LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   IP_Forward (https://www.linuxquestions.org/questions/linux-newbie-8/ip_forward-20497/)

Neur0tek 05-08-2002 11:49 AM
IP_Forward
 
I have been trying to get my Linux machine as a broadband gateway. In the machine are two NIC's eth0 and eth1. eth1 is working as a DHCP server to the WinXP machine and eth0 is my external. I have tried to use SuSE Firewall2 and it's ability to Masquerade but WinXP still will not go out onto the net. Does anyone know what I am supposed to configure? Is the WinXP machine supposed to use eth1 as the gateway and eth1 to use eth0 as the gateway? If so where do I change that?

akohlsmith 05-08-2002 02:55 PM
The easiest solution
 
Is to hop on freshmeat.net and grab just about any of the firewalling script packages. Or, if you're feeling oldskool, go to www.netfilter.org and do some reading. :-)

Neur0tek 05-08-2002 04:19 PM
Going to try the old skool way

Druaga 05-08-2002 05:09 PM
go into (or open up) a terminal.
type:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ipchains -P forward DENY
# ipchains -A forward -i eth0 -j MASQ

this is assuming your internet etherface is eth0 and that you are using ipchains.

you must have your computers behind the gateway set-up to have it as their gateway, and that should be it. easy.

you could also think about running a proxy server, i am running squid on a redhat machine that serves my internet to the rest of my network.

there is also a lengthy thread about just this at www.ms-eradication.org forums.
I cant post the direct link to the thread because this site censors swearing.

akohlsmith 05-08-2002 06:03 PM
wow you just eliminated my career
 
your firewalls are state-of-the-art, drugga!

How about providing the guy a little security :-)

Druaga 05-08-2002 06:08 PM
i was talking about strictly forwarding/masquerading.
when you add security make sure to add:
# ipchains -A output -d .microsoft.com -j DENY
# ipchains -A input -s .microsoft.com -j DENY
to make it even more secure do an "nslookup microsoft.com" and deny all of microsofts IP addresses from contacting your network or from your computers contacting microsoft :)

Neur0tek 05-09-2002 08:54 AM
Yeah I had it set like Drugga said when I first started and I still cannot get the XP machine to grab onto any bandwidth. I put ipchains 1.2.6a on it and all my tests come out fine. I can ping the internal ip from XP but I cannot get the external. After going through every HOWTO from tldp and a few others I think I have SuSE firewall so confused that it doesn't know what to do.
At first I thought it mght be a Kernel issue but when I do an ls on the Kernel it comes back with everything in check. It's a newbie screwup somewhere. Where the obvious thing is eluding me. I just don't know where to look first.

akohlsmith 05-09-2002 09:08 AM
XP
 
Make sure that other computers can see the world from behind the firewall; you need to narrow down the problem to find the cause.

Offhand, make sure that the XP machine has its default gateway set to the IP of your firewall's internal network address and that XP has some nameservers set up.

Neur0tek 05-09-2002 09:42 AM
Ok so just to make sure...my eth1 is set at 192.168.1.2...XP sees the default gateway as 192.168.1.254. so I can ping 192.168.1.2 with no problem. As for name servers...can you elaborrate on that? I guess my next post should have the all the info on it. I am at work so I am having to do this from memory at the moment.

Neur0tek 05-09-2002 09:44 AM
Oh errrr...ok so I should be setting the XP machine to see the gateway of 192.168.1.2? I just read that and it kind of clicked...or was it a fizzle?


All times are GMT -5. The time now is 02:40 PM.