LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices


Reply
  Search this Thread
Old 09-20-2004, 01:07 PM   #1
chaosego
Member
 
Registered: Sep 2004
Location: Canada.
Distribution: Slackware 10, SuSE 9.1, VectorLinux 4.3
Posts: 56

Rep: Reputation: 15
Setting up a gateway/dhcp server.


I've read linuxquestions.org for over 2 years now, and have just decided to register.

So let's get down to it.

I finally got my Linksys WPC54GS to work in Suse 9.1 (defualt 2.6.4-52), using ndiswrapper 0.9, so I may be able to help anyone with an issue regarding that, as I overcame a few issues myself. Back to business, I want to set up this computer (running Suse 9.1 personal) as a gateway/dhcp server for my other computer (running Windows XP). I'll be using wlan0 as the internet connection and eth0 to connect to a hub. I'm really not to sure where to start, so any help is appreciated.
 
Old 09-20-2004, 01:39 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
well, for the dhcp server, it's basically just a matter of installing the package, and then editing your /etc/dhcpd.conf file...

as for the gateway, you basically just need an iptables script... how comfortable are you with iptables??

ps: you might also wanna install dnsmasq on the gateway, so that the hosts on your lan don't need to use your ISP's DNS servers (this makes web surfing much faster)...

http://thekelleys.org.uk/dnsmasq/doc.html


Last edited by win32sux; 09-20-2004 at 01:46 PM.
 
Old 09-20-2004, 01:54 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's a basic /etc/dhcpd.conf file:

Code:
ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
   range 192.168.0.2 192.168.0.254;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.0.255;
   option domain-name-servers 192.168.0.1;
   option routers 192.168.0.1; }

here's a basic iptables script:

Code:
###############################################################################
### Variables
###############################################################################

IPT="/usr/sbin/iptables"
INET_IFACE="wlan0"
LAN_IFACE="eth0"
LAN_IP="192.168.0.1"
LAN_NET="192.168.0.0/24"
LAN_BCAST="192.168.0.255"
LO_IFACE="lo"
LO_IP="127.0.0.1"


###############################################################################
### Modules
###############################################################################

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_nat_irc
#/sbin/modprobe ip_conntrack_irc


###############################################################################
### Kernel Parameters
###############################################################################

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians


###############################################################################
### Flush Chains and Set Policies
###############################################################################

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT


###############################################################################
### Create User Chains
###############################################################################

$IPT -N INPUT_INET2GATE
$IPT -N INPUT_LAN2GATE
$IPT -N FORWARD_INET2LAN
$IPT -N FORWARD_LAN2INET
$IPT -N BAD_PACKETS


###############################################################################
### INPUT
###############################################################################

$IPT -A INPUT -p ALL -m state --state INVALID -j DROP
$IPT -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPT -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT
$IPT -A INPUT -p ALL -j BAD_PACKETS
$IPT -A INPUT -p ALL -i $INET_IFACE -j INPUT_INET2GATE
$IPT -A INPUT -p ALL -i $LAN_IFACE -j INPUT_LAN2GATE
$IPT -A INPUT -p ALL -j LOG --log-prefix "INPUT DROP: "


###############################################################################
### FORWARD
###############################################################################

$IPT -A FORWARD -p ALL -m state --state INVALID -j DROP
$IPT -A FORWARD -p ALL -j BAD_PACKETS
$IPT -A FORWARD -p ALL -i $LAN_IFACE -o $INET_IFACE -j FORWARD_LAN2INET
$IPT -A FORWARD -p ALL -i $INET_IFACE -o $LAN_IFACE -j FORWARD_INET2LAN
$IPT -A FORWARD -p ALL -j LOG --log-prefix "FORWARD DROP: "


###############################################################################
### OUTPUT
###############################################################################

$IPT -A OUTPUT -p ALL -m state --state INVALID -j DROP
$IPT -A OUTPUT -p ALL -o $LO_IFACE -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LAN_IFACE -s $LAN_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -j LOG --log-prefix "OUTPUT DROP: "


###############################################################################
### POSTROUTING
###############################################################################

$IPT -t nat -A POSTROUTING -p ALL -o $INET_IFACE -j MASQUERADE


###############################################################################
### INPUT_INET2GATE
###############################################################################

$IPT -A INPUT_INET2GATE -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A INPUT_INET2GATE -p TCP --dport 22 -m state --state NEW -j ACCEPT
$IPT -A INPUT_INET2GATE -p ALL -j RETURN


