glore Posted June 10, 2004 Report Share Posted June 10, 2004 (edited) Hello, Please, help me finding out the solution to this problem: One of my computers (Mandrake 10 Official release) accesses Internet through a Linksys router (eth0 card). This computer has a second card (eth1) which is connected to my second computer (win 98). When I share the Internet connection in Mandrake (through its wizard), it works fine but from there on I am not able to send files in Mandrake through messengers such as Kopete or aMSN. When I disabled my home network, I can send files again. In order to set up the router, I have to access this IP: 192.168.1.1 but when I enable my internal network, if I try to access, a message appears with the following text: "Connection refused by server". Until now, I arrived to the following conclusion: I think that Mandrake assigns the same IP (Static) to the LAN (192.168.1.1) so when I try to send files or if I try to access the router setup page, something crashes and it doesn't work. I tried to change this IP (for example to 192.168.1.13) but it didn't work either. I feel I am guessing because I don't really know what I should do. My objective is to have both things running (network + sending files/accessing the router's configuration page). I also did forward ports. Well, I hope this explanation is clear enough. If anyone can help me, I will really appreciate it. Thanks in advance. Edited June 10, 2004 by glore Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 10, 2004 Report Share Posted June 10, 2004 can you type as root (posting back results) ifconfig -a route iptables -nLv (check man iptables) and for good measure your /etc/resolv.conf (unless its REALLY REALLY LONG ... in which case 1st 10 lines use head 10 /etc/resolv.conf) Quote Link to comment Share on other sites More sharing options...
streeter Posted June 10, 2004 Report Share Posted June 10, 2004 Whoops Gowator- typo :) - that should be "iptables -nvL" - order is important in this case. Chris Quote Link to comment Share on other sites More sharing options...
glore Posted June 10, 2004 Author Report Share Posted June 10, 2004 Hello back and thanks for the help. Gowator, this are the results I get after typing the commands you were asking for. This is when my home network works ok but I can't access the Linksys router configuration page or send files through any messenger like, for example, Kopete. I use Mandrake 10 OE. Thanks again. I will be expecting your answer. ifconfig -a eth0 Link encap:Ethernet HWaddr 00:E0:7D:F1:9A:37 inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:7dff:fef1:9a37/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:838 errors:0 dropped:0 overruns:0 frame:0 TX packets:803 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:337202 (329.2 Kb) TX bytes:162161 (158.3 Kb) Interrupt:10 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:E0:7D:73:59:19 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:7dff:fe73:5919/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:205 errors:0 dropped:0 overruns:0 frame:0 TX packets:82 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:30191 (29.4 Kb) TX bytes:28034 (27.3 Kb) Interrupt:11 Base address:0x3000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1644 errors:0 dropped:0 overruns:0 frame:0 TX packets:1644 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:98670 (96.3 Kb) TX bytes:98670 (96.3 Kb) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1019 56812 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 626 315K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 93 16897 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 1 205 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 20 1420 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1019 56812 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 617 134K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 1066 53597 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain all2all (2 references) pkts bytes target prot opt in out source destination 57 25313 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 1038 32307 common all -- * * 0.0.0.0/0 0.0.0.0/0 1009 28284 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 1009 28284 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 1020 28560 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 99 15091 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW 61 8450 DROP all -- * * 0.0.0.0/0 192.168.1.255 0 0 DROP all -- * * 0.0.0.0/0 192.168.1.255 Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 1 205 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 135 19630 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 626 315K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 20 1420 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 20 1420 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 34 4263 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 93 16897 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 454 112K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 22 1320 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 141 20047 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (1 references) pkts bytes target prot opt in out source destination Chain loc2fw (1 references) pkts bytes target prot opt in out source destination 59 12634 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:6891:6900 5 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128 29 4023 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 20 1420 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (2 references) pkts bytes target prot opt in out source destination 1 205 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 139 19742 common all -- * * 0.0.0.0/0 0.0.0.0/0 8 224 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 8 224 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (1 references) pkts bytes target prot opt in out source destination 487 295K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:6891:6900 139 19742 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain newnotsyn (6 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (11 references) pkts bytes target prot opt in out source destination 1 60 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 99 15091 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 1008 28224 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination /etc/resolv.conf nameserver 200.49.159.69 nameserver 200.49.156.3 nameserver 24.232.0.21 Quote Link to comment Share on other sites More sharing options...
