LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-05-2008, 04:10 PM   #16
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378

1) I always suggest reading the IP Masquerading HOWTO for information on this. You need to make sure that the net.ipv4.conf.default.forwarding sysctl variable is set to 1 (you can use /etc/sysctl.conf for this). IIRC the last time I did this the sysctl variable was net.ipv4.ip_forward so some systems might do this, but my Kubuntu 7.10 machine tells me net.ipv4.conf.default.forwarding is the correct variable for it. You'll also need to set up some iptables rules to handle the packet mangling -- the link I posted for you tells you how to do that.

2) Yes -- sounds like you just need to tell the WAN interface to configure itself via DHCP and it sounds like it will work (DSL users like myself have a few extra hoops to jump through with PPP, but cable modem users are in the clear on this).

3) Again, yes -- just set it to a static IP address -- I always set my router to the first address on the subnet, i.e. X.X.X.1, but there's no reason it has to be done that way.

5) Don't understand your question -- so long as you tell Ubuntu that the interface ahould be configured via DHCP in /etc/network/interfaces you should be set for this part.

6) Best to have a startup script that starts dhcpd on boot, but yes, you want to tell it to listen on your LAN interface and hand out a range of addresses.

7) You set the IP configuration params for your machine in /etc/network/interfaces. You set all of the IP address, netmask, default gateway (your box), and optionally name servers gfor the DHCP clients on your network in the dhcpd.conf. You just have to make sure that these are correct, and you should be good to go.
 
Old 01-05-2008, 08:04 PM   #17
uffe2
Member
 
Registered: Dec 2007
Posts: 59

Rep: Reputation: 15
Quote:
Originally Posted by LMSSML View Post
Thanks for the help being helded .

1) Use your server as a NAT gateway.Is there a way to define this ?
No, you must install a router NAT software

2) Connect one NIC card to the modem (or Internet)
(defined as the NAT-servers WAN interface) How could be define the NAT-servers as WAN interface ?Is it defined on the /etc/network/interfaces file ?

No, normally for NAT equipment the interfaec is just called and labeled as the "WAN" interface. You should not define "WAN" in any configuration in the server.

3) Connect the other NIC card to a switch with serveral Ethernet ports
(defined as the NAT-servers LAN interface) How could be define the NAT-servers LAN interface ? Is it defined on the /etc/network/interfaces file ?
No, normally for NAT equipment the interfaec is just called and labeled as the "LAN" interface. You should not define "LAN" in any configuration in the server.

4) Connect all other PC's to the switch Done

5) Install a DHCP-server and DHCP-client software on your server I think I can handle with this.

5) The servers WAN interface should be defined as a DHCP-client
(the DHCP client should get one public IP-address
from the ISP with DHCP when the server start up)So my problems start in here, this is defined on the dhcp or in other local ?
If you install the NAT software on your server and use the NAT-configuration of it then I belive it give you a clear picture how you should do.

6) The server LAN interface should be defined as a DHCP-server
(the DHCP-server on the LAN interface delivery
private IP-addresses to all your PC's)
(=>one unique private IP-address for each PC)Ok here I think with this I could define where dhcp will work /usr/sbin/dhcp dev ethx (ethx belong to eth to define dhcp)

7) Configure the DHCP server (on your servers LAN interface)I think this is an introduction to the below points

7.1 Set a private IP-address of the servers LAN interface
(e.g. 192.168.0.100)
This could be defined like this auto eth1
iface eth1 inet static
address 192.168.0.101
netmask 255.255.255.0
gateway 192.168.0.100


7.2 Set a subnet mask (e.g. 255.255.255.0) Couldn't this be done in the above point ? if not where I could define it ?

7.3 Definde a scope of private IP-address to your servers DHCP-server
(e.g. 192.168.0.10-192.168.0.99).This could be probably defined on the dhcp (/etc/dhcp.conf) and must start with range 192.168.0.10 192.168.0.99

7.4 Set a default gateway to the LAN interfaces IP-address
(e.g. 192.168.0.100)This probably would be the same has the above point, if not, where it can be defined.

Thanks for your patient and once again thanks a lot
1234567890
 
Old 01-06-2008, 06:23 AM   #18
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Cool NAT Software

So first of all I must install a NAT software probably with

apt-get install <NAT software>

I could have it, what is the best to install,or could iptables do it ?


Quote:
No, normally for NAT equipment the interfaec is just called and labeled as the "WAN" interface. You should not define "WAN" in any configuration in the server.
I don't understand wht you mean, but probably it's "don't do any change with any configuration to implement WAN"

Quote:
No, normally for NAT equipment the interfaec is just called and labeled as the "LAN" interface. You should not define "LAN" in any configuration in the server.
Here is the same could you clarify the ideia. How to do that. Where to do that.

In the end I think that the basic ideia of all of this it's around NAT software with IPMASquerade could be done ?
 
