| View previous topic :: View next topic |
| Author |
Message |
tgnb
Apprentice
Joined: 16 Apr 2002
Posts: 208
Location: New York, NY
|
 Posted: Fri Apr 19, 2002 11:35 am Post subject: problem sharing internet connection |
 |
|
I am having trouble sharing my internet connection on my shiny new gentoo box.
I previously had slackware installed on it and was able to share the internet connection without a problem.
my /etc/conf.d/net contains:
iface_eth0="dhcp"
iface_eth1="192.168.0.99 broadcast 192.168.0.255 netmask 255.255.255.0"
my /etc/conf.d/local.start contains:
#Clear all iptables rules at first
iptables -F
iptables -X
iptables -Z
# enable internet sharing
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP
# open ssh port
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT
This is the same setup i previously had when this box was running slackware. I'm kinda lost as to why this isn't working. |
|
| Back to top |
|
 |
c_kuzmanic
Guru
Joined: 18 Apr 2002
Posts: 488
Location: Los Angeles , California
|
| Posted: Fri Apr 19, 2002 12:42 pm Post subject: |
|
|
| Does Internet sharing work without use of ip-tables? |
|
| Back to top |
|
|
tgnb
Apprentice
Joined: 16 Apr 2002
Posts: 208
Location: New York, NY
|
| Posted: Fri Apr 19, 2002 1:52 pm Post subject: maybe? |
|
|
| I'm not sure what you mean? iptables is what enables the internet sharing afaik. So how would it work without it? |
|
| Back to top |
|
|
bbibber
n00b
Joined: 19 Apr 2002
Posts: 16
Location: Mechelen - Belgium
|
| Posted: Fri Apr 19, 2002 2:17 pm Post subject: try this |
|
|
| Code: |
# enables ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# enable next line for dynamic addresses (eg. dhcp)
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
|
btw does anyone know why netstat -M doesn't show the masqueraded connections anymore?
Last edited by bbibber on Fri Apr 19, 2002 2:24 pm; edited 1 time in total |
|
| Back to top |
|
|
Fragadelic
n00b
Joined: 18 Apr 2002
Posts: 26
|
| Posted: Fri Apr 19, 2002 2:19 pm Post subject: |
|
|
Can you ping the other computers on the network from the gentoo box?
It may be that the drivers for the nics are not installed(eg-either not compiled in the kernel or the modules have not been loaded).
Also, what does your output from 'ifconfig' look like? |
|
| Back to top |
|
|
tgnb
Apprentice
Joined: 16 Apr 2002
Posts: 208
Location: New York, NY
|
| Posted: Fri Apr 19, 2002 2:50 pm Post subject: ugh |
|
|
bbibber: now i feel stupid. i bet you hit the nail on the head. i think in slackware ip forwarding is enabled by default. ... i will check this as soon as i get home  this is why i am starting to love gentoo. it doesnt do things for me. i have to do them myself, therefore learning to understand my system better.
thanks gentoo |
|
| Back to top |
|
|
gilgames
n00b
Joined: 18 Apr 2002
Posts: 12
Location: Edam - The Netherlands
|
| Posted: Fri Apr 19, 2002 10:50 pm Post subject: Re: ugh |
|
|
| tgnb wrote: | i think in slackware ip forwarding is enabled by default. this is why i am starting to love gentoo. it doesnt do things for me. i have to do them myself, therefore learning to understand my system better.
thanks gentoo |
IIRC ip forwarding is disabled by default in the kernel, you have to enable it explicitly. Which is by far safer than enabling it by default. A distro like that gives me the shivers. |
|
| Back to top |
|
|
gumbootcha
n00b
Joined: 23 Apr 2002
Posts: 5
Location: Philippines
|
| Posted: Thu May 30, 2002 6:13 am Post subject: iptables script |
|
|
hi! i was reading your thread for the past few days and thanks to you, i was able to setup internet sharing in our home lan.
while i was going through the /etc/conf.d folder, i noticed that there was an iptables script there. i was wondering if anyone knew how to use this script.
in my case, i just used /etc/conf.d/local.start to place the rules and stuff to get my sharing enabled.
thanks. |
|
| Back to top |
|
|
Mnemia
Guru
Joined: 17 May 2002
Posts: 476
|
| Posted: Thu May 30, 2002 10:36 pm Post subject: Re: iptables script |
|
|
| gumbootcha wrote: | hi! i was reading your thread for the past few days and thanks to you, i was able to setup internet sharing in our home lan.
while i was going through the /etc/conf.d folder, i noticed that there was an iptables script there. i was wondering if anyone knew how to use this script.
in my case, i just used /etc/conf.d/local.start to place the rules and stuff to get my sharing enabled.
thanks. |
What I did was manually configure my firewall rules using a standalone script. Then when I was sure it was working right I used the iptables-save command (part of the iptables package) to dump my rules to the location that the iptables boot script expects (/var/lib/iptables/rules-save).
Then the /etc/init.d/iptables script will work correctly by loading the rules saved to that file. You can then add that script to be loaded at boot. |
|
| Back to top |
|
|
gumbootcha
n00b
Joined: 23 Apr 2002
Posts: 5
Location: Philippines
|
| Posted: Fri May 31, 2002 12:02 am Post subject: re:re:iptables script |
|
|
will that script automatically activate ip_forward and ip_dynaddr for me?
thanks. |
|
| Back to top |
|
|
Mnemia
Guru
Joined: 17 May 2002
Posts: 476
|
| Posted: Fri May 31, 2002 5:11 am Post subject: |
|
|
I'm not actually using NAT/forwarding, so I haven't explicitly tested the proposition, but I think that any iptables command can be initiated through this script. So, yeah, I think that it should work for that purpose. Just set all the commands up by hand or with the help of a GUI tool and get the firewall/routing running, and then type:
| Code: |
iptables-save > var/lib/iptables/rules-save
|
Then:
| Code: |
rc-update add iptables default
|
You should tweak the dependencies on the init script a bit to make sure that the firewall comes up immediately following the network interface, but other than that, that's it. |
|
| Back to top |
|
|
|
Networking & Security
