Guest c_m_f Posted February 9, 2003 Report Share Posted February 9, 2003 Basically im pretty stuck now, i configured ics using MCC and it doesn't want to work, i can ping each computer but no websites from the client, i added stuff to my dhcpd.conf file after reading some posts but to no avail ! heres my dhcpd.conf: ddns-update-style none; subnet 192.168.0.0 netmask 255.255.255.0 { # default gateway option broadcast-address 192.168.0.253; option routers 192.168.0.1; option subnet-mask 255.255.255.0; option domain-name "homeland.net"; option domain-name-servers 212.50.160.100, 213.249.130.100; range dynamic-bootp 192.168.0.16 192.168.0.253; default-lease-time 21600; max-lease-time 43200; option routers 192.168.0.1; option ip-forwarding on; authoritative; } and my hosts file: 127.0.0.1 localhost.localdomain localhost 192.168.0.1 rubarb.home rubarb 192.168.0.2 custard.home custard and my resolv.conf: # search localdomain # search home search home nameserver 192.168.0.1 nameserver 212.50.160.100 nameserver 213.249.130.100 # ppp temp entry nameserver 212.50.160.100 # ppp temp entry nameserver 213.249.130.100 # ppp temp entry any help please? Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 11, 2003 Report Share Posted February 11, 2003 any takers? Quote Link to comment Share on other sites More sharing options...
MottS Posted February 11, 2003 Report Share Posted February 11, 2003 Hi I don't know if that can help you but .. I used the ICS wizard in the MCC quite a few times and never got a problem. Actually I used it to share the net on my LAN. My computer and the one of my wife access the net from my server that is running MDK 9.0. If I would be you I would run it a second time making sure you answer all the questions. Make sure your net and you LAN are really on the interface you specify to the wizard (ie eth0 = internet and eth1 = LAN .. or there way around). Also, don't stop the firewall if you want it to work because it is not going to work for sure. Shorewall (the firewall that is installed by the ICS wizard), stop all the network activity when it is shutdown. There is ways to prevent it but as a first guess I would just not stop it. Finally, make sure the computers on your LAN are configured to be given an IP from a DHCP server. My server gives an IP to a Mac (OS X) and to my computer (Dual boot Gentoo and XP) and the tougher to configure was really XP. The Mac and my Gentoo machine detected they were connected to a DHCP server right away but I got some problem with XP (That's M$ shit you know). So play with the setting for some time if you use one of those boxes. Hope this help MOttS Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 11, 2003 Report Share Posted February 11, 2003 Is your client also Linux? If so, try removing the nameserver 192.168.0.1 from the resolv.conf file. But try my next post first. Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 11, 2003 Report Share Posted February 11, 2003 Also, your range inside the subnet is: range dynamic-bootp 192.168.0.16 192.168.0.253; and 192.168.0.2 is not in that range, so it doesn't use that config. Try moving option broadcast-address 192.168.0.253; option routers 192.168.0.1; option subnet-mask 255.255.255.0; option domain-name "homeland.net"; option domain-name-servers 212.50.160.100, 213.249.130.100; option routers 192.168.0.1; option ip-forwarding on; authoritative; All of this out of the subnet declaration to make it global. Here's my /etc/dhcpd.conf: # dhcpd.conf # # Sample configuration file for ISC dhcpd # ddns-update-style none; option broadcast-address 192.168.0.255; option subnet-mask 255.255.255.0; option netbios-name-servers 192.168.0.1; option routers 192.168.0.1; option domain-name "omarserenity.home"; option ip-forwarding on; # option definitions common to all supported networks... option domain-name "omarserenity.home"; option domain-name-servers 205.171.3.65, 205.171.24.251; default-lease-time 1600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. subnet 192.168.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option routers 192.168.0.1; option domain-name "omarserenity.home"; option ip-forwarding on; } host laluna { hardware ethernet 00:20:78:F0:2A:25; fixed-address 192.168.0.2; option broadcast-address 192.168.0.255; option routers 192.168.0.1; option domain-name "omarserenity.home"; option ip-forwarding on; } Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 11, 2003 Report Share Posted February 11, 2003 thanks for all the answers, ill try editing yours steve and changing mine to that! thanks alot everyone, ill let you know if it works! Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 11, 2003 Report Share Posted February 11, 2003 well i got it working, all i did was re did the wizard and uninstalled teh firewall and its all good :) now recomendations for a good simple configurable firewall! Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 11, 2003 Report Share Posted February 11, 2003 Bastille-netfilter is what I use. Quote Link to comment Share on other sites More sharing options...