Old 01-06-2008, 03:59 PM   #19
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Quote:
1) Use your server as a NAT gateway.Is there a way to define this ?
No, you must install a router NAT software
The NAT functionality is supplied by the netfilter part of the kernel. You need to configure masquerading along with configuring the Firewall. The Linux firewall is configured with iptables commands. There are some programs that supply a GUI interface, to produce the iptables commands in a script that are run when you boot up. Some distro's have a checkbox that you can check to enable masquerading. This is probably in the firewall or gateway setup and would be the easiest way to proceed. I don't use Ubuntu, so you will need to look in its documentation yourself. You may also need to modprobe the nf_nat, iptable_nat, nf_conntrack_ipv4, iptable_nat and nf_conntrack kernel modules. You can enter the command "/sbin/lsmod" to check if they are already loaded.

I would also recommend downloading the NAG Guide from the www.tldp.org website. ( Network Administrators Guide ) Also read the IP Masquerading HOWTO linked to in the previous post.

You had put the firewall last in your list. Without a NAT router, it should be the first in the list, even if you have only one computer. Your public IP address will be banged on by hackers and bots. You need to configure your firewall to make sure you have all ports closed (unless you are running a public server).

Last edited by jschiwal; 01-06-2008 at 04:03 PM.
 
Old 01-06-2008, 04:40 PM   #20
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
So if I use iptables has firewall it's correct and just one more opinion, I must have the firewall at the first ethernet device (internet connection) or configure in the local ethernet.
 
Old 01-06-2008, 06:18 PM   #21
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
A Defense in Depth strategy would have all interfaces firewalled on all computers. Only needed ports would be opened, depending on what services you need. If you have a computer running as a firewall for a network, it is normal practice to only have a bare minimum of software installed, and to even do things like scan for suid and guid commands and uninstall any that aren't necessary. Often a gateway host won't even have Xorg installed. It would be better to have any file server inside the lan and not use your gateway computer for that. Novell published a book on Linux Firewalls. The author put it this way: "Let a firewall be a firewall".

This gateway computer doesn't need to be a powerful machine. If you have an old computer gathering dust because it is outdated, you could dust it off and use it for the firewall.

---

I'm not sure I understood your last question.
Quote:
"So if I use iptables has firewall it's correct and just one more opinion"
The iptables command is how the netfilter firewall inside the Linux kernel is configured. If you use a GUI interface, it isn't a separate firewall. It is an interface for creating these iptables commands. It will probably create a script containing iptables commands which are run when the computer boots up.

The iptables commands may create rules that effect only one interface. Maybe that is what you were getting at. Actually, most firewall setups will configure the firewall to deny everything by default, and then add rules to open up particular ports.

---

Some people will also configure a proxy server for certain services that can dig inside the packets of a particular protocol. This is sometimes referred to as an application firewall. The regular firewall does track the state of connections and can use plugins to handle particular applications, but generally it is best at what it is designed to do.

---

It may be best to first see if your distro has its own firewall configuration wizard and use it until you understand iptables and the internet protocols enough to roll your own. On SuSE for example, the firewall wizard uses 3 zones. Outside, Inside & DMZ. It defaults to enabling everything on the inside and walling off connections from the inside. The DMZ zone is the default zone for a public server. If you were running a web server for example, you would open up port 80 and forward it to the DMZ interface. You could even add more zones if you wanted to.

If you simply want to connect your regular desktop to the DSL modem and share the network connection, then you wouldn't assign any interface to the dmz zone and would close all ports on the internet side (the dsl modem) and open up ports that you need on the LAN interface. You should be able to do all of this from your distro's configuration utilities. You do need to run a dhcp server as well (for the LAN). You probably have a configuration wizard for that as well.

---

Good Luck!

Last edited by jschiwal; 01-06-2008 at 06:30 PM.
 
Old 01-06-2008, 07:55 PM   #22
eyehatechex
LQ Newbie
 
Registered: Jan 2008
Posts: 3

Rep: Reputation: 0
Salutations!

First off let me say this. I'm 21 and know the most about computers in my family. I'm in college but not in the computer/programming type. So I know the basics of what the norm or basics is. I know how to turn a computer on and if everything works good I can do a few programs. But mainly I use it for the internet and to play Xbox live, or type term papers.

My problem is this and I don't know how to type it as most other people do in this community. I wanted to hook up my xbox 360 to the internet so I may play online. So I bought a Linksys router. Model BEFSR41, It's a etherfast cable/dsl router. I'm guessing that it's a pretty basic router. I have a cable Modem. Thats about all I know about it. I did the set up cd for it. and when it starts doing the system configurations and tells me that the router could not access the internet. I went to the routers IP address with a friend of mine who is just a wee little bit smarter about computers then I and somehow we got it to were I could access the internet and play Xbox live. Everything was fine. Then after a week everything went to shit. My modem was saying that it was on and the receiving light was blinking. I could not access the internet or play online on my xbox. I have no idea on what to do or whats wrong. Can anyone help me at all. If you need information about something I could tell you if that would help you come up with a answer for me.

