Share internet connection/make a small server

Antonio Olivares olivares14031 at yahoo.com
Mon Sep 5 16:22:22 UTC 2005 


--- Antonio Olivares <olivares14031 at yahoo.com> wrote:

> 
> --- Jeff Vian <jvian10 at charter.net> wrote:
> 
> > On Thu, 2005-09-01 at 04:53 -0700, Antonio
> Olivares
> > wrote:
> > > 
> > > --- Jeff Vian <jvian10 at charter.net> wrote:
> > > 
> > > > On Wed, 2005-08-31 at 17:16 -0700, Antonio
> > Olivares
> > > > wrote:
> > > > > 
> > > > > --- Jeff Vian <jvian10 at charter.net> wrote:
> > > > > 
> > > > > > On Wed, 2005-08-31 at 12:20 -0700, Antonio
> > > > Olivares
> > > > > > wrote:
> > > > > > > 
> > > > > > > --- Antonio Olivares
> > <olivares14031 at yahoo.com>
> > > > > > wrote:
> > > > > > > 
> > > > > > > 
> > > *nat
> > > :PREROUTING ACCEPT [759:76421]
> > > :POSTROUTING ACCEPT [4:288]
> > > :OUTPUT ACCEPT [394:23805]
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > COMMIT
> > > # Completed on Wed Aug 31 07:52:24 2005
> > > [root at rio ~]# cat /proc/sys/net/ipv4/ip_forward
> > > 1
> > > [root at rio ~]#  
> > > 
> > > Thanks for all your help and suggestions.  It
> will
> > > work.  It is just a matter of finding where
> things
> > are
> > > stopping.
> > > 
> > > Best Regards,
> > > 
> > > Antonio   
> > > 
> > 
> > Attached is a basic script for a firewall/router
> > like you are using.
> > 
> > Simply put it somewhere on the linux box, make it
> > executable, then as
> > root run it.
> > 
> > After running this script, rerun "service iptables
> > save" to save the
> > rules so they load automatically when you reboot.
> > 
> > It should load all the rules you need for a
> dynamic
> > external address on
> > eth0, a fixed internal address on eth1,  and DNS
> on
> > the external
> > network.
> > 
> > To test that it works, simply retry (from the
> > windows box) the ping
> > commands I gave earlier, and even try a ping to
> > www.yahoo.com.
> > If they all work then you should be all set.
> > 
> > This was generated using fwbuilder which is
> readily
> > available on the net
> > from  www.fwbuilder.org or on sourceforge.
> > 
> > HTH
> > Jeff
> > 
> 
> 
> I have gotten fwbuilder but I do not know how to do
> anything.  I have installed it but I am at the same
> point that I started.  
> 
> However, I found the following information from the
> script that you attached and it probably is one
> reason
> that it does not work.
> 
> The eth0 in the computer which is the dhcp server is
> the one which is assigned a static ip address.  Here
> in the script, that ip address is dynamic.  The
> bigger
> server to which this computer is attached is running
> static dhcp in which the mac address of the network
> interface is used.  That probably is the one of the
> reasons why it does not work.
> 
> #!/bin/sh 
> #
> #  This is automatically generated file. DO NOT
> MODIFY
> !
> #
> #  Firewall Builder  fwb_ipt v2.0.6-1 
> #
> #  Generated Thu Sep  1 08:25:45 2005 CDT by jeff
> #
> # files: * basicfw.fw
> #
> #
> #  This firewall has two interfaces. Eth0 faces
> outside and has a dynamic address; eth1 faces
> inside.
> #  Policy includes basic rules to permit
> unrestricted
> outbound access and anti-spoofing rules. Access to
> the
> firewall is permitted only from internal network and
> only using SSH. The firewall uses one of the
> machines
> on internal network for DNS. Internal network is
> configured with address 192.168.1.0/255.255.255.0
> #
> #
> #
> 
> The machine's name to have access to the BIG network
> is 6355-2 because it is the second computer in the
> classroom.  The name rio was the original host's
> name
> before they modified the network.  
> 
> Here's part of cat /var/log/messages 
> Sep  1 16:58:03 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61720 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep  1 16:58:04 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16132 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:04 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61721 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep  1 16:58:05 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16388 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:07 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16644 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:13 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16900 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:14 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=17156 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:16 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=17412 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep  1 16:58:17 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:1f:86:f9:67:08:00
> SRC=10.154.19.17 DST=10.154.19.255 LEN=241 TOS=0x00
> PREC=0x00 TTL=128 ID=13102 PROTO=UDP SPT=138 DPT=138
> LEN=221
> Sep  1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61724 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep  1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61725 PROTO=UDP SPT=137 DPT=137
> 
=== message truncated ===

I have checked /etc/sysconfig/dhcpd and it has 

# Command line options here
DHCPDARGS=

which it has no eth0 or eth1 and I am putting eth1 and
will report back if it works.

DHCPDARGS=eth1

Best Regards,

Antonio


	
		
______________________________________________________
Click here to donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/

More information about the users mailing list