| View previous topic :: View next topic |
| Author |
Message |
Psychoman
n00b
Joined: 20 Jul 2005
Posts: 23
|
 Posted: Wed Jul 20, 2005 5:14 pm Post subject: dhcp server [Solved] |
 |
|
I used the tutorial that can be found here.
My network looks like in this picture.
The problem is that the DHCP server installed on my gentoo box doesn't distribute ip's
and even when I give one of the PC's an ip adress, they are unaible to access the internet.
The gentoo box works just fine except for internet connection sharing.
I'm aible to ping the gentoo box on the fixed ip (eth0) but not on the ip of eth1 (192.168.0.1).
Iptables running or not doesn't change anything.
Both networks cards are recognised and configured:
| Code: |
eth0 Link encap:Ethernet HWaddr 00:40:F4:70:73:A9
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:738398 errors:0 dropped:0 overruns:0 frame:0
TX packets:103184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:72294637 (68.9 Mb) TX bytes:131623730 (125.5 Mb)
Interrupt:12 Base address:0x5000
eth1 Link encap:Ethernet HWaddr 00:50:FC:5B:AE:C5
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:2902 errors:0 dropped:0 overruns:0 frame:0
TX packets:298 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:386849 (377.7 Kb) TX bytes:98844 (96.5 Kb)
Interrupt:10 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:254 errors:0 dropped:0 overruns:0 frame:0
TX packets:254 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31897 (31.1 Kb) TX bytes:31897 (31.1 Kb)
|
All services are running:
| Code: |
root@x psycho # /etc/init.d/dhcp start
* WARNING: "dhcp" has already been started.
root@x psycho # /etc/init.d/net.eth0 start
* WARNING: "net.eth0" has already been started.
root@x psycho # /etc/init.d/net.eth1 start
* WARNING: "net.eth1" has already been started.
root@x psycho # /etc/init.d/iptables start
* WARNING: "iptables" has already been started.
|
What could cause the problem?
Last edited by Psychoman on Sat Apr 05, 2008 5:06 pm; edited 1 time in total |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Wed Jul 20, 2005 6:49 pm Post subject: |
|
|
| Can you post your dhcp.conf for a start? Maybe also iptables -L -n -v after that. |
|
| Back to top |
|
|
Psychoman
n00b
Joined: 20 Jul 2005
Posts: 23
|
| Posted: Wed Jul 20, 2005 7:13 pm Post subject: |
|
|
/etc/dhcp/dhcp.conf
| Code: |
option domain-name "blabla.com";
option domain-name-servers x.x.x.x, x.x.x.x;
default-lease-time 6000; # in seconds..
max-lease-time 7200;
ddns-update-style ad-hoc;
#authoritative; # as it's the only dhcp-server
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0
{
range dynamic-bootp 192.168.0.20 192.168.0.39;
option subnet-mask 255.255.255.0;
option netbios-name-servers 192.168.0.1;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
host max
{
hardware ethernet 00:C0:DA:FD:AA:1D;
fixed-address 192.168.0.17;
}
}
|
Everything else is in this file commented.
I let the recognition of the mac adres in the file eventhough it's not used.
For the iptable rules:
| Code: |
root@wkpc1 dhcp # iptables -L -n -v
Chain INPUT (policy ACCEPT 14342 packets, 3535K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
2666 264K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
3096 215K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
Chain FORWARD (policy ACCEPT 141 packets, 9244 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 11157 packets, 6986K bytes)
pkts bytes target prot opt in out source destination
|
|
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Jul 20, 2005 7:22 pm Post subject: |
|
|
missing | Code: | | echo 1 > /proc/sys/net/ipv4/ip_forward |
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
Psychoman
n00b
Joined: 20 Jul 2005
Posts: 23
|
| Posted: Wed Jul 20, 2005 7:35 pm Post subject: |
|
|
Seems like it was missing.
/etc/conf.d/iptables
| Code: |
# Location in which iptables initscript will save set rules on
# service shutdown
IPTABLES_SAVE="/var/lib/iptables/rules-save"
# Change to "yes" to enable forwarding support in the kernel. Please
# note that this will override any setting placed in /etc/sysctl.conf.
ENABLE_FORWARDING_IPv4="no"
#Options to pass to iptables-save and iptables-restore
SAVE_RESTORE_OPTIONS="-c"
#Save state on stopping iptables
SAVE_ON_STOP="yes"
|
ENABLE_FORWARDING_IPv4 is set to yes now.
I'll try it out when I'll have access to the computer. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Wed Jul 20, 2005 9:02 pm Post subject: |
|
|
| The iptables bit is wide open at the moment. I guess it's in a state of flux whilst you experiment. When you are ready I'd make the policy for input chain into drop, consider opening the port for the DHCP or maybe just opening connections for 192.168.0.0/24. |
|
| Back to top |
|
|
Psychoman
n00b
Joined: 20 Jul 2005
Posts: 23
|
| Posted: Sat Jul 23, 2005 4:04 pm Post subject: |
|
|
I'm a big noob when it comes to iptables.
I just dont have time to learn it right now
A friend managed to fixed my problem.
He used his own configuration files.
/etc/dhcp/dhcp.conf
| Code: | option domain-name "blabla.com";
option domain-name-servers x.x.x.x, y.y.y.y;
default-lease-time 6000; # in seconds..
max-lease-time 7200;
ddns-update-style ad-hoc;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0
{
range 192.168.1.10 192.168.1.20;
option subnet-mask 255.255.255.0;
option netbios-name-servers 192.168.1.1;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option ip-forwarding on;
}
|
There is a iptables rule in the tutorial that shouldn't be used.
| Code: | | iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 |
Everything seems to be working now. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Sat Jul 23, 2005 4:20 pm Post subject: |
|
|
Glad you are all sorted.
That IP tables rule is to force all the web traffic to Squid proxy. |
|
| Back to top |
|
|
|
Networking & Security
