Jump to content

MCC - Internet Connection Sharing


Gowator
 Share

Recommended Posts

I'm getting really tired of people asking for help on the Internet connection sharing in the MCC and not being able to help.

 

Or let me put it another way.....

noobies keep trying it and once theyve tried it the only way I know how to fix it is starting from scratch... downloading the pppoe stuff and the shorewall configs...

 

 

Does anyone have documentation for this ???

I can't find a FAQ on the subject nor have I tried it since 9.1 and even that was the most negative of experiences.

 

What I know is from observing the effects as opposed to knowing what its doing, does anyone have a clue??? This is my interpretation, Im ready to be corrected!!!

 

In short, it seems that using the Network and internet wizard will install a virtual NIC which is eth0:9 (usually)

 

It sets up and uses shorewall to pass the traffic ....

It sets up the tmdns server to allocate DHCP addresses on the other interface.

 

My 9.1 experience was if you select pppoe it tries to find the packages on the Cd or wherever urpmi is set but this appears hard coded, it still looks for the packages on CD1 everytime.

 

If you install pppoe and change your mind (i.e its not working for you) then you end up having to deinstall pppoe manually becuase the wizard won't let you change, I haven't tried this since 9.1, perhaps its changed.

 

If you have a second NIC it seems to make a real mess.

 

My experience was I could set up the gateway as a gateway ONLY, that is other PC's could access the internet through it but it blocked itself. Or I could use the single interface solution.

 

The setup as I had it in 9.1 did what it was meant to do if you were trying to do the right thing!!!!

Actually changing it was pretty challenging due to Mandrakes rather strange set-up.

 

Shorewall documentation and the Mandrake config is pretty much mutually exclusive unless your a REAL expert on IPTABLES.

 

I can't find the documentaiton for this ANYWHERE.... Im I blind or just looking in the wrong places....

 

Surely the process is documented SOMEWHERE or someone has actually worked out what its doing.

 

It would be nicer to pick up the pieces when the MCC doesn't work as expected than delete everything ..... and it seems to work OK in certain cases ....

You only have one NIC and you want access for yourself and other PC's OR you have two NIC's but you just wanbt one to be a firewall/router.

 

Lets try and clear this up......

I keep saying its undocumented waiting for a flame....

To be honest I want to be proven wrong......but in a year noone has! So Ive almost given up.

 

Look one last try.....

If you use the Mandrake Control centre Internet connection wizard your hair will turn grey and fall out!!!

 

:devil: Please someone refute that and provide something in the way of documentation....

Link to comment
Share on other sites

Link to comment
Share on other sites

Found this:

For connection sharing you will need to have a router or one twin interface system which could be anyone of these.

 

For sharing purposes you will need to use Samba. For sharing purposes Samba configuration is very easy just change a few parameters in /etc/samba/smb.conf e.g.

 

Change the workgroup name to something you like (its the first option)

Change the security option to share.

Create a share in linux with following paramaters

 

{Shared]

comment = Shared on MAndrake

path = "Path you want t o share"

public = yes OR guest ok = yes

 

Come to the prompt and type testparm

If there are no errors you can just

#/etc/rc.d/init.d/smb restart

 

All this has to be done as user : root

Link to comment
Share on other sites

Still looking for documentation of any kind!!!

anon, it appears the config works without the firewall (or more specifically without Internet Connection Sharing)

So it looks like another firewall prob.

 

Im tenatively asking them to read the shorewall docs. but I don't know if I have time to walk them through this week...

volunteers ?? or even better how to fix it without overwriting the mandrake config completely with the shorewall one.

Link to comment
Share on other sites

thats a good point anon....

I ended up using shorewall by default.

My first impressions of it were BAD. Complete pile of junk....

I was ready to give up and look at others BUT on a whim checked out the shorewall website.

 

What really impressed me was the documentation.... and after reading the Mandrake Users read this part I thought, heck give it a chance...

 

10 minutes later it was working.... (after a week with the MCC)

10 minutes after that I'd used Webmin to config it a bit better using the documentaiton and I was impressed.

 

But, I went from this straight to using WebMin firewall which is just another IP tables front end. This also works fine, once you read the documentation for shorewall, it even makes sense.

 

My prob is I don't really know what the mandy config does, I just know its weird and not intuitive like the forewall easystarts. In 9.1 at least there were a few endless loops in the wizard and a few 'features' lile once you chose pppoe you can't change it with the wizard later, not to mention it keeps insisting on Cd1....

 

I think we need to decide as a board (preferably by access to documentation) just what the wizard works for and what it doesn't before telling users to use it.

Its probably fine for 75% of users, those with a single PC to access the internet and no internal NW, but it really doesn't seem compatible with the others....

Link to comment
Share on other sites

If I understand well, you want a doc about what the DrakeGw Wizard does so you can customize your setup and/or be able to change the setup and/or be able to destroy a previous setup and start a new one. correct ? I had the same trouble: difficult to know what DrakeGw does and undo what it does.

/var/log/message was some help for me as I use to install Mandrake with the minimum of packages. So I could see what DrakGw had to installs:

Iptable, Bind, dhcpd, shorewall.

