Hi,
I think I'm close, but somebody just has to tell me what I'm doing
wrong.
I would try to explain it, but I can't, so here's a picture.
Here's the setup:
DSL-Modem
|
_____________Hub_______
| |
Box A Box B
(eth0 is static (eth0 is
eth0:0 is 192.168.1.2
192.168.1.1) and gateway is
192.168.1.1)
I have all the requisite options compiled into my kernel (2.1.131), and
Box A and Box B can see each other, and Box A can see the outside world,
but Box B only kind of sees it. What I mean is this:
boxb% traceroute www.yahoo.com
1 192.168.1.1
---
--- (doing hops here)
---
11 www7.yahoo.com [204.71.200.72]
I think to myself "Great, got this working first try!". But, trying to
browse to any page in a web browser fails. I can telnet to machines
outside without a problem, I can ping, etc. But web browsing fails.
Since the only reason for setting this up was so that BoxB could browse
the web I haven't succeeded yet.
I have the following in my startup scripts:
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ifconfig eth0:0 192.168.1.1
/sbin/route add -net 192.168.1.0 dev eth0:0
(This line returns "SIOCADDRT: Invalid argument", which I'm sure is bad,
but since this is technically a different network, don't I need this?)
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward MASQ
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
I know that this provides no security, but I don't see how it's any LESS
secure than just having one machine hooked to the internet without any
type of firewall. If I'm horribly wrong here, let me know.
Thank you for your time,
Caleb Shay
--
I have too much blood in my caffeine system.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
