| View previous topic :: View next topic |
| Author |
Message |
superfanny
Tux's lil' helper
Joined: 11 Sep 2004
Posts: 101
|
 Posted: Wed Nov 03, 2004 4:42 am Post subject: dhcp server error mysterious ( and internet sharing conn.... |
 |
|
# /etc/init.d/dhcp start
* Setting ownership on dhcpd.leases ... [ ok ]
* Starting dhcpd ... [ !! ]
So how do I know what's wrong?????
I need to use dhcp because I need to share my internet connection.... dnsmasq seems not working..... So I hope I can share internet connection with dhcp.
The detail of internet sharing connection problem.....
Ok, I have desktop ( running Gentoo ) and laptop running ( Windows Xp Home ). Gentoo has internet connection but laptop does not.
This is the configuration of Gentoo ( eth0 is for lan and eth1 if for wan ):
/etc/conf.d/net
ifconfig_eth0=(
"192.168.1.78 broadcast 192.168.1.255 netmask 255.255.255.0"
)
ifconfig_eth1=( "dhcp" )
/etc/conf.d/dnsmasq
DNSMASQ_OPTS="--interface=eth0 -F 192.168.0.2,192.168.0.254"
Then I do this step:
# /etc/init.d/net.eth1 restart
* Bringing eth1 down ...
* Removing inet6 addresses
* eth1 inet6 del fe80::205:blabla:fe31:dbfb/64 [ ok ]
* Releasing DHCP lease for eth1 [ ok ]
* Stopping eth1 [ ok ]
* Bringing eth1 up ...
* eth1 dhcp [ ok ]
# /etc/init.d/net.eth0 restart
* Stopping eth0
* Bringing down eth0
* Removing inet6 addresses
* eth0 inet6 del fe80::2e0:blabla:fe00:1936/64
* Shutting down eth0 ... [ ok ]
* Starting eth0
* Bringing up eth0
* eth0 192.168.1.78 [ ok ]
# /etc/init.d/dnsmasq restart
* Stopping dnsmasq ... [ ok ]
* Starting dnsmasq ... [ ok ]
Then I run this script:
| Code: |
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -I INPUT 1 -i eth0 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT
iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT
iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
iptables -I FORWARD -i eth0 -d 192.168.1.0/255.255.255.0 -j DROP
iptables -A FORWARD -i eth0 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
|
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:00:blabla
inet addr:192.168.1.78 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:4cff:fe00:1936/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19665 (19.2 Kb) TX bytes:756 (756.0 b)
Interrupt:9 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 00:05:5D:31:blabla
inet addr:202.155.151.92 Bcast:255.255.255.255 Mask:255.255.254.0
inet6 addr: fe80::205:5dff:fe31:dbfb/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:317045 errors:0 dropped:0 overruns:0 frame:0
TX packets:15590 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40322865 (38.4 Mb) TX bytes:2110775 (2.0 Mb)
Interrupt:10 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:254 errors:0 dropped:0 overruns:0 frame:0
TX packets:254 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13144 (12.8 Kb) TX bytes:13144 (12.8 Kb)
Then in laptop, I run ipconfig /renew and got this output:
bla bla bla cann't contact dhcp server bla bla bla
Help me, please. Thank you. |
|
| Back to top |
|
 |
jhfry
n00b
Joined: 03 Nov 2004
Posts: 15
|
| Posted: Wed Nov 03, 2004 7:06 am Post subject: |
|
|
I'm no expert here... well not on linux anyway...
see http://www.tldp.org/HOWTO/DHCP/x369.html#AEN382 for a guide on configuring DHCP. Especially the bit about creating a route so that windows clients will work. |
|
| Back to top |
|
|
superfanny
Tux's lil' helper
Joined: 11 Sep 2004
Posts: 101
|
| Posted: Wed Nov 03, 2004 4:16 pm Post subject: |
|
|
I find the documentation here:
http://www.linux.com/howtos/DHCP/x369.shtml
But I got no clue.....
# /etc/init.d/dhcp restart
* Setting ownership on dhcpd.leases ... [ ok ]
* Starting dhcpd ... [ !! ]
I don't know what is wrong......
Here is my /etc/dhcpd.conf file:
| Code: |
subnet 192.168.1.0 netmask 255.255.255.0 {
ddns-update-style interim;
range 192.168.1.10 192.168.1.100;
default-lease-time 76400;
max-lease-time 86400;
option routers 192.168.1.78;
option ip-forwarding on;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1 204.127.198.4, 63.240.76.4;
option domain-name "akbarhome.com";
option netbios-name-servers 192.168.1.1;
}
|
|
|
| Back to top |
|
|
Talsadus
n00b
Joined: 29 Oct 2004
Posts: 20
|
| Posted: Thu Nov 04, 2004 6:56 pm Post subject: |
|
|
Do you have two network cards installed on the desktop?
I havn't done this before, but I'm pretty sure the ip of the server/gateway should be 192.168.1.1 and not 192.68.1.78 (/etc/conf.d/net) specially if you are going to share the internet connection. Maybe start from there? 
EDIT:In fact, why don't you just use the same numbers as the guide? |
|
| Back to top |
|
|
madmango
Guru
Joined: 15 Jul 2003
Posts: 507
Location: PA, USA
|
| Posted: Thu Nov 04, 2004 7:58 pm Post subject: |
|
|
I bet that the reason you can't connect to the dnsmasq server is that your dhcp lease pool and your interface number overlap. You've allowed dnsmasq to assign it's own number as a lease. Bad Things happen.
The router should always be the first one in the subnet, that is, should have 192.168.1.1 as it's address, with bcast of 192.168.1.255 and mask of 255.255.255.0. I would then allow dnsmasq to give out the first 49 addresses, that is, from 192.168.1.2-192.168.1.50, but you could go from 192.168.1.2-192.168.1.254 if you feel like it.
_________________
word. |
|
| Back to top |
|
|
superfanny
Tux's lil' helper
Joined: 11 Sep 2004
Posts: 101
|
| Posted: Fri Nov 05, 2004 12:09 pm Post subject: |
|
|
Hi, thank. Because of your guide, I can share internet connection now.
Now I just want to ask because I have to use iptables to share internet connection, is this script work perfect? Does this iptables rule make my router and client safe from outside world?
| Code: |
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -I INPUT 1 -i eth0 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT
iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT
iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
iptables -I FORWARD -i eth0 -d 192.168.1.0/255.255.255.0 -j DROP
iptables -A FORWARD -i eth0 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
|
This is my
/etc/conf.d/net
| Code: |
ifconfig_eth0=(
"192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0"
# "192.168.0.3 netmask 255.255.255.0"
# "192.168.0.4 netmask 255.255.255.0"
)
ifconfig_eth1=( "dhcp" ) # for ifconfig
|
/etc/conf.d/dnsmasq
| Code: |
DNSMASQ_OPTS="--interface=eth0 -F 192.168.1.2,192.168.1.50"
|
eth0 is for lan and eth1 is for wan.
I don't want to run any public service such as web server, ftp server to outside but I want to run ( maybe in future ) that service to lan. And lan pc should not run any public service to outside world.
Could you tell what iptables rule ( or script ) should I use? Should I use tools like webmin or firestarter? |
|
| Back to top |
|
|
|
Networking & Security
