Home router: can't access WAN from within the LAN

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

Hello all,
I followed the Home router howto from the gentoo documentation. I have one server, a linux computer with address 192.168.0.1. One Windows XP PC is behind the router. I can access and browse the internet on the server without any problem. I can access the server from the PC. I can resolve DNS adresses from the PC.

BUT I CAN'T access the internet from the PC. Typing google.com in Firefox on the PC brings nothing up. I checked pretty much every configuration file I use (nevertheless, exactly what is in the howto). And now, I'm clueless. Any idea ?

Regards,

Sébastien.

adaptr · Posted: Sat Jul 09, 2005 1:10 pm Post subject:

Did you enable IP forwarding on the server ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

Yep, it was also part of the configuration:

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

I'm pretty sure it only comes from my firewall. Booting the PC with a gentoo LiveCD diesn't help, the server still blocks the traffic ... I'm gonna try again, maybe with firestarter.

Sébastien

comprookie2000 · Posted: Sun Jul 10, 2005 11:59 am Post subject:

You could try this for iptables Wan eth0 LAN eth1, works for me, I had some trouble with the guide also but found this somewhere;
# iptables -F; iptables -t nat -F; iptables -t mangle -F
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -P INPUT DROP
_________________
http://dev.gentoo.org/~dabbott/

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

I tried your iptables rules. They don't work for me. Should be a noob error but I cannot see it.

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

I swithched eth0 and eth1, just in case. Now:

eth0=WAN
eth1=LAN

Here are the messages I get on the server after typing ipconfig /release & ipconfig /renew on the PC and then trying to open a web page with firefox on the PC:

comprookie2000 · Posted: Sun Jul 10, 2005 6:07 pm Post subject:

You could check Networking options ---> in the kernel, but if it was working before thats not it but ...
_________________
http://dev.gentoo.org/~dabbott/

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

I just rebuild the 2.6.12-gentoo-r4 kernel with the strictly necessary options, as indicated in the official Gentoo guide. No clue. Still doesn't work. I feel/fear I must dive into iptables caveats.

For reference: my configuration is following

(WAN)-Speedtouch DSL Modem ----- (Eth0)-LAPTOP-(Eth1)-----Switch-----Windows PC

The laptop is the dhcp/dnsmasq/firewall server.

comprookie2000 · Posted: Sun Jul 10, 2005 6:30 pm Post subject:

It could be something simple, if the router is set up like;

sebgarden · Guru Joined: 21 Dec 2002 Posts: 353

Tried. Still doesn't work. I had some emails conversation with vapier, the author of the guide. Still no clue. I handled the problem to my flat mate. He will try to get a home router on his windows computer working. We'll see if he can manage it.

comprookie2000 · Posted: Mon Jul 18, 2005 12:12 am Post subject:

I just did a upgrade and eth0 and eth1 switched
I had a heck of a time getting it to work again
before eth0=WAN eth1=LAN
now eth1=WAN eth0=LAN
I forgot to change;
# nano /etc/conf.d/dnsmasq
Add "-i eth0" to DNSMASQ_OPTS
to "-i eth1" to DNSMASQ_OPTS
_________________
http://dev.gentoo.org/~dabbott/