Guest turnbui Posted July 22, 2005 Report Share Posted July 22, 2005 Hello everyone. I have enabled pings to my Linux machine in Mandrake Control Centre. I don't have any Firewall in place and I used Chris Streets' How to turn your firewall off - just to be sure. BTW - Excellent site. I also enabled Pings in the Router though I suspect that only checks pings coming in from Internet and not local LANs - though I'm not certain of this. My setup is as follows [probably illegal though and thus my problem??] :- Internet connection comes into a D-Link D504T 4 port router. 3 ports are used by other people in the house who rightly don't want my Linux box in their way. I have my Linux machine connected via eth1 to 1 port of this DHCP router which uses subnet 192.168.1.0/24. The other NIC I have connected to an XP machine using STATIC IP using subnet 192.168.3.1 and the XP machine is set to 192.168.3.2. After a boot I do the following:- [to be automated when it all works] and the IWPCS.co.uk site educated me with this ifconfig eth0 down ifconfig eth0 192.168.3.1 ifconfig eth0 up iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE after the 3rd iptables command I can browse Internet and ping all the other machines from both Linux & my XP machine. I can ping my XP from my Linux BUT I cannot ping my XP box from any of the other XP machines Can anyone throw some light on this please? The other peoples' XP boxes do have ZoneAlarm firewall [ONLY] but we allowed the full range of both subnets. I want to go on to use Samba with a WINS server as Chris advised but I can't do this if I can't ping my XP machine from the other peoples' computers. ANY help / advice would be very much appreciated. Handfulls of my hair are missing already!! Following are the outputs that IWPCS site recomended to provide: [root@ian ian]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:04:0D:0E:30 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr: fe80::250:4ff:fe0d:e30/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4025 errors:0 dropped:0 overruns:0 frame:0 TX packets:3718 errors:0 dropped:0 overruns:0 carrier:0 collisions:58 txqueuelen:1000 RX bytes:565950 (552.6 Kb) TX bytes:2030861 (1.9 Mb) Interrupt:11 Base address:0xdc00 eth1 Link encap:Ethernet HWaddr 00:02:E3:21:3E:19 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::202:e3ff:fe21:3e19/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5759 errors:0 dropped:0 overruns:0 frame:0 TX packets:4762 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2476114 (2.3 Mb) TX bytes:713029 (696.3 Kb) Interrupt:10 Base address:0x8000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:239 errors:0 dropped:0 overruns:0 frame:0 TX packets:239 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:18849 (18.4 Kb) TX bytes:18849 (18.4 Kb) [root@ian ian]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 [root@ian ian]# iptables -nvL Chain INPUT (policy ACCEPT 3055 packets, 418K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 5834 packets, 2079K bytes) pkts bytes target prot opt in out source destination 367 290K ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 373 79083 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 1853 packets, 430K bytes) pkts bytes target prot opt in out source destination [root@ian ian]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 483 packets, 35509 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 56 packets, 7256 bytes) pkts bytes target prot opt in out source destination 37 1952 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 95 packets, 14308 bytes) pkts bytes target prot opt in out source destinatio Quote Link to comment Share on other sites More sharing options...
streeter Posted July 23, 2005 Report Share Posted July 23, 2005 Hi Ian This is a Windows question :) You will need to add the route to the XP box to the routing tables of the other XP machines. It goes something like route -p add 192.168.3.0 mask 255.255.255.0 192.168.1.3 The -p makes it persistant. route print displays the routing table Chris Quote Link to comment Share on other sites More sharing options...
Guest turnbui Posted July 23, 2005 Report Share Posted July 23, 2005 Yee-Hah. Magic Chris - worked like a charm. Can ping without problem. Totally thanks. And now:- Now for the shares. As an aside and fyi [its probably Windows again!?]. The other XP's can get as far as my Linux. They can see my XP in "View Workgroup computers" but can't get in to see the shares. My XP can see their machines but can't get into see the shares. My Linux however, is all seeing. I'm using Samba with wins support = yes and I've turned off the XP's ZoneAlarm..... But that's another story to investigate. At least now I can ping I've got a fighting chance. Nice one. Cheers Chris Ian T. PS. Do I mark this thread as Solved somehow. I don't see where I could do this. Quote Link to comment Share on other sites More sharing options...
Guest turnbui Posted July 24, 2005 Report Share Posted July 24, 2005 Chris in case yu don't come back to this I'll send you a draft of the wip HOW-TO on how we managed to get this 2 subnet working. Please trash it if you can't use it. Thanks for taking the time to steer me in the right direction Ian T iptables_ian.txt Quote Link to comment Share on other sites More sharing options...
santner Posted July 31, 2005 Report Share Posted July 31, 2005 I don't have any Firewall in place and I used Chris Streets' How to turn your firewall off - just to be sure. Can someone give me this link...this might help with an issue I have been having. Thanks! Quote Link to comment Share on other sites More sharing options...
Guest turnbui Posted July 31, 2005 Report Share Posted July 31, 2005 www.iwpcs.co.uk yes, really good Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.