ALT Linux users (in English only)
 help / color / mirror / Atom feed
* [Comm-en] Setting up internet sharing
@ 2003-04-09 18:03 djbouley
  2003-04-09 19:03 ` Michael Shigorin
  0 siblings, 1 reply; 2+ messages in thread
From: djbouley @ 2003-04-09 18:03 UTC (permalink / raw)
  To: Community-en

Okay that got the firewall's rules is going okay.  My other PCs on the 
network, though, cannot seem to gain access to the Internet.

I have them configured to use a static IP, with addresses of 192.168.0.(2, 3, 
4, etc.),  IP of network set to 192.168.0.1 (eth1 on main PC), Netmask of 
255.255.255.0, Broadcast address of 192.168.0.255, Gateway of 192.168.0.1 
(eth1 on main PC).

Using the ALT Linux control centre, eth0 and eth1 show to be up and running.  
eth1 shows of having an IP address of 192.168.0.1 (the control centre's share 
connection setup still doesn't work, though).

The control centre's Services tool show that iptables is 'running'.

I'll try to figure something out if I can, I just thought I'd let you know how 
it's going.  Thanks for all of your time and effort.

David.



> Argh, it's my fault -- underreconstructed local configuration.

> Here's the contents of /etc/sysconfig/iptables:

> Should be like this: (add one line)

> *filter
> :tcprules - [0:0]
> -A INPUT -j tcprules
> -A FORWARD -j tcprules
> -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT
> -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP
> -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable
> COMMIT
> *nat
> -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
> COMMIT

> The story: we've asked iptables to use a specific chain (which
> gets reused), but haven't created ("declared") it and no specific
> module was found to be used for it.

> Somewhat more elaborate config is attached, you can have some
> more interesting examples in its comments.


============================================
(o_
//\
\/_/  E-mail powered by Linux
============================================
======



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Comm-en] Setting up internet sharing
  2003-04-09 18:03 [Comm-en] Setting up internet sharing djbouley
@ 2003-04-09 19:03 ` Michael Shigorin
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Shigorin @ 2003-04-09 19:03 UTC (permalink / raw)
  To: Community-en

On Wed, Apr 09, 2003 at 12:03:58PM -0600, djbouley wrote:
> Okay that got the firewall's rules is going okay.  My other PCs on the 
> network, though, cannot seem to gain access to the Internet.
> 
> I have them configured to use a static IP, with addresses of
> 192.168.0.(2, 3, 4, etc.),  IP of network set to 192.168.0.1

(conceptually, that's _network address_, 192.168.0.0 -- but in
this exact case should make no difference)

> (eth1 on main PC), Netmask of 255.255.255.0, Broadcast address
> of 192.168.0.255, Gateway of 192.168.0.1 (eth1 on main PC).

Could you do the following on any client:

ping 192.168.0.1

tracert 81.222.130.6 (win)
/usr/sbin/traceroute or
/usr/sbin/tracepath 81.222.130.6 (linux)

then the same trace trace to ftp.altlinux.org?

What's the DNS setup on clients?

Does the following show activity on outer interface when you try
to do the tests from a client?

tcpdump -i eth1 | grep 81.222.130.6

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-04-09 19:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-04-09 18:03 [Comm-en] Setting up internet sharing djbouley
2003-04-09 19:03 ` Michael Shigorin

ALT Linux users (in English only)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community-en/0 community-en/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community-en community-en/ http://lore.altlinux.org/community-en \
		community-en@lists.altlinux.org community-en@lists.altlinux.ru community-en@lists.altlinux.com
	public-inbox-index community-en

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community-en


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git