Felix Miata wrote:
>
> Pierre Fortin wrote:
>
> > Felix Miata wrote:
>
> > > Pierre Fortin wrote:
>
> > > Now I've #'ed the compatibility section you said to delete.
>
> > > route -n (no ppp):
> > > Kernel IP routing table
> > > Destination Gateway Genmask Flags Metric Ref Use Iface
> > > 192.168.0.54 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>
> > > route -n (with ppp):
> > > Kernel IP routing table
> > > Destination Gateway Genmask Flags Metric Ref Use Iface
> > > 209.208.25.20 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
> > > 192.168.0.54 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> > > 0.0.0.0 209.208.25.20 0.0.0.0 UG 0 0 0 ppp0
>
> > > My other machines still can't see the internet when st21s has active ppp.
> > > netstat -arp on OS/2 shows the following first line:
>
> > > Destination Router Netmask Flags Metric Ref Use Iface
> > > default 192.168.0.54 0.0.0.0 UG 0 0 28 lan0
>
> > This will work for internal communication... this machine has only one way out
> > and everything can go via a single default route.
>
> If st21s (.54) isn't up, none of the other local machines can ping any
> others. Seems like this should not be so. Also, the IP Masquerade mini
> HOWTO says:
If the above OS/2 output is typical, then st21s is required for local
communication. You should have an entry like this in those machines:
Destination Router Netmask Flags Metric Ref Use Iface
default 192.168.0.54 0.0.0.0 UG 0 0 28 lan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 NN lan0
^^^^^^^^^^^^^^^^^^^...
which will let these hosts communicate directly. No idea where to set this up in
half-OS.
> Configuring OS/2 Warp
>
> 6.Set the same DNS (Nameserver) Address that your Linux host uses in
> 'Hosts'.
>
> I currently have no DNS addresses in the OS/2 hosts file. Is this
> consistent with what you wrote above?
You can still use IP addresses, or place names/IPs in /etc/hosts as appropriate.
> > You now need to setup ipmasq on st21s to allow OS/2 to communicate through it.
>
> > > So, I'm still not where I need to be. Maybe closer I hop. I guess I'm still short
> > > on understanding the gateway concept and how it is implemented.
>
> > gateway is just another term for router in this context. You now need to setup
> > address translation (NAT aka ipmasq)...
>
> Is ipmasq just a nick for IP masquerade and/or NAT, or an actual Linux
Yes.
> executable (which I don't see in /sbin)? I found the IPCHAINS & IP
> Masquerade (mini & full) HOWTO's. Between those and the help from you,
> Ian, and a Usenet poster, my /etc/rc.d/rc.local ends with the following:
^^^^^^^^^^^^^^^^^^
This is not the proper place for basic network setup... For each line you have,
here's the setup file and example contents...
> /sbin/ifconfig eth0 192.168.0.54 netmask 255.255.255.0 up
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.54
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
ONBOOT=yes
> /sbin/ifconfig lo 127.0.0.1 up
/etc/sysconfig/network-scripts/ifcfg-lo:
DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
> #/sbin/route add -host 127.0.0.1 lo
Comment.
> #/sbin/route add default gw 192.168.0.54
Comment.
> #/sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.54
Comment.
> echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/sysconfig/network:
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=st21s.atlantic.net
DOMAINNAME=atlantic.net
GATEWAY=
GATEWAYDEV=
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/16 -j MASQ
This is minimal NAT... you probably want to firewall your network... There are
probably many different ways to do it; but here's what I used to have...
/etc/rc.d/rc.local:
#rc.firewall script - Start IPMASQ and the firewall
/etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall:
See http://rob.acol.com/~wlug/files/ipchains-firewall/ipchains-firewall.htm
and http://www.linux-firewall-tools.com/
> This is providing the machines on my local network access to the
> internet as long as st21s has an active ppp connection, so I have made
> major progress. However, I'm absolutely unsure about whether what I've
> done is a desirable way to reach that end, or whether I should be doing
> more than I have. If all I needed to do is what I did do, why didn't I
> find a simple example anywhere that simply states "howto"? Surely a
> configuration much like mine is common.
There are several gui tools to do this; but I still tend to do it the
ol'fashioned way... :^)
> Thanks again! It would probably have taken me an extra week at least
> without the help.
HTH (it's late and I'm drowsy),
Pierre
> --
> A fool gives full vent to his anger, but a wise man keeps himself under
> control. Proverbs 29:11 NKJV
>
> Written on OS/2, but routed to you via Linux
>
> Felix Miata *** http://mrmazda.members.atlantic.net/
