FC4 - dhcpd Not Working After Reboot

Alexander Dalloz ad+lists at uni-x.org
Thu Jun 23 15:58:22 UTC 2005


Am Do, den 23.06.2005 schrieb Greg Swallow um 16:50:

> Glory be dhcpd is working!
> 
> At least for the a Windows box I have set up to test the network, but 
> nothing is routing. Entered
> what I thought would work, but this is where I usually have to do 
> enough that I forget the exact
> steps that make it actually function.

> ifcfg-eth0 (192.168.0.101)
> 
> DEVICE=eth0
> BOOTPROTO=dhcp
> HWADDR=00:05:5D:2D:E3:B9
> ONBOOT=yes
> TYPE=Ethernet

> ifcfg-eth1
> 
> DEVICE=eth1
> BOOTPROTO=none

Why "none"? Should be "static"

> HWADDR=00:A0:CC:E2:D5:E4
> ONBOOT=yes
> TYPE=Ethernet
> NETMASK=255.255.255.0
> IPADDR=192.168.1.1
> USERCTL=no
> PEERDNS=yes

¿Why do you set this?

> IPV6INIT=no
> GATEWAY=192.168.0.1

Better avoid setting "GATEWAY" in ifcfg-ethX, but set it in
/etc/sysconfig/network.

> Have also tried a default route on eth1 of:
> 
> Destination:     192.168.1.1
> Netmask:          255.255.255.0
> Gateway:          192.168.0.1 (router) and 101 (eth0)

Check the routes running "route -n".

> iptables
> 
> # Generated by iptables-save v1.3.0 on Thu Jun 23 05:16:29 2005
> *filter
> :FORWARD ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [188:23056]
> :RH-Firewall-1-INPUT - [0:0]
> -A FORWARD -j RH-Firewall-1-INPUT
> -A FORWARD -i ippp0 -m state --state INVALID,NEW -j DROP

That second FORWARD rule is never reached as IPUT is left immediately
with jump target RH-Firewall-1-INPUT. And to DROP connections in FORWARD
direction with state NEW?

> -A INPUT -j RH-Firewall-1-INPUT
> -A INPUT -i ippp0 -m state --state INVALID,NEW -j DROP

Nor this INPUT rule with input device ippp0 is ever reached.

> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
> -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j 
> ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Thu Jun 23 05:16:29 2005

I am missing the masquerading rule for NAT. Something like that:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[0:0] -A POSTROUTING -o ippp0 -j MASQUERADE

> GregS <><

And be sure you get

$ grep "ip_forward" /etc/sysctl.conf
net.ipv4.ip_forward = 1

1 means forwarding between the machine's devices is enabled.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 17:48:05 up 2 days, 2:02, load average: 2.62, 2.34, 1.75 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050623/8c490fc3/attachment-0001.sig>


More information about the fedora-list mailing list