internet connection sharing - iptables

odysseus · #1 23rd December 2003, 09:48 AM

i have 2 linux boxes, and want both online while one should be the gateway for the other.

this is what i have done ON THE GATEWAY (192.168.0.1):

#enable ip-forwarding

Quote:

echo 1 > /proc/sys/net/ipv4/ip_forward

#masquerade - ppp0 is the device name of my internet connection

Quote:

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

this is what ive done ON THE CLIENT (192.168.0.1)(basically i think all i have to do is set the default rounte):

# file: /etc/sysconfig/network

Quote:

NETWORK=yes
..
..
GATEWAYDEV=eth0

# file: /etc/sysconfig/network-scripts/ifcfg-eth0

Quote:

DEVICE=eth0
IPADDR=192.168.0.2
..
..
GATEWAY=192.168.0.1

after doing so, i still get "destination unreachable" when i try to ping 192.168.0.1 from 192.168.0.2

i also tried

Quote:

/sbin/route add -net default gw 192.168.0.1 netmask 0.0.0.0 metric 1 eth0

,
but still "destination unreachable"

someone can help me ?

odysseus · #2 23rd December 2003, 10:03 AM

this is what i forgot:

Quote:

service network restart

now at least the boxes can ping each other, and the client can also ping to the internet by ip, like ping 217.72.195.42.

but pinging the hostnames, like ping www.web.de fails, because "unknown host www.web.de"

sumthing must be wrong with the dns, here is my /etc/resolv.conf on the Client

localdomain client
nameserver 145.253.2.11
nameserver 145.253.2.75

here is my /etc/resolv.conf on the Sever

localdomain server
nameserver 145.253.2.11
nameserver 145.253.2.75

why the client cannot resolve names ?

odysseus · #3 23rd December 2003, 11:03 AM

if there occur any problems, try to deactivate your firewall to see if its the firewall rules blocking you...

add trusted devices on the servers firewall (eth0, eth1)

im out, it works

Avatraxiom · #4 10th January 2004, 05:36 AM

Be aware that when you make a device trusted, you're eliminating all security on that device.

So, don't make your Internet interface trusted. :-)

-M

steltek · #5 10th January 2004, 06:15 PM

For your home or other small LAN, here's a URL

http//www.linuxforum.com/linux_tutorials/5/1.php

Great stuff. Had me set up in about 30 seconds.

pejcao · #6 10th January 2004, 06:56 PM

if want to avoid scripts and have NAT running at boot

to allow IP forwarding edit /etc/sysctl.conf change

net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1

To do the NAT stuff run

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
(change eth0 to the device that connects to internet like ppp0)

then save that rule

service iptables save

BTW If u want to serve DNS also but hate named (BIND), might want to take a look at dnsmasq (http//www.thekelleys.org.uk/dnsmasq/ ). Packaged for FC1 by dag (http//dag.wieers.com/packages/dnsmasq/)