ICS problem with a difference

[Havin_it]

Hello,

 

please believe I haven't posted on this overplayed issue lightly. I have been wrestling with it for days, and have tried both the 'ICS host setup' guidelines from the sticky, and flightcrank's recent post too.

 

My setup is similar to flightcrank's, except that my ICS client is not a separate computer but an emulator running Mac OS X in a window on Mandy. It has a fully-functional emulated Realtek RTL8139 NIC, which connects to a tap/tun interface called 'ppc' on the host. I'm not telling you this so you can tell me none of the howtos are valid, because they are - the only difference is that the ppc interface is not started at boot. Also have iptables on but shorewall OFF, because I think my router's firewall will suffice.

 

So, I followed the off-site howto (referenced in the sticky) to the letter, substituting wlan0 (the router/internet connection) for eth0 and ppc for eth1.

 

BTW, IPs are 192.168.1.1 (router), 192.168.1.2 (wlan0), 192.168.0.1 (ppc), 192.168.0.2 (Mac)

 

After the reboot and bringing up ppc, I found I could ping ppc but not the Mac which was 'Destination Host unreachable'. At this point the ifconfig info was as follows:

ppc       Link encap:Ethernet  HWaddr 00:FF:ED:36:A7:37
         inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::2ff:edff:fe36:a737/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:0 (0.0 B)  TX bytes:546 (546.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:30:BD:FC:0B:06
         inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::230:bdff:fefc:b06/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:426 errors:0 dropped:0 overruns:0 frame:0
         TX packets:596 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:94567 (92.3 Kb)  TX bytes:96114 (93.8 Kb)
         Interrupt:16 Memory:20800000-20801fff

 

and route -n

 

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 ppc
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0

 

and iptables

 

[root@PENGI robin]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 113 packets, 15645 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 332 packets, 23668 bytes)
pkts bytes target     prot opt in     out     source               destination
   0     0 MASQUERADE  all  --  *      *       192.168.0.2          0.0.0.0/0

Chain OUTPUT (policy ACCEPT 332 packets, 23668 bytes)
pkts bytes target     prot opt in     out     source               destination

[root@PENGI robin]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Then I tried flightcrank's approach. Now I can ping the Mac as well, and the Mac can ping as far as wlan0 but no further (not to the router or any internet address/IP). At this point the ifconfig is the same, and the rest:

[root@PENGI robin]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 98 packets, 24321 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 99 packets, 8003 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 83 packets, 6948 bytes)
pkts bytes target     prot opt in     out     source               destination
[root@PENGI robin]# iptables -nvL
Chain INPUT (policy ACCEPT 270 packets, 116K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
   0     0 ACCEPT     all  --  wlan0  ppc     0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
  61  4043 ACCEPT     all  --  ppc    wlan0   0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 340 packets, 73430 bytes)
pkts bytes target     prot opt in     out     source               destination

 

All else i can tell you is that this same config worked easily in Win, and also in a previous Linux setup where the internet connection was ppp0 (the dreaded Speedtouch). I guess the problem must be in iptables, but I'm pretty much at a loss about that whole issue (I never used Shorewall with the Speedtouch in the past either).

 

<deep breath> So, any ideas?

[Havin_it]

PS I don't remember the smileys in ifconfig, for that bit read B)

[spinynorman]

PS I don't remember the smileys in ifconfig, for that bit read B )

If you format it as code, it doesn't translate to emoticons - I've done it for you. :)

[Havin_it]

Thanks Mr spiny - I iz a foole.

 

I iz also still at a dead-end with this problem. Usually solve things myself by now but no such luck (GRRRR!)

[flightcrank]

unfortunately i my self have only been using mandrake for the past 2 weeks and it is my first experience using a operating system other than Windows.

 

so i can offer little help other than posting what has worked for me. these formus are unfortunately a little slow so hopefully this will bump your thread up and a linux guru may offer better help. I'm confident it cane be done !! so, hang in there.

 

you seem to have a innovative setup so once your get it working which I'm sure u will be sure to post how it was done so others can benefit. (because i want to try it ! )

 

good luck !