. There isn't an ip_conntrack module anymore. It is nf_conntrack now. Also, a 2.6 kernel will use iptables and not ipchains.
What ports does the XBOX use? Since you are using a Cable/DSL router, it does the masquerading (NAT) for you. You don't need to set that up in Linux. Simply connect the XBox to the router and have the ports it needs forwarded to the XBox. One thing you might try, if you can't find out which ports the XBox uses is to A) Disconnect the WAN input on the router B) Enable DPnP on the router C) Make a note which ports that DPnP opened C) Disable DPnP and manually forward the ports you need D) Reconnect the router to the internet. Also check the cables. A bad cable, or connector could also be the problem. |
NF Files
Hi
The only file I could find it's nf_conntrack_ipv4.ko, no file with conntrack posted back appears. I understand by your words that could be good to go. Thanks |
Hi people,
Is there anyway to pass through this or is there a How to with kernel 2.6 and the changes made. Because I don't know if it's better to compile kernel 2.4 and the recomplie kernel 2.6 or even if I could pass this part from the how to that it's guiding me . Anyone could help... |
Help
Anyone could help ????
|
There is a Novell book on Firewalls which may be better to use than the 2.4 based Howto. I don't know if there is a newer version of that particular howto. There are iptables howto's that may have a section on masquerading. The changes from ip_conntrack to nf_conntrack for example is very resent. Earlier 2.6 kernels used ip_conntrack. If you modprobe nf_contrack, and then look at lsmod, you will probably see other modules loaded as well. Just modprobe it and use the lsmod results. You will most likely find that you have the modules you need and don't need to recompile your kernel.
What kind of documentation comes with Ubuntu, because I thought it was supposed to be a user friendly distro. I bet that you simply overlooked something in the docs or a config wizard that would make things easier for you. I don't have an Ubuntu server installed. You might try their wiki, because NATing an internet connection is usually something you can setup from any distro's firewall or network config wizards without having to become an expert in designing firewalls on your own. If they don't you could try a different distro or buy a NAT router. |
| All times are GMT -5. The time now is 07:28 AM. |