Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
01-05-2008, 04:10 PM
|
#16
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
1) I always suggest reading the IP Masquerading HOWTO for information on this. You need to make sure that the net.ipv4.conf.default.forwarding sysctl variable is set to 1 (you can use /etc/sysctl.conf for this). IIRC the last time I did this the sysctl variable was net.ipv4.ip_forward so some systems might do this, but my Kubuntu 7.10 machine tells me net.ipv4.conf.default.forwarding is the correct variable for it. You'll also need to set up some iptables rules to handle the packet mangling -- the link I posted for you tells you how to do that.
2) Yes -- sounds like you just need to tell the WAN interface to configure itself via DHCP and it sounds like it will work (DSL users like myself have a few extra hoops to jump through with PPP, but cable modem users are in the clear on this).
3) Again, yes -- just set it to a static IP address -- I always set my router to the first address on the subnet, i.e. X.X.X.1, but there's no reason it has to be done that way.
5) Don't understand your question -- so long as you tell Ubuntu that the interface ahould be configured via DHCP in /etc/network/interfaces you should be set for this part.
6) Best to have a startup script that starts dhcpd on boot, but yes, you want to tell it to listen on your LAN interface and hand out a range of addresses.
7) You set the IP configuration params for your machine in /etc/network/interfaces. You set all of the IP address, netmask, default gateway (your box), and optionally name servers gfor the DHCP clients on your network in the dhcpd.conf. You just have to make sure that these are correct, and you should be good to go.
|
|
|
01-05-2008, 08:04 PM
|
#17
|
Member
Registered: Dec 2007
Posts: 59
Rep:
|
Quote:
Originally Posted by LMSSML
Thanks for the help being helded .
1) Use your server as a NAT gateway.Is there a way to define this ?
No, you must install a router NAT software
2) Connect one NIC card to the modem (or Internet)
(defined as the NAT-servers WAN interface) How could be define the NAT-servers as WAN interface ?Is it defined on the /etc/network/interfaces file ?
No, normally for NAT equipment the interfaec is just called and labeled as the "WAN" interface. You should not define "WAN" in any configuration in the server.
3) Connect the other NIC card to a switch with serveral Ethernet ports
(defined as the NAT-servers LAN interface) How could be define the NAT-servers LAN interface ? Is it defined on the /etc/network/interfaces file ?
No, normally for NAT equipment the interfaec is just called and labeled as the "LAN" interface. You should not define "LAN" in any configuration in the server.
4) Connect all other PC's to the switch Done
5) Install a DHCP-server and DHCP-client software on your server I think I can handle with this.
5) The servers WAN interface should be defined as a DHCP-client
(the DHCP client should get one public IP-address
from the ISP with DHCP when the server start up)So my problems start in here, this is defined on the dhcp or in other local ?
If you install the NAT software on your server and use the NAT-configuration of it then I belive it give you a clear picture how you should do.
6) The server LAN interface should be defined as a DHCP-server
(the DHCP-server on the LAN interface delivery
private IP-addresses to all your PC's)
(=>one unique private IP-address for each PC)Ok here I think with this I could define where dhcp will work /usr/sbin/dhcp dev ethx (ethx belong to eth to define dhcp)
7) Configure the DHCP server (on your servers LAN interface)I think this is an introduction to the below points
7.1 Set a private IP-address of the servers LAN interface
(e.g. 192.168.0.100)
This could be defined like this auto eth1
iface eth1 inet static
address 192.168.0.101
netmask 255.255.255.0
gateway 192.168.0.100
7.2 Set a subnet mask (e.g. 255.255.255.0) Couldn't this be done in the above point ? if not where I could define it ?
7.3 Definde a scope of private IP-address to your servers DHCP-server
(e.g. 192.168.0.10-192.168.0.99).This could be probably defined on the dhcp (/etc/dhcp.conf) and must start with range 192.168.0.10 192.168.0.99
7.4 Set a default gateway to the LAN interfaces IP-address
(e.g. 192.168.0.100)This probably would be the same has the above point, if not, where it can be defined.
Thanks for your patient and once again thanks a lot
|
1234567890
|
|
|
01-06-2008, 06:23 AM
|
#18
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
NAT Software
So first of all I must install a NAT software probably with
apt-get install <NAT software>
I could have it, what is the best to install,or could iptables do it ?
Quote:
No, normally for NAT equipment the interfaec is just called and labeled as the "WAN" interface. You should not define "WAN" in any configuration in the server.
|
I don't understand wht you mean, but probably it's "don't do any change with any configuration to implement WAN"
Quote:
No, normally for NAT equipment the interfaec is just called and labeled as the "LAN" interface. You should not define "LAN" in any configuration in the server.
|
Here is the same could you clarify the ideia. How to do that. Where to do that.
