FC4 - dhcpd Not Working After Reboot
Alexander Dalloz
ad+lists at uni-x.org
Thu Jun 23 15:58:22 UTC 2005
Am Do, den 23.06.2005 schrieb Greg Swallow um 16:50:
> Glory be dhcpd is working!
>
> At least for the a Windows box I have set up to test the network, but
> nothing is routing. Entered
> what I thought would work, but this is where I usually have to do
> enough that I forget the exact
> steps that make it actually function.
> ifcfg-eth0 (192.168.0.101)
>
> DEVICE=eth0
> BOOTPROTO=dhcp
> HWADDR=00:05:5D:2D:E3:B9
> ONBOOT=yes
> TYPE=Ethernet
> ifcfg-eth1
>
> DEVICE=eth1
> BOOTPROTO=none
Why "none"? Should be "static"
> HWADDR=00:A0:CC:E2:D5:E4
> ONBOOT=yes
> TYPE=Ethernet
> NETMASK=255.255.255.0
> IPADDR=192.168.1.1
> USERCTL=no
> PEERDNS=yes
¿Why do you set this?
> IPV6INIT=no
> GATEWAY=192.168.0.1
Better avoid setting "GATEWAY" in ifcfg-ethX, but set it in
/etc/sysconfig/network.
> Have also tried a default route on eth1 of:
>
> Destination: 192.168.1.1
> Netmask: 255.255.255.0
> Gateway: 192.168.0.1 (router) and 101 (eth0)
Check the routes running "route -n".
> iptables
>
> # Generated by iptables-save v1.3.0 on Thu Jun 23 05:16:29 2005
> *filter
> :FORWARD ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [188:23056]
> :RH-Firewall-1-INPUT - [0:0]
> -A FORWARD -j RH-Firewall-1-INPUT
> -A FORWARD -i ippp0 -m state --state INVALID,NEW -j DROP
That second FORWARD rule is never reached as IPUT is left immediately
with jump target RH-Firewall-1-INPUT. And to DROP connections in FORWARD
direction with state NEW?
> -A INPUT -j RH-Firewall-1-INPUT
> -A INPUT -i ippp0 -m state --state INVALID,NEW -j DROP
Nor this INPUT rule with input device ippp0 is ever reached.
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
> -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Thu Jun 23 05:16:29 2005
I am missing the masquerading rule for NAT. Something like that:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[0:0] -A POSTROUTING -o ippp0 -j MASQUERADE
> GregS <><
And be sure you get
$ grep "ip_forward" /etc/sysctl.conf
net.ipv4.ip_forward = 1
1 means forwarding between the machine's devices is enabled.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp
Serendipity 17:48:05 up 2 days, 2:02, load average: 2.62, 2.34, 1.75
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050623/8c490fc3/attachment-0001.sig>
More information about the fedora-list
mailing list