###############################################################################
### INPUT_LAN2GATE
###############################################################################

$IPT -A INPUT_LAN2GATE -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT_LAN2GATE -p UDP --dport 53 -m state --state NEW -j ACCEPT
$IPT -A INPUT_LAN2GATE -p TCP --dport 22 -m state --state NEW -j ACCEPT
$IPT -A INPUT_LAN2GATE -p ICMP --icmp-type 8 -m state --state NEW -j ACCEPT
$IPT -A INPUT_LAN2GATE -p ALL -j RETURN


###############################################################################
### FORWARD_INET2LAN
###############################################################################

$IPT -A FORWARD_INET2LAN -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD_INET2LAN -p ALL -j RETURN


###############################################################################
### FORWARD_LAN2INET
###############################################################################

$IPT -A FORWARD_LAN2INET -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD_LAN2INET -p TCP --dport 443 -m state --state NEW -j ACCEPT
$IPT -A FORWARD_LAN2INET -p TCP --dport 80 -m state --state NEW -j ACCEPT
$IPT -A FORWARD_LAN2INET -p ICMP --icmp-type 8 -m state --state NEW -j ACCEPT
$IPT -A FORWARD_LAN2INET -p ALL -j RETURN


###############################################################################
### BAD_PACKETS
###############################################################################

$IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP
$IPT -A BAD_PACKETS -p ICMP --fragment -j DROP
$IPT -A BAD_PACKETS -p ALL -d 255.255.255.255 -j DROP
$IPT -A BAD_PACKETS -p ALL -d $LAN_BCAST -j DROP
$IPT -A BAD_PACKETS -p ALL -i $LAN_IFACE -s ! $LAN_NET -j DROP
$IPT -A BAD_PACKETS -p ALL -i $LAN_IFACE -s $LAN_IP -j DROP
$IPT -A BAD_PACKETS -p ALL -i $LAN_IFACE -s $LO_IP -j DROP
$IPT -A BAD_PACKETS -p ALL -i $INET_IFACE -s $LAN_NET -j DROP
$IPT -A BAD_PACKETS -p ALL -i $INET_IFACE -s $LO_IP -j DROP
$IPT -A BAD_PACKETS -p ALL -j RETURN


echo "So let it be written, so let it be done."

Last edited by win32sux; 09-21-2004 at 02:41 PM.
 
Old 09-20-2004, 03:28 PM   #4
chaosego
Member
 
Registered: Sep 2004
Location: Canada.
Distribution: Slackware 10, SuSE 9.1, VectorLinux 4.3
Posts: 56

Original Poster
Rep: Reputation: 15
Downloaded the packages for DHCP, DHCP Server, DHCP Tools, and Dnsmasq.
Installed them all.
I did some reading on iptables, I have a decent idea of what they are now, and what they do, not so sure on how to make/implement them yet.

The /etc/dhcpd.conf and the iptables script; are they ment to work together, or just sperate examples of each?
 
Old 09-20-2004, 03:57 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by chaosego
Downloaded the packages for DHCP, DHCP Server, DHCP Tools, and Dnsmasq.
Installed them all.
I did some reading on iptables, I have a decent idea of what they are now, and what they do, not so sure on how to make/implement them yet.

The /etc/dhcpd.conf and the iptables script; are they ment to work together, or just sperate examples of each?
they are separate examples... however, the iptables script is configured to allow a dhcp server on the lan, the rule that allows that is:

Code:
$IPT -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT
basically, you just execute the iptables script and you're done... copy/paste the script from here into a text file, make the file executable, and execute it (as root)...

once you know the script is working the way you want it to (you might need to make some adjustments to the script), you just set it to run automatically on startup...

as for dnsmasq, you might not need to configure anything at all, just start it with this command:

Code:
dnsmasq --interface=eth0
once you have it working right, then also just add the command to your startup sequence... the same goes for the dhcp server, which can be started with:

Code:
dhcpd eth0

here's a good resource for iptables educational material:

http://www.linuxguruz.com/iptables
 
Old 09-20-2004, 04:18 PM   #6
chaosego
Member
 
Registered: Sep 2004
Location: Canada.
Distribution: Slackware 10, SuSE 9.1, VectorLinux 4.3
Posts: 56

Original Poster
Rep: Reputation: 15
Before I configured my wireless card, this laptop always used to access the internet via it's eth0. Should I be making a lot of changes to ifcfg-eth0? Or could I just make a new ifcfg-eth0.1 for when I want to use it as the gateway/dhcp server ? If so are there any significant changes I need to make, and what are they? Thanks for all your help so far.

