/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi Ashley,
Sounds like you're getting there 1 step at a time.
On Sat, 23 Sep 2000, Ashley M. Kirchner wrote:
> Setup:
>
> [ I-Net ] ---> [ DSL Router ] ---> [ Linux ] ---> [ HUB ] ---> LAN
>
> DSL Router setup: external: 205.240.12.217
> internal eth0: 10.0.0.1
> Linux box: eth0: 10.0.0.2 (crossover to DSL modem)
> eth1: 192.168.1.1 (connected to HUB)
> LAN machines: 192.168.1.x
Looks good so far. Make sure you keep both eth0s set to 10.0.0.1 and
10.0.0.2 as shown.
In your Linux box you need to set up some type of routing, either a
firewall script, gateway, or IP forwarding, and make sure you have packet
forwarding set to allow for it. /etc/sysconfig/network should have the
following line set:
FORWARD_IPV4="yes"
If you're running a recent version of Red Hat and are running a stock
kernel it's already compiled for networking and IP forwarding.
You'll need to decide if you wish to use your Linux box as a firewall,
gateway, or simple IP forwarder. I'm doing the latter for my home LAN. I
found the directions for setting it up on the 'net:
http://ipmasq.cjb.net
You didn't state what brand of Linux you're using - I'm using
Red Hat 6.1, so what I say may or may not apply exactly. BTW, I'm using
QWest (US West) for DSL, Cisco 675, and Citilink.Com for my ISP
(Minneapolis, MN area).
My routing table looks like such:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
10.0.0.0 10.0.0.2 255.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.1 0.0.0.0 UG 1 0 0 eth0
/etc/hosts reads:
$ less /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.1 falcon falcon
192.168.1.2 kingfisher kingfisher
192.168.1.3 hawk hawk
10.0.0.2 glenlee.citilink.com dove
> The Linux box can see everything, both internally, as well as
>externally, but I can't seem to get the LAN machines to be able to get
>out to the net, let alone do some of the standard services
>(ssh/ftp/web/), or stuff like Napster, pcAnywhere, blah blah blah blah.
>From the Win boxes, try pinging the Linux box at 192.168.1.1.
If that doesn't work then you need to go into Settings -> Control Panel ->
Network and modify your setup so that your Windows boxes can access the
network. Make sure the netmask in the Windows boxes matches that on the
Linux box. If they don't then the machines are broadcasting on different
"channels," and won't be able to communicate.
If pinging the Linux box works try pinging 10.0.0.2 from a Win box. If
that doesn't work then your routing/firewall/forwarding isn't set up
right. This is evidence that you can ping the box from the LAN side, but
the Linux box isn't allowing packets to get from eth1 to eth0, so the
packets are dying inside Linux.
When it works then try pinging 10.0.0.1 (eth0 on the router). If it
doesn't work then recheck your routing table. Make sure it reads
something similar to what I have above. You may need to make manual
modifications; read "man route" for specifics on how to manually modify
the kernel routing table. Don't rely on linuxconf to properly set up
kernel routing.
When that works then try pinging your static IP address. If it doesn't
work make sure that DHCP is running on the router, or that you have
manually entered the correct IP address when you configured the Cisco.
When that works try pinging your ISP, then the rest of the 'net, etc. If
you can ping all these from your Win box and still can't get services to
work then your routing is correct but you have trouble elsewhere. Double
check your ipchains configuration and your Windows network setup,
including the settings on Internet Explorer.
> Is this being caused because of the DSL router's internal NAT
>translation? Or something with the Linux box? And if so, what the heck
>am I looking for to fix?
It could be anything from not having your Windows boxes set up properly
for the network to a problem with ipchains to a messed up kernel routing
table. Linuxconf isn't very reliable when it comes to setting up kernel
routing. Don't count on it to get it right.
Glen
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
