| View previous topic :: View next topic |
| Author |
Message |
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
 Posted: Thu Aug 26, 2004 2:37 pm Post subject: setting up gateway |
 |
|
i am trying to set up one of my boxes as a gateway but don't seam to get trough. fallowing some instructions (that claimed i did not have to do anything else) i did the fallowing:
| Code: | echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o eth0 -j MAQUERADE |
i did check in the kernelconfig if there was anything missing but the only thing i came across was IP: advanced router. in its help i was instructed to turn on /proc file system support and Sysctl support which i could not find.
any suggestions? |
|
| Back to top |
|
 |
andrew_j_w
Guru
Joined: 28 Jun 2003
Posts: 534
Location: York, UK
|
| Posted: Thu Aug 26, 2004 2:54 pm Post subject: |
|
|
I'd suggest that you look at Shorewall (it's in portage). You'll only have to edit a few configuration files and it means you won't need to mess around with ip tables rules.
HTH,
Andrew |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Thu Aug 26, 2004 3:03 pm Post subject: |
|
|
well i guess i am turning to a firewall like shorewall for now. i originally had the intention of writting my own iptables script but it turns out more and more that i need something easy so i can concentrate on learing other things. right now my failed attempts to set up my own firewall let me to not have one at all... and that doesn-t seam save, now does it.
still. if anyone could tell me what went wrong in this situation i might still learn from it. |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Thu Aug 26, 2004 3:33 pm Post subject: |
|
|
| glurps wrote: | | if anyone could tell me what went wrong in this situation i might still learn from it. |
ok, tell us; what is your network like?
I suppose you have 2 network-interfaces (cards) on your gateway. Probabely eth0 and eth1.
which one is connected to the internet? How are you connected? *DSL? Cable?
Can you access the internet from the gateway?
What IP-range is your internal network?
what does tell on the gateway? |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Thu Aug 26, 2004 5:50 pm Post subject: |
|
|
eth0 is connected to the internet
eth1 is for the local network 192.168.0.*
from the gateway i am able to access the internet.
what values do broadcast and mask be set to? is this even relevant? |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Thu Aug 26, 2004 6:00 pm Post subject: |
|
|
| glurps wrote: | | what values do broadcast and mask be set to? is this even relevant? |
Yes, they are relevant! You probabely should set the mask to 255.255.255.0 and broadcast to 192.168.0.255 (they should be set up this way);
if it's 255.255.0.0 and 192.168.255.255 that's ok too
Normaly those two rules should do: | Code: | echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o eth0 -j MAQUERADE |
Then, check to see if the gateway is still able to reach the net (e.g., try to ping to www.cisco.com)
Then see if the clients can still see the gateway (ping to the gateway)
Then see if the clients can reach the net; if not, see how far they get by running traceroute.
Tell me how far you get; I'll explain further on |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Thu Aug 26, 2004 6:56 pm Post subject: |
|
|
erm. problems have increased. terribly. i changed to the suggested values. now nothing works anymore, but i don't think it related. its just hard to believe that this would happen:
i connected the client to the internet directly again. started emacs, closed emacs. did dhcpcd eth0. started emacs, it did not start anymore. system became very slow. oh and now it doesn't boot anymore at all. i don't like the thought, but i really can't explain this by anything than a hacker.
sniieef
*not feeling good* |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Thu Aug 26, 2004 7:03 pm Post subject: |
|
|
| glurps wrote: | | oh and now it doesn't boot anymore at all. |
Where does he stop? Does the BIOS come over its POST? Does the bootloader (lilo or grub) start? is the kernel booted?
is it the init-script that hang? |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Thu Aug 26, 2004 7:05 pm Post subject: |
|
|
okay guess its back to normal. dont ask me what that was. my computer just refused to do the most basic things like starting firefox. getting any feedback from ping, not even a host not found, nothing.
is there to worry i might ask.
got to go now, and even if i didn't i would turn of the computers now, brrrr |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Fri Aug 27, 2004 11:17 am Post subject: |
|
|
okay everthing is fine now: computer works fine, i have a clear head again too...
nielchiano: all the pings work just not the one i am working on.
so where to go from here. i fought maybe i had to emerge iptalbes again after changing the kernel but didn-t make a difference. my guess is that i forgot to acctivate something sustantial there. |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Fri Aug 27, 2004 2:52 pm Post subject: |
|
|
| glurps wrote: | | all the pings work just not the one i am working on. |
Tell me explicitly which ones you tried, which one failed and what error it gave |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Sat Aug 28, 2004 1:10 pm Post subject: |
|
|
okay here we go.
client: j1
| Code: | ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0E:0C:33:1F:28
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:758071 errors:0 dropped:0 overruns:0 frame:0
TX packets:7686 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54960230 (52.4 Mb) TX bytes:1070217 (1.0 Mb)
Base address:0xdf00 Memory:feaa0000-feac0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2016 (1.9 Kb) TX bytes:2016 (1.9 Kb)
~ # ping j0
PING j0 (192.168.0.1) 56(84) bytes of data.
