Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am a extreme newbie but have managed to get RH7.1 (Kernel 2.4.2) to talk to my win98 box using Samba and Telnet - Great! My linux box is the router which is also great, exept it does not route! Hence, I can not ping outside the local net or get net access on the win 98 box (internal).
The linux box works just fine on the net via ippp0 and the internal net is fine too (eth0) but there is no communication between the two.
I ahve tried the script from Red Hat (it is too long to post here so here is the URL) ..
When I run the script i get a load of abuse back ...
EXTDEV: ippp0 on 213.122.70.100
INTDEV: eth0 on 192.168.0.1
Stating Firewall: modprobe: Can't locate ip_masq_ftp
modprobe: Can't locate module ip_masq_irc
modprobe: Can't locate module ip_masq_raudio
Setting masq Timeouts
Setting new forward rules
Forward...input...setting new input rules
Setting new output rules
output... Done with the firewall rulesets
acct...done
Phew!
The IP's are correct as are the devices. Similair results have been had from other scripts too. I definately have iptables installed (1.2.1a) and thought that this was the same package as 'Netfilter' but I a not too sure if theere are other modules I am missing. As all the Hardware seems fine I am assuming that this is just a software problem.
You supplied great info, but it's not enough to workout what's going on.
Supply this info.
# ifconfig -a
# netstat -r
# cat /etc/hosts
if you don't want to post it here you can mail it to me at roldbury@newmail.net
Also stupid question but you have got a 1 in the file /proc/sys/net/ipv4/ip_forward haven't you.
Also while your at it improve your security of the box with these settings.
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# echo 1 > /proc/sys/net/ipv4/ip_always_defrag
# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
I've collected the info that you requested and have Emailed it to you. I tried to post it here but NS will not allow me to copy and paste from other app's.
I've also posted the info to a web page so that John Chong can follow. It is at ...
My Ext IP is dynamic so I asume it is safe to give this info (famous last words!!)
"...have got a 1 in the file /proc/sys/net/ipv4/ip_forward haven't you?"
Yep sure do, just a 1 and nothing else. I pressume that this just tells the system whether ot not to forward packets, an on/off switch?
As for the rules you suggest, I pressume I would copy this to a script and run it whenever I start the firewall.
Sorry for my ignorance, I am trying to get a handle on all the terminology. Up until two months ago the only 'terminal' I had heard of had buses comming out of it
I think something is wrong with the network address translation side.... i.e the Masquerading.
1) First put in the host name imsnet-cl12-hg9 + ip address in the /etc/hosts file.
2) remove all text from the host.allow and deny.
Your firewall will do this + it's confusing to work out what does what when looking for errors.
3)now send me the information from # ipchains -L -n
Only after you run that firewall script you talked about.
Basically.
I don't think your Linux box has the correct rules to allow the windoze box to forward out, from the other settings you supplied all looks fine.. besides the fact your local loopbacks Maximum transmission units are set at 16436 "very high" all is ok.
ps. I didn't get any info in email, so post it in that text file.
Sorry for the delay in posting - BT internet (my very bad isp) was down all yesterday so I a behind
I did not quite understand what you wanted me to put in /etc/hosts,
..Put... "imsnet-cl12-hg9 + ip address"
Dp you mean copy this ver batum or do I need to substitute ip address for an IP addres (and if so which one?). I have a feeling that this is a very dumb question but hey I am a newbie
If you can clarify that for me I'll pop the results back to that txt file
Sorry for the bother and cheers again for all you help,
Anyway what I mean is that your router table shows it as your default router, I guess as you don't have the IP address of the router in the hosts file, it resolves the name for you.
I've found that this can cause a problem sometimes so it's better to have the IP address in the /etc/hosts file.
the router in your table is called "imsnet-cl12-hg9"
Connect to the ISP on the Linux box and resolve the IP address of that router.
type # route -n
This will not resolve the name from the tables forwarding information base and show the IP address.
Then once you have the IP address add it to the /etc/hosts file.
so it will look something like this:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 m2k.localdomain localhost Merlin2000
192.168.0.1 m2k m2k
192.168.0.10 merlin4
214.55.78.1 imsnet-cl12-hg9
##END
If you can get internet access from your Linux box without doing this then don't worry about it so much.
You need to fix the NAT side of the box so the Windozes systems can go out.
Also type # ipchains -V
This will show me the version of ipchains installed.
OK I am having a problem in resolving the router IP, as I say this is all new to me (but boy am I on a learning curve ).
I've posted back to that text file again with as much info as I can think of, basically I tried traceroute when ping and whois failed.
Ipchains version I can Handle it's 1.3.10 .
Just a seperate question for you, when I connect to BT do I connect through a local router. When I did traceroute I saw some place names - just wondering is all!
Thanks again for your help and your patience, it's great. I definately owe you a beer or three!
Looks like your PPP is all Dynamic, actually I know BT only uses Dynamic addresses. Doh!
The router at the time you connected was 213.120.208.142, then next time you connected it was 213.120.207.201.
Anyway lets get your windozes system to talk through the box.
If your Linux box can ping internet addresses once dialled up, then we're ready to proceed.
And your windozes boxes should also be able to ping the Linux box.
Don't run that firewall script you talked about in your first message it's crap.
now as root type this in and see what happens.
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# echo 1 > /proc/sys/net/ipv4/ip_always_defrag
# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# ipchains -F
# ipchains -P input DENY
# ipchains -P output REJECT
# ipchains -P forward DENY
# ipchains -M -S 3600 10 160
# ipchains -A forward -s 192.168.0.0/24 -j MASQ
Now dial up on the Linux box and see if the windozes box can ping an ip address like 198.133.219.25 "cisco.com".
Put the DNS servers that BT let you use in the Windozes network TCP props and then try the internet.
Also make sure the gateway in Windozes is set to your Linux boxes fixed 192... IP address
Your Linux box is setup for NAT only now, it has crap firewall rules... this is the next step once you have this working.
I entered all the commands you gave into a script and ran it and got an error. So I rebooted and enetered them manually and got the same error again when I enetered the line
# echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
No such file or Directory
(I did not type the # marks though).
I gave it a try and lost all network traffic through ippp0 (dial up) and lost the loop back device as well (I was going to use webmin to get BT's DNS)
I am beginning to wonder if my installation is correct. I've appended an ls -al to that text file (on /proc/sys/net/ipv4 ) and the directory 'all' is not there.
I tried Knetfilter last night for a laugh, it would not install as it does'nt think that my system is up for the job (You may need to upgrade your Kernel or Netfilter).
So, do you think it would be worthwhile going back through the RH installer or redoing Netfilter? Allthough, I am confident that I set the firewall to "medium" during install.
Thanks again for your Help Raz, we'll make it a brewery !
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
...