streeter Posted June 11, 2004 Report Share Posted June 11, 2004 (edited) eth1 (and your other PC) MUST have a different network number from eth0, eg 192.168.2.0 instead of 192.168.1.0 . Network number in this case is the first 3 numbers (octets) of the IP address. Your Linux PC will then be able to route packets between the 2 networks. So change eth1 to 192.168.2.1 and your Windows PC to 192.168.2.2 and it may all start working. leave eth0 alone. Phew - not awake enough to look through and follow all that iptables output, so do above first - if it doesn't work, we can look at the firewall then. Please post output of "iptables -nvL -t nat" if it doesn't work. Chris Edited June 11, 2004 by streeter Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 11, 2004 Report Share Posted June 11, 2004 Whew... Yep thats a fairly long IPtables output for 'default' When I share the Internet connection in Mandrake (through its wizard), it works fine but from there on I am not able to send files in Mandrake through messengers such as Kopete or aMSN. When I disabled my home network, I can send files again. Yep well the Mandrake wizard is pretty crap! It assumes ... if you have one interface it will be used for everything and creates a virtual if. Then it NAT's across the with input and output. When it finds TWO interfaces like you have it assumes that you wish to be a firewall which can give access to the internet but is blocked itself. All in all for some setitngs it works... for others it FUBARS! With all the messing about with MDK wizards I never worked out how to make it do both which is what you are trying to do. It is possible, I know someone who did its just the Mandrake settings are undocumented and they are impossible to fathom out with the shorewall documentation (the firewall it uses) because it uses it a very weird way. Now to get it working Like streeter says (and to be honest he knows more about this than me) you can never have your routes working while they are in the same subnet. If you MUST use both in the same CLASS C i.e. 192.168.1.n then you need to make a partial netmask. It CAN be done but its not the simplest to understand and this will have consequences setting up the sharing! By far the easiest way is like streeter says and change eth1 to a different network like 192.168.2.x This way your routes will be default 192.168.1.1 eth0 192.168.2.0 255.255.255.0 U 0 0 0 eth1 eth0 will go to the rounter and hence internet and eth1 the windows PC.. then dependent upon whatever is returned from iptables -nvL -t nat it should show how it send packets ACROSS eth0 to eth1 and back while translating the address. If you go to www.shorewall.net Running Shorewall on Mandrake® with a two-interface setup?If so, the documentation on this site will not apply directly to your setup. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a setup that matches the documentation on this site. See the Two-interface QuickStart Guide for details. Update: I've been informed by Mandrake Development that this problem has been corrected in Mandrake 10.0 Final (the problem still exists in the 10.0 Community release). Well follow the instructions if you want to keep using shorewall to do this. Its a nice frontend to iptables... and if you use their setup it works ! Quote Link to comment Share on other sites More sharing options...
arthurking Posted June 11, 2004 Report Share Posted June 11, 2004 I'm probably missing the point here! But, if you have a router (more than likely to have >=4 ports) wouldn't you connect both the computers to the router and let it do its DHCP and NAT all that stuff, rather than ICS(Linux or MS) Or is this an idealogical question, where linux HAS to be the Firewall/DHCP/NAT appliance? I ask this, not knowing his financial constraints and No. of computers v's No. of ports. etc. cheers Quote Link to comment Share on other sites More sharing options...
streeter Posted June 11, 2004 Report Share Posted June 11, 2004 I would rather have a windows PC masqueraded behind a (well set up) Linux firewall (double security!), but you do have a point, assuming the ports (or a hub/switch) are there, and this isn't a learning exercise/necessary. Why didn't I spot this much simpler answer??? Chris Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 11, 2004 Report Share Posted June 11, 2004 LOL, I kinda presumed there was a reason like it being a single ethernet router orbeig locked tot he mac address of the card or ... The internet connection sharing is a real dog anyway... ugly solution.... I guess Im the only one that bothers though!!! The shorewall settings on their quickstart are quite nice and a good way to set out learning Iptables (gee I really must one day) becuase they are documented and well explained... ultimately its better to make your own rules but i gotta lota readin to do first! Quote Link to comment Share on other sites More sharing options...
glore Posted June 12, 2004 Author Report Share Posted June 12, 2004 (edited) Here I am back. Thanks for all your efforts trying to help me solve this. I tried to change the IP to 192.168.2.0 but it doesn't matter the number I write, as soon as I set the network, I can't access the router configuration page and I can't send files through messengers. I disable the network and I can access the conf. page and can also send files with messengers. My router is a Linksys BEFSR11. As always, I will appreciate your help. What I really need is a step by step guide. :-) Edited June 12, 2004 by glore Quote Link to comment Share on other sites More sharing options...