64 bytes from j0 (192.168.0.1): icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from j0 (192.168.0.1): icmp_seq=2 ttl=64 time=0.115 ms
--- j0 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.115/0.116/0.118/0.010 ms
~ # ping yahoo.com
ping: unknown host yahoo.com
~ # ping 66.94.231.99
connect: Network is unreachable |
gateway: j0
| Code: | j0 root # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0E:0C:33:1E:60
inet addr:x.x.x.88 Bcast:255.255.255.255 Mask:255.255.248.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:389591 errors:0 dropped:0 overruns:0 frame:0
TX packets:14310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:61071461 (58.2 Mb) TX bytes:1076696 (1.0 Mb)
Base address:0xdf00 Memory:feaa0000-feac0000
eth1 Link encap:Ethernet HWaddr 00:11:2F:4F:F1:4E
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1068 (1.0 Kb) TX bytes:1800 (1.7 Kb)
Interrupt:5 Memory:feafc000-0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 b) TX bytes:448 (448.0 b)
j0 root # ping j1
PING j1 (192.168.0.10) 56(84) bytes of data.
64 bytes from j1 (192.168.0.10): icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from j1 (192.168.0.10): icmp_seq=2 ttl=64 time=0.147 ms
64 bytes from j1 (192.168.0.10): icmp_seq=3 ttl=64 time=0.132 ms
--- j1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.132/0.166/0.219/0.037 ms
j0 root # ping yahoo.com
PING yahoo.com (216.109.124.72) 56(84) bytes of data.
64 bytes from p1.rc.dcn.yahoo.com (216.109.124.72): icmp_seq=1 ttl=54 time=352 ms
--- yahoo.com ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 999ms
rtt min/avg/max/mdev = 352.939/352.939/352.939/0.000 ms
j0 root # ping 216.109.124.72
PING 216.109.124.72 (216.109.124.72) 56(84) bytes of data.
64 bytes from 216.109.124.72: icmp_seq=1 ttl=49 time=634 ms
64 bytes from 216.109.124.72: icmp_seq=2 ttl=54 time=381 ms
--- 216.109.124.72 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 381.744/508.183/634.622/126.439 ms |
Last edited by glurps on Sun Aug 29, 2004 2:36 pm; edited 1 time in total |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Sat Aug 28, 2004 2:16 pm Post subject: |
|
|
here the network part of j0 kernel config:
| Code: | #
# Networking support
#
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
# CONFIG_IP_PIMSM_V1 is not set
# CONFIG_IP_PIMSM_V2 is not set
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_FTP is not set
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_RAW=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
#
# SCTP Configuration (EXPERIMENTAL)
#
# CONFIG_IP_SCTP is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set
# CONFIG_NET_CLS_ROUTE is not set
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
CONFIG_NETDEVICES=y
# CONFIG_DUMMY is not set
# CONFIG_BONDING is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
# CONFIG_NET_SB1000 is not set |
|
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Sat Aug 28, 2004 4:21 pm Post subject: |
|
|
What does this give on j1?
|
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Sat Aug 28, 2004 7:08 pm Post subject: |
|
|
| Code: | ~ # /etc/init.d/net.eth0 start
* Bringing eth0 up (192.168.0.10)...
~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
~ # emacs /etc/conf.d/net
~ # /etc/init.d/net.eth0 stop
* Bringing eth0 down...
~ # /etc/init.d/net.eth0 start
* Bringing eth0 up (192.168.0.10)...
* Setting default gateway (192.168.0.1)...
~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default j0 0.0.0.0 UG 0 0 0 eth0 |
|
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Sat Aug 28, 2004 7:15 pm Post subject: [SOLVED] |
|
|
okay i got it working by setting the gateway properly in /etc/conf.d/net. it was so easy...
thanks for your help |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Sat Aug 28, 2004 10:27 pm Post subject: Re: [SOLVED] |
|
|
| glurps wrote: | | it was so easy... |
only when it's solved... |
|
| Back to top |
|
|
glurps
Apprentice
Joined: 11 Mar 2004
Posts: 292
|
| Posted: Sun Aug 29, 2004 2:40 pm Post subject: |
|
|
yes thats true 
hm. i just saw i had previously posted my ip  well at least it is dynamic  |
|
| Back to top |
|
|
|
Networking & Security
