| View previous topic :: View next topic |
| Author |
Message |
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
 Posted: Thu Feb 12, 2004 7:35 pm Post subject: share internet connection with gentoo + 2 NICs + iptables |
 |
|
I want to use my Gentoo-Box as a DNS in a LAN. It is connected to the WAN via DSL. (eth0)
The other NIC (eth1) is connected to the LAN via a switch. There is a second PC (WinXP) in the Network. Now i want to use the Gentoo-Box as DNS für the Win-PC. A friend gave me a hint of google-ing for MASQUERADING. This brought me to iptables. I encountered all the emerging problems mentioned here in the forum. I solved it via compiling kernel 2.6.1 and it did it. I think i configured my NICs right. I can ping my gentoo-box and also have full access to the samba shares.
The Gentoo Box itself can connect successfully to the internet. So i emerged iptables and compiled all the (NAT, NETFILTER, ...) stuff as modules.
Now it comes to setup iptables. This confused me totally!
I worked trough a howto and created a script:
| Code: | #!/bin/bash
#
# define path to executables
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
# External Interface
EXTIF="eth0"
INTIF="eth1"
# verify all required dependencies
$DEPMOD -a
# load module
$MODPROBE ip_tables
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
# $MODPROBE ip_conntrack_irc
# $MODPROBE ip_nat_irc
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp
# the following line should activate IP-forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# the following line is need for getting an automatically assigned IP-adress from the PPP
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# clearing existing rules and setting default policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
# allow all connections OUT and only existing and related ones IN
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT -m state --state ESTABLISHED,RELATED
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
# enabling SNAT (MASQUERADE)
# echo "start masquerading"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
|
I dont really know what the lines do, i tried to help me with some clumsy comments so don't worry about it if they are completely wrong!
The Script executes successfully. Then i configure my WinPC with the ip of eth1 as DNS. But nothing happens...
Thanks for some help and comments in advance!
_________________
managing a server running gentoo...
Last edited by Aphex3K on Wed Feb 18, 2004 6:39 pm; edited 2 times in total |
|
| Back to top |
|
 |
r3pek
Retired Dev
Joined: 17 Sep 2003
Posts: 568
Location: Lisbon - Portugal
|
| Posted: Thu Feb 12, 2004 8:36 pm Post subject: |
|
|
let's see, what do you really what to do?
a DNS server or share the internet connection? |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Thu Feb 12, 2004 10:12 pm Post subject: |
|
|
share the internet-connection, thought this is done via dns?
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
r3pek
Retired Dev
Joined: 17 Sep 2003
Posts: 568
Location: Lisbon - Portugal
|
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Fri Feb 13, 2004 6:15 am Post subject: |
|
|
This one is exactly the same how-to i worked through the first time. If you compare the howto and my srcipt you'll see that it is the first iptables setup mentioned in "Configuring IP Masquerade on Linux 2.4.x Kernels". But it does not work.
Could it be that the kernel-versions is so different that i need to set it up another way?
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Fri Feb 13, 2004 8:33 pm Post subject: |
|
|
It still does not work! Would someone please give a hand?
Again the Specs:
Gentoo-Box, 2 NICs, eth0 externaly - DSL attached no ip assigned, eth1 internaly - switch attached wit local ip (192.168.0.2)
WindowsPC, 1 NIC, NIC attached to switch with local ip (192.168.0.23)
I can use the samba shares of my gentoo box so i think at least this connection is configured correctly. But what to do to get the internet-connection shared so that it can be used by the WIN PC?
I know, i read through the HOWTO (see above) a second time but it seems that there are diffrences to my box. (Kernel 2.6.1 / iptables 1.29)
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Fri Feb 13, 2004 9:57 pm Post subject: |
|
|
| Quote: | | The Script executes successfully. Then i configure my WinPC with the ip of eth1 as DNS. But nothing happens... |
You should configure the *gateway* on your winPC with ip of eth1 (192.168.0.2), not your dns.