Oh I was curious where you got that iptable script. Did you write it yourself, or is there an archieve somewhere?
 
Old 09-20-2004, 04:22 PM   #7
chaosego
Member
 
Registered: Sep 2004
Location: Canada.
Distribution: Slackware 10, SuSE 9.1, VectorLinux 4.3
Posts: 56

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by win32sux
make the file executable, and execute it (as root)...
Please elaborate, mainly on how to make it executable. I'm guess it will be with chmod, which I've only used before, and sparringly. (If it's not clear yet, I'm still pretty new with linux, but I'm trying to learn. )
 
Old 09-20-2004, 06:24 PM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by chaosego
Before I configured my wireless card, this laptop always used to access the internet via it's eth0. Should I be making a lot of changes to ifcfg-eth0? Or could I just make a new ifcfg-eth0.1 for when I want to use it as the gateway/dhcp server ? If so are there any significant changes I need to make, and what are they? Thanks for all your help so far.

Oh I was curious where you got that iptable script. Did you write it yourself, or is there an archieve somewhere?
basically you just need eth0 (your lan interface) to have an ip like 192.168.0.1 and a netmask like 255.255.255.0... your internet interface should be configured in the normal way, either statically or with dhcp.. i'm not sure what kinda configuration your external card uses...

i made the script myself, it's similar to what i use on my box... the link i posted above has plenty of other example scripts...


Last edited by win32sux; 09-21-2004 at 03:09 PM.
 
Old 09-20-2004, 06:25 PM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by chaosego
Please elaborate, mainly on how to make it executable. I'm guess it will be with chmod, which I've only used before, and sparringly. (If it's not clear yet, I'm still pretty new with linux, but I'm trying to learn. )
you're on the right track...

Code:
chown root.root example.txt

chmod 700 example.txt
the first command makes root the owner of the file...

in the second command, the 7 gives root read/write/execute permission, the first 0 gives users in root's group zero permissions (nothing) and the second 0 gives other users zero permission...

then, to execute the file (as root) do:

Code:
./example.txt
 
Old 09-20-2004, 09:34 PM   #10
chaosego
Member
 
Registered: Sep 2004
Location: Canada.
Distribution: Slackware 10, SuSE 9.1, VectorLinux 4.3
Posts: 56

Original Poster
Rep: Reputation: 15
When I try and do

# dhcpd eth0

I get the following error:

"No subnet declaration for eth0 (0.0.0.0).
** Ignoring requests on eth0. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth0 is attached. **


Not configured to listen on any interfaces! "

I'm trying to fiddle with the dhcpd.conf atm, but I don't seem to be getting anywhere.

[Edit]

I am not 100% sure of the order which I should be doing these commands. As of now I'm doing something like :

# ./gateway.iptables //the ip table script you posted

#ifup eth0

#dnsmasq --interface=eth0

#dhchd eth0

Other then the error I said above, the only other thing that goes on is it waits for the eth0 to connect to a dhcp server (which I know there isn't one running yet, but i'm gonna run it ... right?), so it sets it to listen in the background? I'm getting slightly more 'in the loop' here, but I'm also getting slightly more lost. hehe.


Last edited by chaosego; 09-20-2004 at 09:40 PM.
 
Old 09-21-2004, 07:55 AM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
your eth0 shouldn't be connecting to any dhcp server... you'd need to run a dhcp client to do that, and that's not what you're doing...

make sure you have eth0 properly configured before you attempt to make the dhcp server listen on it...

Code:
ifconfig eth0 inet 192.168.0.1 netmask 255.255.255.0
after eth0 is configured then you can start the dhcp daemon (make sure you copy/paste the example configuration into your /etc/dhcpd.conf)...

ps: i just edited the script, adding a rule allowing pings from the lan to the internet, so that you can test the forwarding easily by pinging internet hosts...


Last edited by win32sux; 09-21-2004 at 08:01 AM.
 
