F16 box as a router... incomplete setup

[MALDATA]

I apologize in advance... I don't know much about networks. I just know mine is acting different after a F14 -> F16 upgrade. Some of this may be nonsense... please correct me where I'm wrong.

My desktop used to run F14. I plugged a switch into one of the ethernet ports and used it to connect three other machines (two running F14, one running Arch). On my desktop, I opened networkmanager, changed that ethernet port to "shared to other computers," and everything was done. The machines got IP addresses, and they could access the internet through mine.

Last week I upgraded my desktop to F16, and it seems like everything's working differently now. I selected "shared to other computers," but it doesn't start a DHCP server as advertised here:

http://docs.fedoraproject.org/en-US/...ting_IPv4.html

That alone isn't a big deal... the other machines are set up with static IP addresses anyway. I can SSH and VNC into them from my desktop, but none of those machines can access the internet. I can enable the DHCP service on my desktop, but if all that will do is allow dynamic IPs, it's unnecessary. Does the DHCP server have something to do with internet sharing? Or is there another service that needs to be enabled for that to happen (e.g., the "forwarding DNS server" referenced in the link)?

Also, one of the other machines (still running F14) connected to the switch has a second ethernet port through which it should connect to the internet. When it is also plugged into the switch, it loses its internet connection from that port. When it is unplugged from the switch, it can connect again.

So basically, I need someone to help me understand why my new F16 install doesn't do a complete setup when I select "shared to other computers," how I can get it back to a working configuration, and why the F14 box gives internet connection priority to the port that goes to my desktop (which doesn't share an internet connection).

Thanks!

[PatMcLJr]

I dunno.
Maybe you could temporarily disable SELinux and the firewall to see if one of those is regulating the access?

[lightman47]

Put simply - DHCP merely assigns addresses.

[MALDATA]

Quote:

Put simply - DHCP merely assigns addresses.

That's what I thought. So is there another service that needs to be running, then? Like a DNS server or something?

Also, I found out that choosing "shared to other computers" DOES start the dnsmasq program...

Code:

$ ps aux | grep dnsmasq
nobody   29122  0.0  0.0  13096   384 ?        S    Jan03   0:00 /usr/sbin/dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.100,60m --dhcp-option=option:router,10.42.0.1 --dhcp-lease-max=50 --pid-file=/var/run/nm-dnsmasq-p128p1.pid

dnsmasq should handle pretty much everything, right? Does it also deal with the NAT? Even if I just try to ping an IP address instead of a domain, it still fails, so I don't think it's just a domain-resolution problem.

Code:

$ ping google.com
ping: unknown host google.com

$ ping 74.125.225.114
PING 74.125.225.114 (74.125.225.114) 56(84) bytes of data.
From 10.42.0.1 icmp_seq=1 Destination Host Prohibited
From 10.42.0.1 icmp_seq=2 Destination Host Prohibited
From 10.42.0.1 icmp_seq=3 Destination Host Prohibited
^C
--- 74.125.225.114 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2002ms

Any ideas? Thanks!

[lightman47]

dnsmasq does a lot of stuff if you set it up to do so. I only use the local network nameshare portion of it - hardcoded all my local machine IPs and names into my /etc/hosts. dnsmasq then broadcasts that host file across then network - and it becomes the hosts file on each of the machines (but mine are all using DHCP instead of hard coded)..

I did notice it's capable of doing DHCP as well, but I never went there as I am running my own dhcpd on my server. My server is still running fc14 and I am VERY hesitant about upgrading to fc16. I know it's coming, but not soon.
-----
The ping you mentioned worked for me. That's a nasty message you got. Are your hard-coded machines on the same subnet with your server (10.42.0.n)? I ask wondering if your server got a new address for that card during the upgrade.

[MALDATA]

Quote:

The ping you mentioned worked for me. That's a nasty message you got. Are your hard-coded machines on the same subnet with your server (10.42.0.n)? I ask wondering if your server got a new address for that card during the upgrade.

You mean the ones with static IP addresses? Yes, they are all on 10.42.0.XXX

The IP addresses did change, in F14 the subnet was 10.42.43.XXX. When F16 set it up as 10.42.0.XXX, I changed all the addresses on the three other machines also. I can SSH and VNC to them, but the internet is not being shared.

[lightman47]

OH - I just remembered this from an FC16 upgraded of my 32 bit machine a week ago - command line Internet worked, GUI failed. In Network devices I found TWO entries for it's network card. One was eth0, and the second was Wired Connection {something}. Having read about new network device names in FC16, I deleted the etho, edited the Wired to start auto, etc. and rebooted the machine. Worked like a champ for me. Hope it's that simple for you !?

Also enabled NetworkManager to manage it.

[TDAY]

Destination Host Prohibited

This sounds like the firewall isn't allowing the traffic to be forwarded. Have you tried disabling it to verify? Have you thought about running wireshark to see what your F16 host is doing?

[MALDATA]

I tried disabling the firewall completely, but it doesn't fix it. I haven't tried wireshark because I'm not certain I know what to look for.

[TDAY]

I am running my lan traffic through my F16 host and I had to set "net.ipv4.ip_forward = 1" in /etc/sysctl.conf. That being said, I'm not using the "shared to other computers" in NM.

[markus39]

I use a script to set up nat:

<script>
#!/bin/bash

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables --table nat --append POSTROUTING -s 192.168.203.0/24 -o eth0 -j MASQUERADE
</script>

and this dnsmasq config:

<conf>
bogus-priv
expand-hosts
domain=home.nl
dhcp-range=192.168.203.20,192.168.203.50,24h
interface=eth1
</conf>

Works perfectly.

[07CobaltGirl]

Just something to chew on, similar problem involving an Ubuntu box and a Fedora DHCP server issue...

cannot connect to Internet(Destination Host Prohibited)

I would also look into DNS services listed on the fedora machine, perhaps your /etc/hosts could shed more light?

[MALDATA]

Quote:

I would also look into DNS services listed on the fedora machine, perhaps your /etc/hosts could shed more light?

Almost all of the services running on this machine right now are default for an F16 installation. The only thing I did was turn on sshd. There's not much of interest in /etc/hosts...

Code:

$ cat /etc/hosts
127.0.0.1		localhost.localdomain localhost
::1		localhost6.localdomain6 localhost6

That Ubuntu thread kind of dead-ends... the solution was apparently to "remove the DHCP server," but on Fedora the DHCP server is dnsmasq, launched by networkmanager.

[aesir]

Do clients get the correct configuration parameters?
First of all look at the routing table "route -n", is it correct?

On the router "iptables -L -n -v -x" will give you the number of packets that are accepted in the FORWARD, try it before and after a ping attempt to see where they fall.

About DNS resolution, see if there is any difference in results between "host www.google.com", "host www.google.com 10.42.0.1" and "host www.google.com 8.8.8.8".