Then you should have your internetconnection. After that you'll need to add an DNS-server to do hostname lookups. |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Fri Feb 13, 2004 10:44 pm Post subject: |
|
|
| dreamer wrote: | | Then you should have your internetconnection. After that you'll need to add an DNS-server to do hostname lookups. |
Thanks, i put in the gateway, so what is need to setup the dns?
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
feffi
Apprentice
Joined: 29 Mar 2003
Posts: 216
Location: Sol->Earth->Germany->Giessen
|
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Sat Feb 14, 2004 9:49 am Post subject: |
|
|
| _kev_ wrote: | Come on guys, be a little bit more friendly !! This guy is really stuck and you blame him with the good old RTFM ?? Thats not forum like, we're not a newsgroup, we're here to help...
|
Hmmz, a part of me agrees with you but another doesn't. Doing a little bit reading before posting isn't bad. And when you still confuse DNS and gateway, you don't really know what you're doing.
OTOH, as for me, i suppose i ask stupid questions all the time, so i shouldn't be talking 
@topicstarter: i suppose you got your dns working with the url's _kev_ provided? if not, let us know!  |
|
| Back to top |
|
|
feffi
Apprentice
Joined: 29 Mar 2003
Posts: 216
Location: Sol->Earth->Germany->Giessen
|
| Posted: Sat Feb 14, 2004 12:08 pm Post subject: |
|
|
@dreamer: Hey, this was not ment aggressive, but sometimes it's neccessary to block flames...
BTW: Asking stupit question is the best way to learn something.
_________________
have fun
feffi
/(bb|[^b]{2})/ that is the Question!
Gentoo-Wiki: Acer Travelmate 803 LCi manual |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Mon Feb 16, 2004 6:55 pm Post subject: |
|
|
Ok, guys, iv'e traced the problem and i erased it! Now the Script above executes without errors. And i even can run something called "firewall-jay". A script that configures iptables with via a menu like make menuconfig.
But in both cases i can't browse websites (for example) with any of my pc through the gentoo-box.
| dreamer wrote: | You should configure the *gateway* on your winPC with ip of eth1 (192.168.0.2), not your dns.
Then you should have your internetconnection. After that you'll need to add an DNS-server to do hostname lookups. |
I set an entry for gateway in the WinPC. I left DNS empty...
Do i need to setup a DNS? Do i have to use the gentoo-box as DNS or do i have to use the DNS of my ISP? Does the gentoo-box have to use those DNS?
edit:
Ok, i'll try something of this https://forums.gentoo.org/viewtopic.php?t=25478&highlight=howto+share+internet+connection
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Tue Feb 17, 2004 8:31 am Post subject: |
|
|
| Just use the dns of your isp. That'll be fine in most cases. |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Wed Feb 18, 2004 6:38 pm Post subject: |
|
|
I'm getting to think it is useless -_-
I configured my Linux-Box using adsl-setup and it connects successfully to the internet. I added my DNS-Information there. Then i launch dsl connection via adsl-start. Then i run the script mentioned in my first post.
Everything seems to look fine.
I configure my WinPC's LAN connection with the ip of my linuxbox as gateway. (I restart, just to be sure) Then i'm opening my webbrowser and can't access any website. I'm opening the commandline and i even can't ping any webserver...
This one troubles me for 3 Weeks now and i'm kinda getting upset...
(I do all the stuff manually because it's not working yet)
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
Aphex3K
Apprentice
Joined: 18 Nov 2003
Posts: 182
Location: Germany
|
| Posted: Wed Feb 18, 2004 7:03 pm Post subject: |
|
|
IT WORKS!!! I can't believe it, but finally it works!!!
It's been a stupid mistake by Win XP (of course). Linux was set up correctly, yeha, it works, it works .... 
_________________
managing a server running gentoo... |
|
| Back to top |
|
|
feffi
Apprentice
Joined: 29 Mar 2003
Posts: 216
Location: Sol->Earth->Germany->Giessen
|
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Thu Feb 19, 2004 2:25 pm Post subject: |
|
|
party, party!!!!  |
|
| Back to top |
|
|
|
Networking & Security