Remove all that and reinstall tmdns may clear all afaik.

Well, I think you thought of that before me.

But in fact, we shouldn't care about what DrakeGw does. Just care it does what is needed. If you can't change the setting, or if the setting is wrong or you can't delete connection sharing, that's a bug imho: DrakeGw is unable to do what it should be able to do.

For example, if file sharing with Samba is installed on the server, DrakeGw shouldn't lock it.

Ok, if you want to code to help Mandrake to fix the bugs, you need the docs.

Else just need to report the bugs. For ML9.1 it's a little too late ;) So why not test 10.0 Beta or RC ? I know, it's time consuming :( (Personally I'm giving up for a moment: I'm just not fast enough).

 

by

 

roland

Link to comment
Share on other sites

If I understand well, you want a doc about what the DrakeGw Wizard does so you can customize your setup and/or be able to change the setup and/or be able to destroy a previous setup and start a new one. correct ?

 

Yes and no....

Yes I want the doc but the wizard doesn't work for me so I gave up using it...

The reason I want it is for everyone, inparticuar when trying to help people who used it and it went wrong!!!

 

I had the same trouble: difficult to know what DrakeGw does and undo what it does.

/var/log/message was some help for me as I use to install Mandrake with the minimum of packages. So I could see what DrakGw had to installs:

Iptable, Bind, dhcpd, shorewall. 

Remove all that and reinstall tmdns may clear all afaik.

Well, I think you thought of that before me.

Well, yes and the actual interfaces as well, as a minimum the virtual interfaces...then recreate the scripts in /etc/networking by hand etc.

 

But in fact, we shouldn't care about what DrakeGw does. Just care it does what is needed.

Well I don't really agree. On principle it discourages learning and understanding.

and this comes into the practical reason.....

 

Its limited as are any graphical press next button wizards......

Its do this then what for this etc...

It doesn't give flexibility, what if you want to configure the wireless ??? etc.

What if you have two interfaces and still want access to the internet from that PC ??

 

Basically at this point you need some advanced customisation.... either by hand or webmin etc. In fact this applies to practically all the cases where it doesn't work....

The problem is that if you don't know what its done how to back it out and redo it from first principles ??? In other words it needs an undo button !!!

 

If you can't change the setting, or if the setting is wrong or you can't delete connection sharing, that's a bug imho: DrakeGw is unable to do what it should be able to do.

For example, if file sharing with Samba is installed on the server, DrakeGw shouldn't lock it.

I agree but its not a bug to Mandrake becuase they have the opinion if it works for 75% of customers then its not a bug. In fact they use it as an excuse!!

The Samba case is an example....

 

Of course drakGW doesn't touch Samba, in fact it doesn't even check to see if its being used. But the Mandrake response is something like 'drakGW is for home users who wish to share their internet conenction and these users are unlikely to be using SAMBA. ' To me this is just defeatung the object of using linux in the first place.

 

Ok, if you want to code to help Mandrake to fix the bugs, you need the docs.

Else just need to report the bugs. For ML9.1 it's a little too late ;) So why not test 10.0 Beta or RC ? I know, it's time consuming :( (Personally I'm giving up for a moment: I'm just not fast enough).

 

Ive given up trying to help Mandrake fix bugs.... I gave up back in 9.0RC2....

One reason for this is half of the stuff is already done but Mandrake choose NOT to use it. Shorewall is an example....

If Mandrake make such a weird shorewall configuration Mandrake should document it. The shorewall quickstarts ARE documented and DO work and ARE understandable enough to customise yourself.

What would i do to submit a bug fix ???

The problem is the 'bugfix' already exists....

 

Its the 'official' shorewall config's ... BUT Mandrake took a decision to make their own configs compatible with the wizard.

This decision has been taken and (I know you will understand this, the angloSaxons probably won't) probably went through 3 comitees and 10 development comitees in Mandrake ....

Technically no one asked .... Im sure the devlopers did but they just got told to shut up because noone was asking them since this is a marketing decision.

 

Its passed... its done and set in concrete....Mandrake will never change it any more than they will ever disable supermount by default.

WHY

Because basically someone had the bright idea, pushed it through a comitee against technical advice and is now defending a bad decision.

 

 

All I can do is help people who end up here, usually after the wizard doesn't work for them... and try and discourage other helpers here from suggesting it as a first try without first checking it will work for the configuration in question becuase if it doesn't work it presently is a pain to undo and since the removal of linuxconf as being compatible with Mandrake (9.2) there is no easy way to help them except doing it all by hand....

The nature of the problem (no internet) makes this a damned hard topic to support ...since if they try something and have no internet they can't post back!!!

Link to comment
Share on other sites

The wizards in MDK control centre are pretty poor, always have been. Just like. the installation wizard itself, it tells you all is OK but often it isn't. How many posts do you see where people say that after installing MDK they can't get this or that to work, then they reinstall and its often fixed......even though the installation wizard said all was OK.

The wizards in MCC are even worse, only a handful of options, you need to launch it a console to really know whats going on, often the wizard says OK, but the console tells a different story. Thankfully i rarely use the wizards myself, but for newbies the wizards have a long way to go yet.