Many thanks.

EyeHateChex
 
Old 01-06-2008, 09:11 PM   #23
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Cool eyehatechex

Hi eyehatechex

Could you please confirm if your router is wireless ?

Could you try to make a reset behind the router there is always a button saying reset.

Then you must configure like the last time.

I hope I had help for you.
 
Old 01-06-2008, 10:08 PM   #24
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Smile Kernel differences

Hi people,


Thanks for the help being helded, I've tried to work with IPMAsquerade HOW To and I have a slightly difference


When I execute this command

uname -a

I've got the following 2.6.22-14-server, probably it's the version of kernel.

I've tried to walk a little bit but I 've some problems like this.

When executing this command

ls /proc/sys/net/ipv4

No problem

ip_dynaddr

ip_forward


Althought when I execute the other two commands

/sbin/lsmod
ls /proc/net/

I couldn't find the above files.

ip_masquerade

ip_conntrack

ip_tables_names


But the problems still persist

When executing this one

ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/

ip_conntrack.o = dosen't even appear
ip_conntrack_ftp.o = dosen't even appear
ip_conntrack_irc.o = dosen't even appear
ip_nat_ftp.o = nf_nat_ftp.ko -> Couldn't mean the same thing
ip_nat_irc.o = nf_nat_irc.ko -> Couldn't mean the same thing
ip_tables.o = ip_tables.ko
ipt_MASQUERADE.o = ipt_MASQUERADE.ko
iptable_nat.o = iptable_nat.ko
iptable_mangle.o = arpt_mangle.ko -> Couldn't mean the same thing
iptable_filter.o = iptable_filter.ko

And some optional ones like:

ipchains.o = dosen't even appear
ipt_REJECT.o = ipt_REJECT.ko
and ipt_tcpmss.o = dosen't even appear

Probably the slightly difference could be by the version of kernel,so the question is, is it better to have kernel 2.4 and then recompile kernel 2.6 ?

This is in the

http://tldp.org/HOWTO/IP-Masquerade-...piling3.1.html
 
Old 01-06-2008, 10:49 PM   #25
eyehatechex
LQ Newbie
 
Registered: Jan 2008
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by LMSSML View Post
Hi eyehatechex

Could you please confirm if your router is wireless ?

Could you try to make a reset behind the router there is always a button saying reset.

Then you must configure like the last time.

I hope I had help for you.
Ok, it is not wireless.
 
Old 01-06-2008, 11:00 PM   #26
eyehatechex
LQ Newbie
 
Registered: Jan 2008
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by LMSSML View Post
Hi eyehatechex

Could you please confirm if your router is wireless ?

Could you try to make a reset behind the router there is always a button saying reset.

Then you must configure like the last time.

I hope I had help for you.
Ok, it is not wireless.
 
Old 01-07-2008, 12:30 AM   #27
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Recently, the modules were changed. There isn't an ip_conntrack module anymore. It is nf_conntrack now. Also, a 2.6 kernel will use iptables and not ipchains.

What ports does the XBOX use? Since you are using a Cable/DSL router, it does the masquerading (NAT) for you. You don't need to set that up in Linux. Simply connect the XBox to the router and have the ports it needs forwarded to the XBox.

One thing you might try, if you can't find out which ports the XBox uses is to A) Disconnect the WAN input on the router B) Enable DPnP on the router C) Make a note which ports that DPnP opened C) Disable DPnP and manually forward the ports you need D) Reconnect the router to the internet.

Also check the cables. A bad cable, or connector could also be the problem.
 
Old 01-07-2008, 07:35 AM   #28
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Wink NF Files

Hi

The only file I could find it's nf_conntrack_ipv4.ko, no file with conntrack posted back appears.

I understand by your words that could be good to go.

Thanks
 
Old 01-07-2008, 03:56 PM   #29
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Smile

Hi people,

Is there anyway to pass through this or is there a How to with kernel 2.6 and the changes made.

Because I don't know if it's better to compile kernel 2.4 and the recomplie kernel 2.6 or even if I could pass this part from the how to that it's guiding me .


Anyone could help...
 
Old 01-08-2008, 01:47 PM   #30
LMSSML
Member
 
Registered: Nov 2007
Distribution: Ubuntu Server and Desktop
Posts: 41

Original Poster
Rep: Reputation: 15
Cool Help

Anyone could help ????
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cable Modem and RH AS 2.1 pjoran Linux - Networking 3 06-07-2005 02:57 PM
cable modem help mifan Linux - Newbie 3 02-16-2005 04:25 PM
printer cable > modem cable? C++freak Linux - Hardware 1 06-21-2003 01:53 PM
cable modem Rnastyracer Linux - Newbie 7 12-26-2002 11:06 AM
Cable Modem Painmaster Linux - Newbie 2 03-18-2002 12:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration