Jump to content

ICS help

Guest c_m_f

By Guest c_m_f
in Networking

 Share

Recommended Posts

Guest c_m_f

Guest c_m_f

Posted
Posted

Basically im pretty stuck now, i configured ics using MCC and it doesn't want to work, i can ping each computer but no websites from the client, i added stuff to my dhcpd.conf file after reading some posts but to no avail !

 

heres my dhcpd.conf:

 

ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {

# default gateway

option broadcast-address 192.168.0.253;

option routers 192.168.0.1;

option subnet-mask 255.255.255.0;



option domain-name "homeland.net";

option domain-name-servers 212.50.160.100, 213.249.130.100;



range dynamic-bootp 192.168.0.16 192.168.0.253;

default-lease-time 21600;

max-lease-time 43200;



option routers 192.168.0.1;

option ip-forwarding on;



authoritative;

}

 

and my hosts file:

 

127.0.0.1  localhost.localdomain localhost

192.168.0.1  rubarb.home rubarb

192.168.0.2  custard.home custard

 

and my resolv.conf:

 

# search localdomain

# search home

search home 

nameserver 192.168.0.1

nameserver 212.50.160.100

nameserver 213.249.130.100





# ppp temp entry

nameserver 212.50.160.100 # ppp temp entry

nameserver 213.249.130.100 # ppp temp entry

 

any help please?

Link to comment
Share on other sites
MottS Mandriva Guru

MottS

Posted
Posted

Hi

 

I don't know if that can help you but ..

 

I used the ICS wizard in the MCC quite a few times and never got a problem. Actually I used it to share the net on my LAN. My computer and the one of my wife access the net from my server that is running MDK 9.0.

 

If I would be you I would run it a second time making sure you answer all the questions. Make sure your net and you LAN are really on the interface you specify to the wizard (ie eth0 = internet and eth1 = LAN .. or there way around). Also, don't stop the firewall if you want it to work because it is not going to work for sure. Shorewall (the firewall that is installed by the ICS wizard), stop all the network activity when it is shutdown. There is ways to prevent it but as a first guess I would just not stop it. Finally, make sure the computers on your LAN are configured to be given an IP from a DHCP server.

 

My server gives an IP to a Mac (OS X) and to my computer (Dual boot Gentoo and XP) and the tougher to configure was really XP. The Mac and my Gentoo machine detected they were connected to a DHCP server right away but I got some problem with XP (That's M$ shit you know). So play with the setting for some time if you use one of those boxes.

 

Hope this help

 

MOttS

Link to comment
Share on other sites
Steve Scrimpshire Mandriva Guru

Steve Scrimpshire

Posted
Posted

Also, your range inside the subnet is:

 

range dynamic-bootp 192.168.0.16 192.168.0.253;

 

and 192.168.0.2 is not in that range, so it doesn't use that config. Try moving 

option broadcast-address 192.168.0.253;

option routers 192.168.0.1;

option subnet-mask 255.255.255.0;



option domain-name "homeland.net";

option domain-name-servers 212.50.160.100, 213.249.130.100;

option routers 192.168.0.1;

option ip-forwarding on;



authoritative;

 

All of this out of the subnet declaration to make it global.

Here's my /etc/dhcpd.conf:

# dhcpd.conf

#

# Sample configuration file for ISC dhcpd

#

ddns-update-style none;

option broadcast-address 192.168.0.255;

option subnet-mask 255.255.255.0;

option netbios-name-servers 192.168.0.1;

option routers 192.168.0.1;

option domain-name "omarserenity.home";

option ip-forwarding on;









# option definitions common to all supported networks...

option domain-name "omarserenity.home";

option domain-name-servers 205.171.3.65, 205.171.24.251;



default-lease-time 1600;

max-lease-time 7200;



# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

authoritative;



# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).

log-facility local7;



# No service will be given on this subnet, but declaring it helps the 

# DHCP server to understand the network topology.



subnet 192.168.0.0 netmask 255.255.255.0 {

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.0.255;

option routers 192.168.0.1;

option domain-name "omarserenity.home";

option ip-forwarding on; 	 

  	 

}





host laluna {

 hardware ethernet 00:20:78:F0:2A:25;

 fixed-address 192.168.0.2;

 option broadcast-address 192.168.0.255;

 option routers 192.168.0.1;

 option domain-name "omarserenity.home";

 option ip-forwarding on;

}

Link to comment
Share on other sites
MottS Mandriva Guru

MottS

Posted
Posted

Shorewall is really simple man. You can't imagine how it is simple when you take time to read the config files.