streeter Posted June 12, 2004 Report Share Posted June 12, 2004 Read the posts again - you don't set the IP address to 192.168.2.0 - this is what is known as the network address - it describes the numbering policy for the entire network segment. Your IP addresses should be: eth0 192.168.1.104 eth1 192.168.2.1 windows 192.168.2.2 All subnet masks should be 255.255.255.0 Just as an exercise to make sure it is not Mandrakes wizards messing things up, don't use them to set the IP addresses - type the following as root: ifconfig eth0 192.168.1.104 up ifconfig eth1 192.168.2.1 up Once you have this set up, try typing (from both computers - leave out the "-c 4" on windows) ping -c 4 192.168.1.1 You should get an output similar to: 64 bytes from ap (192.168.1.1): icmp_seq=3 ttl=30 time=1.47 ms If this works, your network is OK. Next try accessing the router's set up - does it work now? If not, what command are you using? Let us know how you get on Chris Quote Link to comment Share on other sites More sharing options...
streeter Posted June 12, 2004 Report Share Posted June 12, 2004 PS - step by step guide: 1) Learn all about networking 2) Learn all about Linux 3) Set up your network :D Seriously, there are howtos out there on the net, but a little background knowledge goes a long way - a step by step guide is not really possible in a forum - we don't have the time, and each case is a little different... Chris Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 12, 2004 Report Share Posted June 12, 2004 a step by step guide is not really possible in a forum - we don't have the time, and each case is a little different... The shorewall documentation is a good start... also the LDP HOWTO-s theirs a short 8 page NAT HOWTO ... enough to get you running... however its rqther breif.. if I remember the IPtqbles HOWTO is 200 pages + its serious stuff .. hence like streeter says we can hardly write all of that on a forum... O Reilly TCP/IP is a good book ... but I cant type anymore with this damned french keyb its driving me mad !!! Quote Link to comment Share on other sites More sharing options...
glore Posted June 12, 2004 Author Report Share Posted June 12, 2004 Hello my friends and sorry for all the help I need. I promise to learn more about networking :D I did this streeter: a) In Mandrake (console), I typed: ifconfig eth0 192.168.1.104 up and then: ifconfig eth1 192.168.2.1 up When typing ping -c 4 192.168.1.1 I get the result you wrote in the computer with MANDRAKE. but when I type ping 4 192.168.1.1 in windows, I get a timeout message. If I leave things so, I can access the router's configuration page (typing 192.168.1.1 in mozilla) and I can send files through Kopete but computer 2 (windows 98) doesn't access internet. If I restart the computer, the lan configuration goes back to where it was before changing things with ifconfig (eth1 to 192.168.1.13). What I did in computer 2 is: network neighborhood, properties and there I choose tcpip and change the automatic configuration to 192.168.2.2 but there I don't know what else to do. Then when I type ping I tried changing Internet Explorer Internet options (LAN-advanced) and where it says HTTP I wrote 192.168.2.1 but I am not sure what to write there. What I really need is to be able to access internet from both computers. Until now, the only way my network works is: Using mandrake wizard: it configures eth1 to -for instance- 192.168.1.13 then I go to computer 2 (win) and add 192.168.1.13 in Internet Explorer (LAN- advanced-HTTP). There, I can access the web from both machines but I can't access the router and I can't send files through Kopete. Well, as always, thanks. Quote Link to comment Share on other sites More sharing options...
streeter Posted June 12, 2004 Report Share Posted June 12, 2004 Right - we are getting close now... Please follow carefully and post results - What you need to do now is to edit (as root) the file /etc/sysconfig/network-scripts/ifcfg-eth0. Change the IPADDR line to IPADDR=192.168.1.104 and save it. Then in /etc/sysconfig/network-scripts/ifcfg-eth1 do the same, but with IPADDR=192.168.2.1 , the line NETWORK=192.168.2.0 and BROADCAST=192.168.2.255 . This will save the settings across a reboot. In the windows network dialogue, the IP address should be 192.168.2.2 and the default gateway should be 192.168.2.1 . You shouldn't need to change anything in explorer - uncheck the Connections->Lan settings->use a proxy server box. Please don't change anything else for now - one step at a time, or this will get difficult for us... Reboot, and do an "ifconfig" to make sure the IP addresses are correct (eth0 192.168.1.104 & eth1 192.168.2.1). Windows should now be 192.168.2.2, and you should be able to "ping 192.168.2.2" and "ping 192.168.2.1" from windows. The next step is to allow Linux to forward packets for the windows box. Try a "ping 192.168.1.104" from windows - any good? If it works, try "ping 192.168.1.1" from windows. If this works, so probably will your internet connection. If not, as will probably happen, let us know, and we can go on to the next step. Chris Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.