Old 09-21-2004, 12:32 PM   #12
soylentgreen
Member
 
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221

Rep: Reputation: 30
first, i wanted to thank win32sux for being so very clear on your explanation.. i managed to follow it, as i am trying to do just about the same thing.

i followed everything up to the end, and i got my gf's windoze machine to PING out, but cannot get outbound browsing. (no MSN, no IE)
but it CAN ping out by name and number...

any suggestions?

thanks..

slackware 10 on dell latitude w/ 2 ethernet cards
eth0 = internet
eth1 = local ( i modified the scripts to reflect this)

thanx!
 
Old 09-21-2004, 12:53 PM   #13
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by soylentgreen
first, i wanted to thank win32sux for being so very clear on your explanation.. i managed to follow it, as i am trying to do just about the same thing.

i followed everything up to the end, and i got my gf's windoze machine to PING out, but cannot get outbound browsing. (no MSN, no IE)
but it CAN ping out by name and number...

any suggestions?

thanks..

slackware 10 on dell latitude w/ 2 ethernet cards
eth0 = internet
eth1 = local ( i modified the scripts to reflect this)

thanx!
okay so you can't surf from the lan, but you can ping an ip like "216.239.57.99" and a domain like "google.com" from your girlfriend's pc on the lan??

what does the logfile show when you attempt to surf from the lan??

Code:
tail -f /var/log/syslog
also, make sure you don't have your girlfriend's pc set to use a proxy or something...

are you using a dns daemon on the slackware gateway??


Last edited by win32sux; 09-21-2004 at 12:57 PM.
 
Old 09-21-2004, 12:58 PM   #14
soylentgreen
Member
 
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221

Rep: Reputation: 30
Sep 21 13:56:02 slacktop kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.0.58 DST=64.233.171.104 LEN=474 TOS=0x00 PREC=0x00 TTL=127 ID=3089 DF PROTO=TCP SPT=4232 DPT=80 WINDOW=64240 RES=0x00 ACK PSH URGP=0

Sep 21 13:56:38 slacktop kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.0.58 DST=64.233.171.104 LEN=474 TOS=0x00 PREC=0x00 TTL=127 ID=3101 DF PROTO=TCP SPT=4232 DPT=80 WINDOW=64240 RES=0x00 ACK PSH URGP=0
Sep 21 13:56:41 slacktop kernel: INPUT DROP: IN=eth0 OUT= MAC=00:80:c7:3f:28:27:00:05:5f:e8:70:70:08:00 SRC=143.229.142.174 DST=68.42.81.220 LEN=60 TOS=0x00 PREC=0x00 TTL=116 ID=20433 PROTO=UDP SPT=6348 DPT=6348 LEN=40
Sep 21 13:56:51 slacktop kernel: INPUT DROP: IN=eth0 OUT= MAC=00:80:c7:3f:28:27:00:05:5f:e8:70:70:08:00 SRC=68.61.117.76 DST=68.42.81.220 LEN=60 TOS=0x00 PREC=0x00 TTL=121 ID=49680 PROTO=UDP SPT=6346 DPT=6348 LEN=40
Sep 21 13:56:51 slacktop kernel: INPUT DROP: IN=eth0 OUT= MAC=00:80:c7:3f:28:27:00:05:5f:e8:70:70:08:00 SRC=209.161.228.131 DST=68.42.81.220 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54859 DF PROTO=TCP SPT=1984 DPT=6346 WINDOW=65535 RES=0x00 SYN URGP=0

her IP addy is 192.168.0.58...
i'm relatively new to linux also.. so thanx for being patient.
 
Old 09-21-2004, 01:10 PM   #15
soylentgreen
Member
 
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221

Rep: Reputation: 30
she doesn't have a proxy running..
previously i had this machine w/xp and ICS...
she can ping google.com and numbers.. but no browsing.. hopefully i captured what you needed to see from the log..

let me know if i need to give you any other info

thanx again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Gateway / DHCP Server problem on Slackware captain_bogus Linux - Networking 11 11-25-2008 01:28 PM
Help in setting up Gateway, DHCP and DNS Server depam Linux - Software 1 10-06-2005 11:52 AM
DHCP, Gateway and DNS server depam Linux - Networking 3 10-05-2005 07:33 PM
sles 9.2 dhcp server not assigning default gateway pat45 Linux - Networking 1 05-07-2005 05:51 AM
[slack 10] setting standard gateway while using dhcp lease Peluso Linux - Networking 2 11-08-2004 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking

All times are GMT -5. The time now is 10:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration