|
Home > Archive > Red Hat Networking > January 2004 > Problem with networking - I am using RedHat 9 Linux kernel 2.4
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem with networking - I am using RedHat 9 Linux kernel 2.4
|
|
| Graham Jones 2004-01-23, 7:35 pm |
| Problem with networking - I am using RedHat 9 Linux kernel 2.4
I have the following environment:
A NetGear ADSL router IP address 192.168.0.100. Attached to this is my
Linux server which is dual homed. One nic is attached to the ADSL router -
this is the eth0 interface, ip address 192.168.0.22. This interface has
the NetGear router set as the default gateway address. The other nic -
eth1 - has an ip address of 10.0.0.1 and this is attached to an 8 port
switch. Connected to the 8 port switch is another machine running
Microsoft Windows XP Professional with an ip address of 10.0.0.23. It has
a default gateway set to be 10.0.0.1.
I only have one static IP address. The NetGear router is set up for NAT.
The Linux server is also set up as being in the DMZ of the NetGear router.
This only has the effect of passing all requests to the Linux server and
not dropping them.
On the Linux server I have stopped the IPTABLES service so as not to
complicate matters further and I have enabled IP forwarding. I have also
enabled and configured the web proxy Squid.
My linux server can ping the ADSL hub on 192.168.0.100, it can ping the
machine 10.0.0.23 and it can ping any valid address on the internet.
My XP machine - 10.0.0.23 - can ping the server on either of its
interfaces and it can ping the ADSL hub - proof that the server is
forwarding IP packets. I can also browse the web from 10.0.0.23 via the
Squid proxy.
However, I cannot ping any address on the internet.
I was wondering if I needed to implement IP Masquerading but thought that
the NAT on the NetGear hub should be sufficient.
Can anyone please shed any light on what I need to do to get the Windows
machine to be able to communicate to the internet via the server.
Thanks in advance
Graham Jones
-----= Posted via mcse.ms, Uncensored Usenet News =-----
http://www.mcse.ms - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
| |
| Dave Griffiths 2004-01-23, 7:35 pm |
| On Tue, 29 Jul 2003 15:05:39 +0100, Graham Jones wrote:
quote:
> Problem with networking - I am using RedHat 9 Linux kernel 2.4
>
> I have the following environment:
>
> A NetGear ADSL router IP address 192.168.0.100. Attached to this is my
> Linux server which is dual homed. One nic is attached to the ADSL router -
> this is the eth0 interface, ip address 192.168.0.22. This interface has
> the NetGear router set as the default gateway address. The other nic -
> eth1 - has an ip address of 10.0.0.1 and this is attached to an 8 port
> switch. Connected to the 8 port switch is another machine running
> Microsoft Windows XP Professional with an ip address of 10.0.0.23. It has
> a default gateway set to be 10.0.0.1.
>
> I only have one static IP address. The NetGear router is set up for NAT.
> The Linux server is also set up as being in the DMZ of the NetGear router.
> This only has the effect of passing all requests to the Linux server and
> not dropping them.
>
> On the Linux server I have stopped the IPTABLES service so as not to
> complicate matters further and I have enabled IP forwarding. I have also
> enabled and configured the web proxy Squid.
>
> My linux server can ping the ADSL hub on 192.168.0.100, it can ping the
> machine 10.0.0.23 and it can ping any valid address on the internet.
>
> My XP machine - 10.0.0.23 - can ping the server on either of its
> interfaces and it can ping the ADSL hub - proof that the server is
> forwarding IP packets. I can also browse the web from 10.0.0.23 via the
> Squid proxy.
>
> However, I cannot ping any address on the internet.
>
> I was wondering if I needed to implement IP Masquerading but thought that
> the NAT on the NetGear hub should be sufficient.
>
> Can anyone please shed any light on what I need to do to get the Windows
> machine to be able to communicate to the internet via the server.
>
> Thanks in advance
>
> Graham Jones
>
>
> -----= Posted via mcse.ms, Uncensored Usenet News =-----
> http://www.mcse.ms - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
Hi Graham
Here is my model answer to internet connection sharing with linux, not all
of it is relavent to you but I posted it all anyway, maybe you can see a
step you have not completed.
This gives you absolutely no protection
so when you have this working it might be time to start reading up on IP
Tables.
My Lan is on eth0 and the internet is on eth1. Sustitute your
configuration.
First you need to set net.ipv4.ip_forward = 1 in /etc/sysctl.conf (by
default it is set to 0) do this with a text editor like vi make sure you
have "su" privelidges. Then save the file.
Second edit/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
#DOMAINNAME=
#GATEWAY=
GATEWAYDEV=eth1
Save the file
----------------------------- cut here ------------------------- #!/bin/sh
# NAT and IP FORWARDing ...
cd /sbin
#iptables setup
echo "Let's setup our ip-tables..."
#Delete and flush. Default table is "filter". Others like "nat" must be
explicitly stated. echo "Flushing old tables..."
iptables --flush
iptables --table nat --flush
iptables --delete-chain
#Set up up forwarding and masquerading
echo "Setting up IP FORWARDing and Masquerading..."
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo "Ok, forwards all setup."
echo "All done."
----------------------------- cut here ------------------------
cd /sbin
../iptables -L
this will show you the iptables.
Backup you old iptables
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
save the new iptables to file
../iptables-save > /etc/sysconfig/iptables
Then either restart the computer or
/etc/init.d/network restart
/etc/init.d/iptables restart
If you want the Lan computers to get DNS information from your box the
start "named" and set the flag so it starts each time you restart.
Have fun...... remeber there is no security here at all.
DaveG
|
|
|
|
|