In the end I think that the basic ideia of all of this it's around NAT software with IPMASquerade could be done ?
|
|
|
01-06-2008, 03:59 PM
|
#19
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Quote:
1) Use your server as a NAT gateway.Is there a way to define this ?
No, you must install a router NAT software
|
The NAT functionality is supplied by the netfilter part of the kernel. You need to configure masquerading along with configuring the Firewall. The Linux firewall is configured with iptables commands. There are some programs that supply a GUI interface, to produce the iptables commands in a script that are run when you boot up. Some distro's have a checkbox that you can check to enable masquerading. This is probably in the firewall or gateway setup and would be the easiest way to proceed. I don't use Ubuntu, so you will need to look in its documentation yourself. You may also need to modprobe the nf_nat, iptable_nat, nf_conntrack_ipv4, iptable_nat and nf_conntrack kernel modules. You can enter the command "/sbin/lsmod" to check if they are already loaded.
I would also recommend downloading the NAG Guide from the www.tldp.org website. ( Network Administrators Guide ) Also read the IP Masquerading HOWTO linked to in the previous post.
You had put the firewall last in your list. Without a NAT router, it should be the first in the list, even if you have only one computer. Your public IP address will be banged on by hackers and bots. You need to configure your firewall to make sure you have all ports closed (unless you are running a public server).
Last edited by jschiwal; 01-06-2008 at 04:03 PM.
|
|
|
01-06-2008, 04:40 PM
|
#20
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
So if I use iptables has firewall it's correct and just one more opinion, I must have the firewall at the first ethernet device (internet connection) or configure in the local ethernet.
|
|
|
01-06-2008, 06:18 PM
|
#21
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
A Defense in Depth strategy would have all interfaces firewalled on all computers. Only needed ports would be opened, depending on what services you need. If you have a computer running as a firewall for a network, it is normal practice to only have a bare minimum of software installed, and to even do things like scan for suid and guid commands and uninstall any that aren't necessary. Often a gateway host won't even have Xorg installed. It would be better to have any file server inside the lan and not use your gateway computer for that. Novell published a book on Linux Firewalls. The author put it this way: "Let a firewall be a firewall".
This gateway computer doesn't need to be a powerful machine. If you have an old computer gathering dust because it is outdated, you could dust it off and use it for the firewall.
---
I'm not sure I understood your last question.
Quote:
"So if I use iptables has firewall it's correct and just one more opinion"
|
The iptables command is how the netfilter firewall inside the Linux kernel is configured. If you use a GUI interface, it isn't a separate firewall. It is an interface for creating these iptables commands. It will probably create a script containing iptables commands which are run when the computer boots up.
The iptables commands may create rules that effect only one interface. Maybe that is what you were getting at. Actually, most firewall setups will configure the firewall to deny everything by default, and then add rules to open up particular ports.
---
Some people will also configure a proxy server for certain services that can dig inside the packets of a particular protocol. This is sometimes referred to as an application firewall. The regular firewall does track the state of connections and can use plugins to handle particular applications, but generally it is best at what it is designed to do.
---
It may be best to first see if your distro has its own firewall configuration wizard and use it until you understand iptables and the internet protocols enough to roll your own. On SuSE for example, the firewall wizard uses 3 zones. Outside, Inside & DMZ. It defaults to enabling everything on the inside and walling off connections from the inside. The DMZ zone is the default zone for a public server. If you were running a web server for example, you would open up port 80 and forward it to the DMZ interface. You could even add more zones if you wanted to.
If you simply want to connect your regular desktop to the DSL modem and share the network connection, then you wouldn't assign any interface to the dmz zone and would close all ports on the internet side (the dsl modem) and open up ports that you need on the LAN interface. You should be able to do all of this from your distro's configuration utilities. You do need to run a dhcp server as well (for the LAN). You probably have a configuration wizard for that as well.
---
Good Luck!
Last edited by jschiwal; 01-06-2008 at 06:30 PM.
|
|
|
01-06-2008, 07:55 PM
|
#22
|
LQ Newbie
Registered: Jan 2008
Posts: 3
Rep:
|
Salutations!
First off let me say this. I'm 21 and know the most about computers in my family. I'm in college but not in the computer/programming type. So I know the basics of what the norm or basics is. I know how to turn a computer on and if everything works good I can do a few programs. But mainly I use it for the internet and to play Xbox live, or type term papers.
My problem is this and I don't know how to type it as most other people do in this community. I wanted to hook up my xbox 360 to the internet so I may play online. So I bought a Linksys router. Model BEFSR41, It's a etherfast cable/dsl router. I'm guessing that it's a pretty basic router. I have a cable Modem. Thats about all I know about it. I did the set up cd for it. and when it starts doing the system configurations and tells me that the router could not access the internet. I went to the routers IP address with a friend of mine who is just a wee little bit smarter about computers then I and somehow we got it to were I could access the internet and play Xbox live. Everything was fine. Then after a week everything went to shit. My modem was saying that it was on and the receiving light was blinking. I could not access the internet or play online on my xbox. I have no idea on what to do or whats wrong. Can anyone help me at all. If you need information about something I could tell you if that would help you come up with a answer for me.
