ip-masq, router problems-i'm stuck

ncstate74 · 04-17-2001, 08:34 PM

I'm new to linux. I had read how easy it would be to take an old pentium and turn it into a router. I've been trying for about a month now and I'm stuck. This is my last resort before I give up and buy a router. After many problems which I won't get into I've gotten this far :
1) Red Hat 7.0 installed.
2) two linksys network cards configured and working (many many problems with these cards...stay away from the linksys/tulip driver mess if you can)
3) I can use the linux box to access the internet from my dsl modem/service on eth0.
4) Using dynamic ip address assignment for assigning internal network computers (2 win 98 machines) from the other network card (eth1).
5) From the internal win 98 machines I can ping any external ip addresses (ping 152.some.ip.address).
Anyway, the problem that comes up is that the internal win 98 machines can't telenet out to external sites and I can't get out to places like http://www.yahoo.com. I tried to follow the IP_MASQ how to from the linux documentation project. In their testing section everything was going fine until I got to step 7 which was using the internal win 98 machines to telnet 152.some.ip.address. I don't know if I've set up my rc.firewall file up right. Especially the last couple lines of that file which I got from the IP_MASQ how to. Any and all suggestions are welcome. Is there a gui tool on red hat 7.0 that does some of this router setup automatically? Now I'm just rambling -> dsl modem connected to eth0 card on linux box. eth1 card on linux box connected to hub. two win 98 machines also connected to hub. running winipcfg on win 98 machines results in ip address of 192.168.1.2 and default gateway of 192.168.1.1 . On the linux box the ip address of eth1 is 192.168.1.1........anyway...um, please help...i'm stuck

smurf · 04-18-2001, 10:56 AM

My firewall script although very simple lets me do everything I want. Have a look at:-

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake 26000, 27000, 27910, 27960
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ

Aslong as you are not doing anything special with the linux box eg. Webserver then this firewall should be fine.
If you find this script useful you can always make it a little more secure by commenting the (echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose) line out. This line just makes games work a little better though NAT by giving direct access to internal machines using UDP.

Have a look at these links if you want some further reading

http://ipmasq.cjb.net/

http://www.vortech.net/rrlinux/ (tells u how to set a cable modem)

http://www.e-infomax.com/ipmasq/howt...WTO-1.95m.html

Hope this helps.

Have fun

bako · 05-15-2001, 09:53 AM

Or try one of the Linuxdistributions that are build as a dedicated router/firewall like Freesco (http;//www.freesco.org/) give you lots of room to play but way less hassle installing

because there's really no need to buy a router, with stuff like this you can do even more than any router will ever do....

KevinJ · 05-15-2001, 02:06 PM

It sounds like you are very close to having it working. If you can ping addresses outside (i.e. the internet) then you have the hard part done. That means that the system is routing and translating your packets.

Don't over complicate things with the firewall at first. You just want to get it working and then you can implement some stronger security if you decide you need it. For the most basic IPmasq setup, there are only two lines in your rc.firewall that really count:

echo 1 > /proc/sys/net/ipv4/ip_forward

That one will make sure you are setup to forward IP. It sounds like that part may be working for you.

/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

This is an example of the ipchains line that will forward setup basic IPmasq. You should edit the IPnet and mask to suit your situation of course.
This may also be working for you. There are some other settings in there to get certain things working like Quake and ICQ, but I wouldn't worry about those until you can at least surf the web.

Are you sure you are not just having problems with name resolution? Do you have your ISP's DNS server addresses listed in the TCP/IP properties of your Win98 machine? Do you have those same addresses listed in the /etc/resolv.conf file of your Linux machine?

Also, and I am sure this is a typo, but from your description... it sounds like BOTH your Win98 machines have an addy of 192.168.1.2?? That won't work of course.

The HOW-TO you spoke of on Linuxdoc.org is a good one and that is what I used to set mine up.

hmkias · 05-19-2001, 05:12 AM

When u want ur Linux sys to act as a router

1.Enable routing in the Linuxconf
2.Then in ur Win 98 machines add the IP of eth connected to DSL modem as gateway in the TCP\IP settings.
3.Now ping the internet sites

Even more when u face probs , tell me the errors for I can help u ...

Kias