 

Shorewall works in zone. You lan is MASQ, your firewall is FW and the internet is NET.

 

/etc/shorewall/policy is the general setup. If you want your lan to access the net then write 'masq net accept' in that file. If you want your firewall to access the net then write 'fw net accept'. Here is mine.

 

masq    net     ACCEPT

fw      net     ACCEPT

net     all     DROP    info

all     all     REJECT  info

 

/etc/shorewall/rules is the exeption of /etc/shorewall/policy. Ie, if you bloc all the request from the net to the firewall or the lan and you want to run Apache for instance, then you have to specify this in this file. If you want to open port 80 of your firewall running Apache then enter 'ACCEPT net fw tcp 80 -' in the rules file. If you want to run eDonkey and MSN (file transfer) on a box having IP 192.168.1.100 on your lan, then forward all request made to these ports to that machine by entering 'DNAT net masq:192.168.1.100 tcp 4662,6891:6900 -' in the config file. Here is mine:

 

# ===============================POUR APACHE ==================================

ACCEPT  net     fw      tcp     80      -

# ===========================POUR LES PORTS LOCAUX ============================

ACCEPT  masq    fw      tcp     22,5900 -

ACCEPT  masq    fw      tcp     domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    -

ACCEPT  masq    fw      udp     domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    -

# ====================TRANSFÉRER CES PORTS DU NET A MON ORDI===================

DNAT    net     masq:192.168.1.100      tcp     4662,6891:6900  -

 

This is the only files I had to modify in /etc/shorewall to be STEALTH on all security test.

 

Also, at the beginning of each files in /etc/shorewall, there is an explanation in plain english saying what the file is really doing and some examples.

 

Once you have modify a file, you have to restart Shorewall by typing

 

service shorewall restart

 

.. That's it... you know how Shorewall works

 

Hope this help

 

MOttS

Link to comment
Share on other sites
MottS Mandriva Guru

MottS

Posted
Posted
you was saying how 'FW' is firewall, but isnt shorewall the firewall itself?

 

YES. As I said, Shorewall works in zone. The machine on which Shorewall is installed is the firewall (FW) and the machines behind the firewall are called MASQ. Those machines are connected to the second ethernet card of the server. How is your setup BTW ? .. I mean physically.

 

and do i actually need a firewall? i coped in windows without one!

 

Actually, if you don't run important services (Apache, SMB, Mail server..) or you don't care to be hacked and lose datas, you don't really need a firewall... IMHO. But this is always fun to be stealth. ;-)

 

MOttS

Link to comment
Share on other sites
MottS Mandriva Guru

MottS

Posted
Posted
main 'server' connects to net with dialup hosts all music, movies etc! 1 ethernet

 

second comp 1 ethernet, connected with cable!

 

hmm i whats the bastille prog like?

 

Ok .. so the seccond computer is connected to the server with a RJ45 crosscable right ? The config I specified above is applicable for you in that case. The server is FW and your second computer is MASQ.

 

I used Bastille in MDK 8.1 and it was good also. There is couple of GUI to help configure. .. But I don't like GUI

 

MOttS

Link to comment
Share on other sites
Guest c_m_f

Guest c_m_f

Posted
Posted

well when i got the cable i wasnt aware of a diff needed between standard and crooscable but seen as i dont use any sort of hardware router or hub it must be!

 

ill look into the both of them, thanks for all the help everyone once again, appreciated!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...