On the shorewall subject, i found that when i was running it, the easist way for me was to disable shorewall, set up the network stuff first and then enable the firewall, a bit back to front but it worked.

BTW the server has a great firewall, easy to set up and run, its childs play, not really meant for desktops, but hey why not.

http://projectfiles.com/firewall/

Link to comment
Share on other sites

anon, i think thats what Im saying....

I just noticed how many posts we get that start off with i tried to use the wizard for .......

 

These are the ones that tend to run to 15 pages!!!

 

However, if we can't actually get the documentation we can at least as a board divide the task. Like you I don't use them.... but I still try and help everyone...but recently being busy I noticed a reticense in myself to actually get involved in what will end up being pages of stuff.

 

I don't mind even starting from the source code or even a sh -x but Im not doing it for me, Im doing it for the poor lost noobies ....then at the end we need some FAQ and the people trying to be helpful checking first if the wizard will work in that situation!!!

Link to comment
Share on other sites

anon, i think thats what Im saying....

I know, i was just agreeing with you and adding my two pennies worth.

Maybe you should put a post in forum discusion about this. See if you can get some others here to help you with Docs and an FAQ.

Link to comment
Share on other sites

But in fact, we shouldn't care about what DrakeGw does. Just care it does what is needed.

Well I don't really agree. On principle it discourages learning and understanding.

Hem, Linux already has the market of those who want to know and understand. Tiny market. The future is Linux on the box of those that just want to use it.

 

...

Its limited as are any graphical press next button wizards......

Its do this then what for this etc...

It doesn't give flexibility, what if you want to configure the wireless ???  etc.

What if you have two interfaces and still want access to the internet from that PC ??

 

Basically at this point you need some advanced customisation.... either by hand or webmin etc.  In fact this applies to practically all the cases where it doesn't work....

 

I think I understand: at the beginning there was no Wizard. So you do all by hand.

Then comes a Wizard. A simple one. But as you know, with 20% of the effort you generally do 80% of the job. That's where Mandrakes wizard are now. It worked for me at home and on my little company: An internet connection server, and DHCP server. Not bad for an ignorant like me ? I've just had to click next.

For more specific configuration, well that's the 20% specific case that may require 80% of the effort. Not ready yet, so you are like before: do it by hand.

 

The problem is that if you don't know what its done how to back it out and redo it from first principles ???  In other words it needs an undo button !!!

 

That's it. The real trouble is: the Wizard didn't worked for you needs, ok. But now, doing your setup by hand, the old way, will be even more complicate than if you haven't run the Wizard at all because there is no way to undo what it does

I've installed ML10.0 Beta 2, the Wizard were not finished, but it seemed that Mandrake understood that. The Wizards look well done. You can Add a connection, Delete a connection, Modify a connection, Display a connection setup. All we need.

 

(I know you will understand this, the angloSaxons probably won't)

No I don't understand: I always worked on little company.

 

...probably went through 3 comitees and 10 development comitees in Mandrake ....

 

Well, not bad to talk a lot before taking a decision and once it's decided everybody have to support it and better not change mind too easily.

 

Technically no one asked .... Im sure the devlopers did but they just got told to shut up because noone was asking them since this is a marketing decision.

 

That' the problem. That reminds me a thread where we were talking about managers without technical skill and worse that has no respect for technical skill.

But I doubt it's Mandrake's case now they had fired a lot of managers.

 

The nature of the problem (no internet) makes this a damned hard topic to support ...since if they try something and have no internet they can't post back!!!

yep, agree, they should be very, very careful about internet connection.

 

roland

Link to comment
Share on other sites

Roland, i added a request like anon said.

Honestly it doesn't bother me for my config because I don't use them....

However, since they have a potential for disaster (although Im typing this in 10RC1 and they seem to have seperated it out a bit better) we should find the 20% of cases where it isn't desinged to work and have at least a FAQ before someone presses it.

 

Im only really interested in order to help others.... so it seems a good idea to divide the work of documenting the process from the source code.

Link to comment
Share on other sites

If you want help with getting the Mandrake wizard working, good luck, I also gave up on it a long time ago. However, what I might be able to help with if you are interested in going down this route, is coming up with some short iptables scripts that to cover most situations. Or for those who don't even want that level of complexity it should also be fairly straightforward to write a small bash or perl script to set everything up. I guess what I'm proposing is to write an alternative wizard.

 

To do this I would need to know what sort of situation we are talking about. I imagine, one or two network cards and/or one ppp connection (ADSL or modem). The script would set up a firewall blocking everything from the internet with a set of questions asking whether various services should be made available to the internet (www, ssh and a few others) but letting everything be available to the non-internet connection.

 

The script would assume a working internet connection that was active when it was run and would work out the internet interface from this. It would report and error and exit if there wasn't one. It could also be setup to uninstall shorewall and iptables (if necessary) and then install iptables and then check for an internet connection, as an option e.g. by asking have you tried to install internet connection sharing.

 

Would something like this be what you are looking for?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...