MottS Posted February 12, 2003 Report Share Posted February 12, 2003 Shorewall is really simple man. You can't imagine how it is simple when you take time to read the config files. Shorewall works in zone. You lan is MASQ, your firewall is FW and the internet is NET. /etc/shorewall/policy is the general setup. If you want your lan to access the net then write 'masq net accept' in that file. If you want your firewall to access the net then write 'fw net accept'. Here is mine. masq net ACCEPTfw net ACCEPT net all DROP info all all REJECT info /etc/shorewall/rules is the exeption of /etc/shorewall/policy. Ie, if you bloc all the request from the net to the firewall or the lan and you want to run Apache for instance, then you have to specify this in this file. If you want to open port 80 of your firewall running Apache then enter 'ACCEPT net fw tcp 80 -' in the rules file. If you want to run eDonkey and MSN (file transfer) on a box having IP 192.168.1.100 on your lan, then forward all request made to these ports to that machine by entering 'DNAT net masq:192.168.1.100 tcp 4662,6891:6900 -' in the config file. Here is mine: # ===============================POUR APACHE ==================================ACCEPT net fw tcp 80 - # ===========================POUR LES PORTS LOCAUX ============================ ACCEPT masq fw tcp 22,5900 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - # ====================TRANSFÉRER CES PORTS DU NET A MON ORDI=================== DNAT net masq:192.168.1.100 tcp 4662,6891:6900 - This is the only files I had to modify in /etc/shorewall to be STEALTH on all security test. Also, at the beginning of each files in /etc/shorewall, there is an explanation in plain english saying what the file is really doing and some examples. Once you have modify a file, you have to restart Shorewall by typing service shorewall restart .. That's it... you know how Shorewall works Hope this help MOttS Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 12, 2003 Report Share Posted February 12, 2003 you was saying how 'FW' is firewall, but isnt shorewall the firewall itself? and do i actually need a firewall? i coped in windows without one! Quote Link to comment Share on other sites More sharing options...
MottS Posted February 12, 2003 Report Share Posted February 12, 2003 you was saying how 'FW' is firewall, but isnt shorewall the firewall itself? YES. As I said, Shorewall works in zone. The machine on which Shorewall is installed is the firewall (FW) and the machines behind the firewall are called MASQ. Those machines are connected to the second ethernet card of the server. How is your setup BTW ? .. I mean physically. and do i actually need a firewall? i coped in windows without one! Actually, if you don't run important services (Apache, SMB, Mail server..) or you don't care to be hacked and lose datas, you don't really need a firewall... IMHO. But this is always fun to be stealth. ;-) MOttS Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 12, 2003 Report Share Posted February 12, 2003 main 'server' connects to net with dialup hosts all music, movies etc! 1 ethernet second comp 1 ethernet, connected with cable! hmm i whats the bastille prog like? Quote Link to comment Share on other sites More sharing options...
MottS Posted February 12, 2003 Report Share Posted February 12, 2003 main 'server' connects to net with dialup hosts all music, movies etc! 1 ethernet second comp 1 ethernet, connected with cable! hmm i whats the bastille prog like? Ok .. so the seccond computer is connected to the server with a RJ45 crosscable right ? The config I specified above is applicable for you in that case. The server is FW and your second computer is MASQ. I used Bastille in MDK 8.1 and it was good also. There is couple of GUI to help configure. .. But I don't like GUI MOttS Quote Link to comment Share on other sites More sharing options...
Guest c_m_f Posted February 12, 2003 Report Share Posted February 12, 2003 well when i got the cable i wasnt aware of a diff needed between standard and crooscable but seen as i dont use any sort of hardware router or hub it must be! ill look into the both of them, thanks for all the help everyone once again, appreciated! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.