Slackware as gateway (ICS) for WinXP

c31c · 11-02-2005, 11:10 AM

Hi!
I've been trying to set up a router/gateway for my LAN on Slack for a while.

I got to say that i am a total newb to networking interiors and those HOWTOs and Tutorials just didn't work for me (my error/not suited for my problem).

My slack box has got 2 network cards:
one for LAN: eth0, set up as 192.168.0.1 255.255.255.0
one for WAN: eth1, set up as 192.168.1.11 255.255.255.0

eth1 is connected to my ADSL-modem (ip 192.168.1.11)
eth0 is connected to a switch/wlan AP (ip 192.168.0.99)

Now I got internet up and working, but how do i have to configure (iptables or route or something??) so that I can get internet access from a pc that is connected via wlan to the switch/AP and from there to my pc? On this machine, the one i want to give internet access, i use a static ip (192.168.0.11) as i do on all the computers on my LAN.

Note: I got the same setup on WinXP and it works, gateway on the client is set to 192.168.0.1
I can ping all the machines/switches/modems on my LAN, but I don't get the routing rules right...

Thanks in advance!
Any hints or links to info i got to read would be enough

I really am willing to learn, just don't know where to start.

another question btw: i got the drivers for my nics statically compiled in the kernel: how does the kernel decide which physical card becomes eth0, eth1, ethX??? Any links to manuals, docs or even RFCs will be greatly appreciated!

PS: sry for any lang typos/errors, no native, but i'm trying

Alien Bob · 11-02-2005, 01:25 PM

Try generating a firewall script by using the generator at http://easyfwgen.morizot.net/gen/.
Make certain that you select Gateway/Firewall

Save the resulting script as /etc/rc.d/rc.firewall , make it executable by

Code:

chmod +x /etc/rc.d/rc.firewall

and edit the part that reads

Code:

IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"

so that it reads

Code:

IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"

After reboot (or after just running /etc/rc.d/rc.firewall if you don't want to reboot), you will have a working NAT firewall (ICS in Windows terminology).
Cheers, Eric

c31c · 11-02-2005, 02:10 PM

Thanks for your answer!
I tried the tool but it doesn't work for me :/
Actually I just realized that I forgot a quiet important info in my post: I connect to my ISP via pppoe, dynamic IP.
And the network card which is connected to the switch actually is eth1 (192.168.0.1) and eth0 (192.168.1.11) is connected to my adsl modem and through eth0 i use pppoe-start to connect. Sorry for the mixup (just interface names confused...ips and stuff are still right ;))

Now from what I understand my input for that script generator should be:

Internet Interface: ppp0
Select Type of Internet Address: Dynamic Internet IP Address
Single System or Private Network Gateway?: Gateway/Firewall
Internal Network Interface: eth1
Internal Network IP Address: 192.168.0.1
Internal Network: 192.168.0.0/24
Internal Network Broadcast: 192.168.0.255

I left the rest unchecked
Any errors on my side?
If not, what info would help identify the problem?

route gives:

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xdsl-195-14-204 *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
localnet        *               255.255.255.0   U     0      0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
default         *               0.0.0.0         U     0      0        0 ppp0

and ifconfig:

Code:

eth0      Link encap:Ethernet  HWaddr 00:01:53:81:D4:F0
          inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9213 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8390 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5360897 (5.1 Mb)  TX bytes:1220122 (1.1 Mb)
          Interrupt:16 Base address:0xd400

eth1      Link encap:Ethernet  HWaddr 00:01:53:81:D5:FE
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7834 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2574751 (2.4 Mb)  TX bytes:1504 (1.4 Kb)
          Interrupt:17 Base address:0xd000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:840 (840.0 b)  TX bytes:840 (840.0 b)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:195.14.204.245  P-t-P:195.14.204.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:8427 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7598 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:5128259 (4.8 Mb)  TX bytes:1029278 (1005.1 Kb)

the ppp0 ip is dynamic
Thanks a lot in advance

c31c · 11-02-2005, 02:33 PM

Alright....i kinda feel stupid right now...but it works!!!
I used

Quote:

Originally Posted by /etc/rc.d/rc.firewall

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/iptables --flush
/usr/sbin/iptables -t nat -P POSTROUTING DROP
/usr/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/usr/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT

http://www.linuxquestions.org/questi...92#post1932892
and then I just realized that I hadn't changed the DNS-Server section on my win box to the ip of /etc/resolv.conf
worked fine before (ICS win2win) with 192.168.0.1...
thanks a lot for helping

PS: Now I gonna try out that script generated and learn from it

looked like a good start for a firewall to me