MDK 9.0, Internet Connection Sharing and Shorewall...

[Guest deputyjim]

I've been trying to get my network going for about two days straight now without success. I've read lots and lots of other help material, again and obviously without success. I have a linux box acting as a router. There's two properly configured ethernet cards aboard, eth0 and eth1. It's connected outbound to a cable modem (eth0) and internally to a laptop running WinXP. I've gone through the wizards of the Control Center (about 50 times) and I've had to reset the firewall each time to off (why can't those settings stick?) They can see each other by pinging and even in Samba (although I haven't figured how to log into the WinXP machine yet - but I'll worry about that later. (Side note: I installed MDK earlier this week and I had ICS running -- somehow). I then installed RH just to see the difference. When I couldn't get ICS working on RH, I thought I'd come back to MDK, but then failure.

 

The problems is, no traffic (other than pinging the the linux host) will get to the outside world. I suspect it has something to do with the firewall (shorewall), which I tried to disable, but it takes ICS along with it. So I modified the shorewall rules file per this forum, but still no-go. Here's ifconfig and route data:

 

eth0 Link encap:Ethernet HWaddr

(MAC Addr)

inet addr:68.#.#.# Bcast:68.#.#.# Mask:255.255.248.0

UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1

RX packets:62833 errors:0 dropped:0 overruns:0 frame:0

TX packets:29952 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:79460637 (75.7 Mb) TX bytes:2275149 (2.1 Mb)

Interrupt:9 Base address:0x1800

 

eth1 Link encap:Ethernet HWaddr 00:50:BF:E4:C8:F7

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:450 errors:0 dropped:0 overruns:0 frame:0

TX packets:297 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:47943 (46.8 Kb) TX bytes:74717 (72.9 Kb)

Interrupt:11 Base address:0xb400

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:401 errors:0 dropped:0 overruns:0 frame:0

TX packets:401 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:38480 (37.5 Kb) TX bytes:38480 (37.5 Kb)

 

192.168.1.0 * 255.255.255.0 U 0 0 0 eth1

68.#.#.# * 255.255.248.0 U 0 0 0 eth0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default ubr02-a-rtr.how 0.0.0.0 UG 0 0 0 eth0

 

I really appreciate the participation of all the members here, especially the extremely knowledgeable ones. I've gotten pretty far on my own my merely lurking and learning. Thanks in advance for the help.

 

Jim

[Guest Kamikaze_Gerbil]

Perhaps instead of shorewall you should try Guarddog

 

http://www.simonzone.com/software/guarddog/

 

or Firestarter

 

http://firestarter.sourceforge.net/

[Guest barmalini]

Jim,

I got exactly the same problem with my system.

Router- MDK linux box, client- Toshiba Satellite 4600.

I tried obviously everything you do but nothing worked before I changed IP of eth1

from 192.168.0.1 to 192.168.1.1 !!!!

Voila, since then Shorewall works like a charm.

 

To my opinion it's a bug of Shorewall so I hope same trick will work for you.

Success.

Taras

[phunni]

I had a similar problem and now I use firestarter instead of shorewall. If you go with firestarter or similar you will have to turn shorewall and internet connection sharing off. Firestarter is capable of ip masquerading, so it can share your internet connection for you.

[Relic2K]

I did manage to get ICS working with MDL 9.0, but when I go to disable shorewall, everything dies on me. I would perfer to use Guarddog, it is much more fexible overall. Does anyone know if this can be done ?

[MottS]

Everything dies on you because Shorewall, by default, isn't configure to allow networking when it is shutdown. This means that no one is allowed to access the net (or anything similar) when Shorewall is OFF. Either leave it ON or teach it to something else adding the following in /etc/shorewall/routestoped and restart Shorewall (service shorewall restart):

From www.shorewall.net

/etc/shorewall/routestopped defines the hosts that are accessible from the firewall when the firewall is stopped. Columns in the file are:

INTERFACE - The firewall interface through which the host(s) comminicate with the firewall.  

HOST(S) - (Optional) - A comma-separated list of IP/Subnet addresses. If not supplied or supplied as "-" then 0.0.0.0/0 is assumed.  

So in the case where your firewalled machine has 2 Ethernets interfaces (1 for the ADSL or cable and the other one is connected to the LAN), you can enter the following

ppp0	-

eth0	-

eth1	-

 

Hope this help

 

MOttS

[Relic2K]

Thanks MottS. I think that did the trick. I needed to keep the connectivity there without the firewall in order to trouble shoot my apache server. I should know shortly if it holds up. What happened was that I maintained connectivity, but the ICS Clients lost their connection.

[Relic2K]

MottS;

Disregard my last, I am back on my router and apache is working now, turns out what was screwing apache up was the hostname I was using. Not sure why, but everything is running great now that I am no longer using the no-ip.org hostname. I am also back to using Guarddog. Thanks for the help though.