Many thanks.
EyeHateChex
|
|
|
01-06-2008, 09:11 PM
|
#23
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
eyehatechex
Hi eyehatechex
Could you please confirm if your router is wireless ?
Could you try to make a reset behind the router there is always a button saying reset.
Then you must configure like the last time.
I hope I had help for you.
|
|
|
01-06-2008, 10:08 PM
|
#24
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
Kernel differences
Hi people,
Thanks for the help being helded, I've tried to work with IPMAsquerade HOW To and I have a slightly difference
When I execute this command
uname -a
I've got the following 2.6.22-14-server, probably it's the version of kernel.
I've tried to walk a little bit but I 've some problems like this.
When executing this command
ls /proc/sys/net/ipv4
No problem
ip_dynaddr
ip_forward
Althought when I execute the other two commands
/sbin/lsmod
ls /proc/net/
I couldn't find the above files.
ip_masquerade
ip_conntrack
ip_tables_names
But the problems still persist
When executing this one
ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/
ip_conntrack.o = dosen't even appear
ip_conntrack_ftp.o = dosen't even appear
ip_conntrack_irc.o = dosen't even appear
ip_nat_ftp.o = nf_nat_ftp.ko -> Couldn't mean the same thing
ip_nat_irc.o = nf_nat_irc.ko -> Couldn't mean the same thing
ip_tables.o = ip_tables.ko
ipt_MASQUERADE.o = ipt_MASQUERADE.ko
iptable_nat.o = iptable_nat.ko
iptable_mangle.o = arpt_mangle.ko -> Couldn't mean the same thing
iptable_filter.o = iptable_filter.ko
And some optional ones like:
ipchains.o = dosen't even appear
ipt_REJECT.o = ipt_REJECT.ko
and ipt_tcpmss.o = dosen't even appear
Probably the slightly difference could be by the version of kernel,so the question is, is it better to have kernel 2.4 and then recompile kernel 2.6 ?
This is in the
http://tldp.org/HOWTO/IP-Masquerade-...piling3.1.html
|
|
|
01-06-2008, 10:49 PM
|
#25
|
LQ Newbie
Registered: Jan 2008
Posts: 3
Rep:
|
Quote:
Originally Posted by LMSSML
Hi eyehatechex
Could you please confirm if your router is wireless ?
Could you try to make a reset behind the router there is always a button saying reset.
Then you must configure like the last time.
I hope I had help for you.
|
Ok, it is not wireless.
|
|
|
01-06-2008, 11:00 PM
|
#26
|
LQ Newbie
Registered: Jan 2008
Posts: 3
Rep:
|
Quote:
Originally Posted by LMSSML
Hi eyehatechex
Could you please confirm if your router is wireless ?
Could you try to make a reset behind the router there is always a button saying reset.
Then you must configure like the last time.
I hope I had help for you.
|
Ok, it is not wireless.
|
|
|
01-07-2008, 12:30 AM
|
#27
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Recently, the modules were changed. There isn't an ip_conntrack module anymore. It is nf_conntrack now. Also, a 2.6 kernel will use iptables and not ipchains.
What ports does the XBOX use? Since you are using a Cable/DSL router, it does the masquerading (NAT) for you. You don't need to set that up in Linux. Simply connect the XBox to the router and have the ports it needs forwarded to the XBox.
One thing you might try, if you can't find out which ports the XBox uses is to A) Disconnect the WAN input on the router B) Enable DPnP on the router C) Make a note which ports that DPnP opened C) Disable DPnP and manually forward the ports you need D) Reconnect the router to the internet.
Also check the cables. A bad cable, or connector could also be the problem.
|
|
|
01-07-2008, 07:35 AM
|
#28
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
NF Files
Hi
The only file I could find it's nf_conntrack_ipv4.ko, no file with conntrack posted back appears.
I understand by your words that could be good to go.
Thanks
|
|
|
01-07-2008, 03:56 PM
|
#29
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
Hi people,
Is there anyway to pass through this or is there a How to with kernel 2.6 and the changes made.
Because I don't know if it's better to compile kernel 2.4 and the recomplie kernel 2.6 or even if I could pass this part from the how to that it's guiding me .
Anyone could help...
|
|
|
01-08-2008, 01:47 PM
|
#30
|
Member
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41
Original Poster
Rep:
|
Help
Anyone could help ????
|
|
|
All times are GMT -5. The time now is 08:06 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|