Share internet connection/make a small server
Antonio Olivares
olivares14031 at yahoo.com
Mon Sep 5 16:22:22 UTC 2005
--- Antonio Olivares <olivares14031 at yahoo.com> wrote:
>
> --- Jeff Vian <jvian10 at charter.net> wrote:
>
> > On Thu, 2005-09-01 at 04:53 -0700, Antonio
> Olivares
> > wrote:
> > >
> > > --- Jeff Vian <jvian10 at charter.net> wrote:
> > >
> > > > On Wed, 2005-08-31 at 17:16 -0700, Antonio
> > Olivares
> > > > wrote:
> > > > >
> > > > > --- Jeff Vian <jvian10 at charter.net> wrote:
> > > > >
> > > > > > On Wed, 2005-08-31 at 12:20 -0700, Antonio
> > > > Olivares
> > > > > > wrote:
> > > > > > >
> > > > > > > --- Antonio Olivares
> > <olivares14031 at yahoo.com>
> > > > > > wrote:
> > > > > > >
> > > > > > >
> > > *nat
> > > :PREROUTING ACCEPT [759:76421]
> > > :POSTROUTING ACCEPT [4:288]
> > > :OUTPUT ACCEPT [394:23805]
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > COMMIT
> > > # Completed on Wed Aug 31 07:52:24 2005
> > > [root at rio ~]# cat /proc/sys/net/ipv4/ip_forward
> > > 1
> > > [root at rio ~]#
> > >
> > > Thanks for all your help and suggestions. It
> will
> > > work. It is just a matter of finding where
> things
> > are
> > > stopping.
> > >
> > > Best Regards,
> > >
> > > Antonio
> > >
> >
> > Attached is a basic script for a firewall/router
> > like you are using.
> >
> > Simply put it somewhere on the linux box, make it
> > executable, then as
> > root run it.
> >
> > After running this script, rerun "service iptables
> > save" to save the
> > rules so they load automatically when you reboot.
> >
> > It should load all the rules you need for a
> dynamic
> > external address on
> > eth0, a fixed internal address on eth1, and DNS
> on
> > the external
> > network.
> >
> > To test that it works, simply retry (from the
> > windows box) the ping
> > commands I gave earlier, and even try a ping to
> > www.yahoo.com.
> > If they all work then you should be all set.
> >
> > This was generated using fwbuilder which is
> readily
> > available on the net
> > from www.fwbuilder.org or on sourceforge.
> >
> > HTH
> > Jeff
> >
>
>
> I have gotten fwbuilder but I do not know how to do
> anything. I have installed it but I am at the same
> point that I started.
>
> However, I found the following information from the
> script that you attached and it probably is one
> reason
> that it does not work.
>
> The eth0 in the computer which is the dhcp server is
> the one which is assigned a static ip address. Here
> in the script, that ip address is dynamic. The
> bigger
> server to which this computer is attached is running
> static dhcp in which the mac address of the network
> interface is used. That probably is the one of the
> reasons why it does not work.
>
> #!/bin/sh
> #
> # This is automatically generated file. DO NOT
> MODIFY
> !
> #
> # Firewall Builder fwb_ipt v2.0.6-1
> #
> # Generated Thu Sep 1 08:25:45 2005 CDT by jeff
> #
> # files: * basicfw.fw
> #
> #
> # This firewall has two interfaces. Eth0 faces
> outside and has a dynamic address; eth1 faces
> inside.
> # Policy includes basic rules to permit
> unrestricted
> outbound access and anti-spoofing rules. Access to
> the
> firewall is permitted only from internal network and
> only using SSH. The firewall uses one of the
> machines
> on internal network for DNS. Internal network is
> configured with address 192.168.1.0/255.255.255.0
> #
> #
> #
>
> The machine's name to have access to the BIG network
> is 6355-2 because it is the second computer in the
> classroom. The name rio was the original host's
> name
> before they modified the network.
>
> Here's part of cat /var/log/messages
> Sep 1 16:58:03 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61720 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep 1 16:58:04 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16132 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:04 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61721 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep 1 16:58:05 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16388 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:07 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16644 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:13 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=16900 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:14 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=17156 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:16 rio kernel: RULE 2 -- DENY IN=eth1
> OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00
> SRC=192.168.100.199 DST=192.168.100.1 LEN=96
> TOS=0x00
> PREC=0x00 TTL=128 ID=17412 PROTO=UDP SPT=137 DPT=137
> LEN=76
> Sep 1 16:58:17 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:1f:86:f9:67:08:00
> SRC=10.154.19.17 DST=10.154.19.255 LEN=241 TOS=0x00
> PREC=0x00 TTL=128 ID=13102 PROTO=UDP SPT=138 DPT=138
> LEN=221
> Sep 1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61724 PROTO=UDP SPT=137 DPT=137
> LEN=58
> Sep 1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00
> SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00
> PREC=0x00 TTL=128 ID=61725 PROTO=UDP SPT=137 DPT=137
>
=== message truncated ===
I have checked /etc/sysconfig/dhcpd and it has
# Command line options here
DHCPDARGS=
which it has no eth0 or eth1 and I am putting eth1 and
will report back if it works.
DHCPDARGS=eth1
Best Regards,
Antonio
______________________________________________________
Click here to donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
More information about the fedora-list
mailing list