| View previous topic :: View next topic |
| Author |
Message |
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
 Posted: Sat Jul 01, 2006 7:02 am Post subject: simple networking config problem |
 |
|
hey guys,
im kinda a gentoo newbie. but learnin my way thru it.
i got what seems like the silliest problem but i just cant work it out!
tryin to network 2 computers via cross over cable, comp one is connected to the net via usb modem (eth1), the other NIC is for my network.
comp two has got 2 NICs, one unused, and one for the network connection.
ive been using ifconfig and route 1534947 times and im sure ive done that right, but i just cant route internet. ive used kde's control centre network config wizard as well.
is there something with ip forwarding or something that im missing?
appreciate the help, thanks! |
|
| Back to top |
|
 |
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Sat Jul 01, 2006 9:20 am Post subject: |
|
|
what do you have in /etc/conf.d/net on each machine ?
what do you have in /etc/sysctl.conf on each machine ? |
|
| Back to top |
|
|
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
| Posted: Sat Jul 01, 2006 9:46 am Post subject: |
|
|
thanks for the reply.
i havent placed anything in the net file..
ive just been using manual commands...
eg:
dhcpcd eth1
ifconfig eth0 192.168.1.1
the other computer -
ifconfig eth0 192.168.1.2
route add default gw 192.168.1.1
the /etc/sysctl.conf....
# /etc/sysctl.conf
#
# For more information on how this file works, please see
# the manpages sysctl( and sysctl.conf(5).
#
# In order for this file to work properly, you must first
# enable 'Sysctl support' in the kernel.
#
# Look in /proc/sys/ for all the things you can setup.
#
# Disables packet forwarding
#net.ipv4.ip_forward = 0
# Disables IP dynaddr
#net.ipv4.ip_dynaddr = 0
# Disable ECN
#net.ipv4.tcp_ecn = 0
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Enable reverse path
net.ipv4.conf.all.rp_filter = 1
# Enable SYN cookies (yum!)
# http://cr.yp.to/syncookies.html
#net.ipv4.tcp_syncookies = 1
# Disable source route
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.default.accept_source_route = 0
# Disable redirects
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# Disable secure redirects
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disables the magic-sysrq key
#kernel.sysrq = 0
# When the kernel panics, automatically reboot in 3 seconds
#kernel.panic = 3
# Allow for more PIDs (cool factor!); may break some programs
#kernel.pid_max = 999999
# TCP Port for lock manager
#fs.nfs.nlm_tcpport = 0
# UDP Port for lock manager
#fs.nfs.nlm_udpport = 0 |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Sat Jul 01, 2006 10:15 am Post subject: |
|
|
| Quote: |
#net.ipv4.ip_forward = 0
|
That is in the sysctl.conf of the machine that is connected to internet (and to your other machine?)
if so, right there that would prevent any routing.
change it to
net.ipv4.ip_forward = 1
and run sysctl
you can also do:
$> echo 1 > /proc/sys/net/ipv4/ip_forward
but that will only work until the next reboot. |
|
| Back to top |
|
|
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
| Posted: Sat Jul 01, 2006 10:19 am Post subject: |
|
|
thanks ill try it now!
after searching the forums i tried
$> echo 1 > /proc/sys/net/ipv4/ip_forward
on the pcs but on reboot it would always reset itself to 0. |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Sat Jul 01, 2006 10:24 am Post subject: |
|
|
| chookie wrote: | thanks ill try it now!
after searching the forums i tried
$> echo 1 > /proc/sys/net/ipv4/ip_forward
on the pcs but on reboot it would always reset itself to 0. |
Yep.
That's why there is sysctl.conf... so that these config are set the way you want at each boot. |
|
| Back to top |
|
|
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
| Posted: Sat Jul 01, 2006 11:21 am Post subject: |
|
|
im getting somewhere...
the computer without the net connection can ping the other computer..... AND it can ping my ISP gateway address... but nothing else.
can ya help?  |
|
| Back to top |
|
|
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
| Posted: Sat Jul 01, 2006 11:24 am Post subject: |
|
|
| btw im not using any firewall or iptables. |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Sat Jul 01, 2006 12:05 pm Post subject: |
|
|
| chookie wrote: | | btw im not using any firewall or iptables. |
Well that's not a good idea 
let's call you computer that has the internet connection A and the other one B.
you will HAVE to do something so that from B you can go on the internet.
You computer B has a private adresse (a 192.168.x.y) these adress cannot go on the internet. in other word, if you ping from B your ping will go to A and then on the internet, but it will get dropped right away by the next machine because it comme from an 'invalid' address....
The trick is to 'fake' your adress in the outgoing packets so that the rest of the world believe they are talking to machine A. then of course remember that so that the response can be send to B anyway. This 'faking' is what is called 'Masquarading' or 'NAT Network Address Translation' (if you want more details see - for example - http://www.hasenstein.com/linux-ip-nat/diplom/)
There may be different ways to achieve that result, maybe without using iptables, but iptables is all I know, so I'll stick to it.
First thing you need to emerge iptables on machine A
and then you need to follow
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
(note: that may involve a recompile of your kernel, or at least building some modules)
In essence, the most important part is
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
(eth1 is, in your case, the interface connected to internet)
I strongly suggest you dig a bit more into iptables to learn how to block the rest of the world from comming - uninvited- on your machines. In most case there is no reason to allow an 'outside' machine to initiate a connection - unless you intend to run a web server or somthing like that. even if you do it is still prudent to block everything and open explicitely what you need to open.
On my firewall I even to that for the outgoing traffic. |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
|
| Back to top |
|
|
chookie
n00b
Joined: 20 Apr 2006
Posts: 7
|
| Posted: Sat Jul 01, 2006 12:17 pm Post subject: |
|
|
hehe yeh i know its pretty stupid not to run a firewall..
i was jus tryin to get the networkin part up first.
ill do that iptables stuff now thanks heaps for ur help. |
|
| Back to top |
|
|
|
Networking & Security
