[ale] linux gateway...? simple question?

Transam@cavu.com transam at cavu.com
Tue Nov 13 15:02:28 EST 2001 

Mark Hurley <debian4tux at telocity.com> wrote:

> Ahhh....you did mention your kernel.  You need to configure
> masquerading on your linux box.  And your 2.4 kernel uses iptables.

2.4 allows using either IP Tables or IP Chains.  Whichever of these two
kernel modules gets loaded first will cause the other to be locked out.
You can switch between them without rebooting.

The 2.4 IP Chains implementation has almost everything that 2.2 IP Chains
has except for Port Forwarding.  (You can use a user-level program to
eorward TCP traffic.  Port Forwarding UDP (e.g., DNS) cannot be done but
a caching-only DNS server can solve this problem (don't run named as root,
though!)

IP Tables has different semantics than IP Chains that are non-trivial to
change to for complex rule sets and people forget that IP Chains has
some statefullness for popular protocols such as Active FTP, Real Audio,
and Quake.

> You can go to linuxdoc.org...plenty of docs there.

> This *may* work for you...(see if I can pull this out of the bag'o
> tricks)


> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE


> If it doesn't work...you have a starting point.  Btw...here's another
> link on iptables:

> http://www.linuxguruz.org/iptables/

> Good Luck!

> Mark Hurley


> On Mon, Nov 12, 2001 at 12:16:24AM -0500, Christopher Bergeron wrote:
> > Hi guys, I'm having a bit of a prob. I'm hoping is easy to resolve.  I
> > finally got my cablemodem on Saturday (w00 h00!).  Well, I can get out fine
> > with my linux box.  I'm trying to set my girlfriends windos machine up to
> > get internet via my linux box/cablemodem.
> > 
> > Background:
> > a) linux box gets out(internet) fine on eth1; DHCP, gets DNS from provider,
> > etc.
> > b) win box is connected to linux box on eth0 (via hub)
> > c) win box has linux box set as gateway machine.
> > d) win box has static ip assigned to it.
> > e) win box has DNS set same as linux box's DNS
> > f) IP_FORWARD = YES is set in /etc/sysconfig/network on linux box
> > g) win box can ping linux box(eth0) fine.
> > h) win box CAN'T get internet via hostname _or_ IP addy.
> > i) default route on linux box is ISP/CABLEMODEM;
> > 
> > what am I doing wrong?  Do i need a route for the 192.168 (internal) net to
> > send packets over to the 24.88.(external) interface?  I thought forwarding
> > would did this...  My kernel is 2.4;
> > 
> > My routing table has:
> >   my external network 	(24.88.22.0) 	eth1
> >   my internal network 	(192.168.0.0) 	eth0
> >   my loopback 		(127.0.0.0) 	lo
> >   my default gw 		(24.88.22.1) 	eth1
> > 
> > If anyone needs any more info, I can gladly provide it.  I'm at my wits end
> > on this, and I fear that I've done something stupid that I just can't see.
> > 
> > If anyone can provide me with any leads, I would greatly appreciate it!!!
> > 
> > TIA,
> > CB

Bob Toxen
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
http://www.cavu.com
http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list