Wizard problems, proxy works fine

[Guest olaf777]

This has probably been covered somewhere, but I can't find it and have tried nearly all the HOWTO's.

 

I want my MDK 10 box to be a server in my small office for a bunch of windows machines. I have set up a print server, am using Samba, and have Squid going. But getting over the final hurdle of full internet serving has had me tearing my hair out.

 

I have 2 network cards, exactly the same kind. eth0 is connected to the lan via the switch. eth1 is connected to adsl modem. I have used the MCC wizards, and so far am able to access the net using the proxy server from the other machines, but I suspect proper masquerading is not happening, because I can't send e-mail, connect to MSN messenger or use Kazaa.

 

Here is my ifconfig output:

eth0 Link encap:Ethernet HWaddr 00:08:A1:63:A0:A1

inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0

inet6 addr: fe80::208:a1ff:fe63:a0a1/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:4202 errors:0 dropped:0 overruns:0 frame:0

TX packets:4025 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2759031 (2.6 Mb) TX bytes:1917974 (1.8 Mb)

Interrupt:11 Base address:0x1e00

 

eth1 Link encap:Ethernet HWaddr 00:80:AD:6C:24:DC

inet6 addr: fe80::280:adff:fe6c:24dc/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3824 errors:0 dropped:0 overruns:0 frame:0

TX packets:4820 errors:0 dropped:0 overruns:0 carrier:0

collisions:1 txqueuelen:1000

RX bytes:2076828 (1.9 Mb) TX bytes:665248 (649.6 Kb)

Interrupt:10 Base address:0x9f00

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:1318 errors:0 dropped:0 overruns:0 frame:0

TX packets:1318 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:2365063 (2.2 Mb) TX bytes:2365063 (2.2 Mb)

 

ppp0 Link encap:Point-to-Point Protocol

inet addr:165.165.85.168 P-t-P:165.165.80.1 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1

RX packets:3718 errors:0 dropped:0 overruns:0 frame:0

TX packets:4710 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:3

RX bytes:1988379 (1.8 Mb) TX bytes:554883 (541.8 Kb)

 

I have tried to use the wizards as much as possible, just so I can be sure everything stays the same. Anyway, I tried enabling ipv4_forwarding in the sysctl.conf file, that didn work. I tried disabling shorewall, didnt work. I tried creating a huge whol in the firewall by enabling everything, didn work. Any ideas please? I don mind getting my hands dirty with the config files, but I have been working on this problem for 2 months now.

 

Essentially I can access net from Linux box fine, but from clients going through the box, only the proxy works. I can't ping, send receive mail etc.

 

Thanks in advance.

Edited August 18, 2004 by olaf777

[Guest olaf777]

I've seen the wizards mess things up in MDK 10. Should I reinstall Mandrake? And then set everything up manually? Because it seems like no matter what settings I change it refuses to route.

[streeter]

You should be able to recover it :)

 

Try Typing this as root:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING 1 -o ppp0 -s 192.168.10.0/24 -d 0/0  -j MASQUERADE

 

If it works, put it at the end of /etc/rc.d/rc.local. if you get an error, install iptables (urpmi iptables).

 

You will also have to point the LAN PCs to a valid nameserver.

 

Have you looked at the sticky post at the top of the networking forum?

 

Chris

[Guest olaf777]

Ok, you're a genius.

 

Unfortunately restarting Shorewall killed it. So I typed it again after Shorewall started, and it works again. Do you know where the settings are in shorewall that would do the same thing?

 

I have read the sticky post, and couldn't get that to help me. And I have set my clients to use the server as its nameserver (DNS) and it seems to be working.

 

Only problem I can find now is being unable to ping the net from a client. My Shorewall policies are basically wide open.

Edited August 18, 2004 by olaf777

[streeter]

Just use the wizard to set shorewall up as normal, and put the iptables commands in /etc/rc.d/rc.local - they will add to the netfilter firewall rules after shorewall is started on each boot.

 

Sorry - I don't use shorewall, so don't know the config for it, but bear in mind that all shorewall does is manipulate netfilter then exits - the same as iptables does, but is supposed to be more user friendly.

 

Chris

[Guest olaf777]

Thanks a lot, you've helped me stacks. About the ping issue, some sites it pings no problem, and others it just times out. Wierd, but I'll figure it out. Thanks again.