I'm rebuilding our firewall from a unique version of linux (Carbonwave CarbonWall) to something a bit more normal, Redhat 8. But I've run into a problem, I cannot get computers on the network to see the internet, even if I turn the firewall off. The firewall can see the internet, and computers on the intranet. The computers on the intranet can see the firewall, but can't see the internet.
I've set up DHCP, but don't know if I did it right other than the fact that the computers on the network are getting the dhcpd.conf info and showing up in the leases file. I've turned on ip forwarding for the kernel, and I added an IP masquerading line to the iptables.
Other than that I'm flummoxed, I've had this thing for years, but never had to do basic configuration with it like I'm trying now. Also, the book I got Red Hat Linux 8 Bible, seems to have no relation to the operating system Red Hat Linux 8, I've found this forum to be much more help by far (any recomendations on other books welcome).

Red Hat Linux 8
eth0 connected to a DSL set to DHCP
eth1 connected to intranet hub with w2k pcs on it set to 172.168.0.0 255.255.255.0 no gateway
DHCPD.conf:
option subnet-mask 255.255.255.0;
option domain-name-servers 172.168.0.1; - this is my isps dns
option routers 172.168.0.0; -eth1, I've also tried .1 which is my isp
ddns-update-style ad-hoc; -dhcpd made me put this is
subnet 172.168.0.0 netmask 255.255.255.0 { range 172.168.0.10 172.168.0.100; }
These numbers are mostly trial and error, I include them because something in there could be wrong.

TIA

Your ISP has a 172 address?

Try setting the "option routers" to the ip of your linux box since it is going to become your router.

If this doesn't work give a windows client a fixed ip and a gateway of the linux box - if this works you will have narrowed it down to dhcp problems.

When you check the connection to the internet use ip addresses as well as domain names - if only the domain name fails then it is a DNS issue.

Thanks David,
As it turns out it is a DNS issue, I can ping IPs but not domains. I've tried .1 which is the DNS from my isp and .0 which is the firewall, anywhere else I should look to configure DNS?

I don't think you are using your ISP's DNS server it will not be a 172 address. Who is your ISP? Post the address of their site and take a look yourself in their support section for their DNS server ip addresses.

You could try:
66.100.224.8

When I do an ipconfig /all when hooked to the dsl it says my Gateway, DHCP, and DNS are all 172.16.0.1, so that is what I have been going by. That could be the local router, but I didn't think it was a DNS as well, maybe I'm wrong, I thought it needed to be a computer to be a DNS.
I tried 66.100.224.8 with no effect. I'm using an SBC DSL.
Thanks for all your help.

Like I said - check with your ISP what your DNS servers are.

Remember that you will need to release and renew your dhcp lease on the windows boxes after you hcange the dhcpd config.

I'll check back tomorrow to see how you get on.

Thanks a lot David, that was it.

As a follow up to this thread, I've had the DHCP and firewall working well for a day now. But I'm getting something pretty unusual with one of the clients (win2k), after 5-10 min of normal function it drops most of the DHCP info and will not access the network (intra or inter) and won't function again until a reboot. If I use a specific ip address all is well, but I think this is odd because this box has been using DHCP for several years and only started doing this last night when I got everything else working right. Strange, any ideas?

Whats the DHCP lease period? hours? days? And what does the DHCP servers, lease table look like (what information does it have concerning leases, as in time, when hte lease is due to expire, on and on)

Default 720
Max is 86400

Try posting dhcpd.conf.

default-lease-time 720;
max-lease-time 86400;
option subnet mask 255.255.255.0;
option domain-name-servers 206.13.29.12;
option routers 172.168.0.0;
ddns-update-style ad-hoc;
subnet 172.168.0.0 netmask 255.255.255.0 {
range 172.168.0.10 172.168.0.100;
}

Most of this I copied out of a book and then figured most of the numbers by trial and error except the DNS which david pointed out. The ddns-update-style was prompted by the dhcpd when started and failed. This worked well for a while and now two of the w2k machines seem to drop their lease after 12 minutes (which is suspiciously similar to their lease time), the xp machines seem not to be having this problem. I have changed the default-lease-time to 86400, but haven't tested it yet, so the above is the conf file during when I was having problems, I've switched over both machines to static ip for now but would like to put them back to DHCP if I can get it to work. Thanks for all your help.

I would hope thats minutes. But it may be seconds. So its possible every twelve minutes these workstations are looking for a new address, and you may have an arp caching issue. Some devices arp tables may not update that fast which would cause the cached MAC address to not match the dhcp assigned address. If that is the case go for the max (which breaks down to 24 hours if the number listed is seconds). That'll give the arp tables time to clear and renew. Another thing that will help is if forward and reverse DNS are set up for the addresses in the DHCP pool. I hope that helps you.

KVE

That sounds right, I'm testing now with the default set to 86400 seconds and no probs yet. Any pointers or lit I can read on how to set up the forward and reverse DNS? Any good books out there? Thanks,

raising the default lease seems to have fix the problem, we'll see if there's an issue tomorrow when the lease runs out. Thanks for all your help.