Gowator Posted June 26, 2003 Report Share Posted June 26, 2003 OK hackers.... I'm on a PC which will could soon have a second NIC. its currently got a static IP...for eth0 in a uncommon RFC range. ppp0 is assigned a IP 193.253.160.3 I have a /dev/ppp crw------- 1 root root 108, 0 Jan 1 1970 ppp and a valid resolv.conf in /etc/ppp /etc/ppp/options more options lock noipdefault persist noauth usepeerdns defaultroute and a valid/working /etc/ppp/pppoe.options ifconfig eth0 Link encap:Ethernet HWaddr 00:60:97:1B:B2:52 inet addr:172.16.122.55 Bcast:172.16.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:354942 errors:1 dropped:0 overruns:0 frame:2 TX packets:238453 errors:0 dropped:0 overruns:0 carrier:338 collisions:10 txqueuelen:100 RX bytes:359189379 (342.5 Mb) TX bytes:32651979 (31.1 Mb) Interrupt:5 Base address:0xdc00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:936 errors:0 dropped:0 overruns:0 frame:0 TX packets:936 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:81756 (79.8 Kb) TX bytes:81756 (79.8 Kb) ppp0 Link encap:Point-to-Point Protocol inet addr:81.53.194.18 P-t-P:193.253.160.3 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:606 errors:0 dropped:0 overruns:0 frame:0 TX packets:712 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:353124 (344.8 Kb) TX bytes:128454 (125.4 Kb) route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 193.253.160.3 * 255.255.255.255 UH 0 0 0 ppp0 172.16.122.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 193.253.160.3 0.0.0.0 UG 0 0 0 ppp0 I want to use this machine as a gateway for the rest and route the default gateway. DSL MODEM<------>GWPC<-------->switch<--------> the rest. Any suggestions ....???????????[/i] Quote Link to comment Share on other sites More sharing options...
tyme Posted June 26, 2003 Report Share Posted June 26, 2003 a few tips: you'll need to give eth1 (the new NIC) a static IP. you'll have to install a dhcp server and configure it to run _only_ on eth1. as for specifics...i'm unsure, i've never done this sort of setup myself (although I was considering it). but I believe the dhcp server should take care of the routing....someone please correct, because I know I'm most likely wrong... Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 26, 2003 Author Report Share Posted June 26, 2003 tyme, I'm pretty sure the dhcp server just gives IP addresses. I think what I ned to use is IP tables with NAT. The question is (Michel??) what does shorewall do ??? I'm loath to mess until im sure though !! Quote Link to comment Share on other sites More sharing options...
aru Posted June 26, 2003 Report Share Posted June 26, 2003 I only had to add this to the rules of my iptables script: iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE -j MASQUERADE define the EXTERNAL_INTERFACE accordingly (ie: "ippp0" (ISDN)) Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 26, 2003 Author Report Share Posted June 26, 2003 tried that, the sharing wizard started up shorewall. Unless I do a shorewall clear it blocks even local access!!! Any ideas Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 27, 2003 Author Report Share Posted June 27, 2003 shorewall clear: Yeah that gives me back access from a single PC. I checked out the shorewall website and in their words the Mandrake wizard install is a little weird. Unfortunately the wizard didn't tell me I needed 2 NIC's (shorewall did) or that they shouldmn't go through the same hub (shorewall did). Shorewall also say if you use the Mandrake Wizard the quickstart won't make sense.... It didn't. So I'm going to reconfigure shorewall the shorewall way ..... Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 27, 2003 Author Report Share Posted June 27, 2003 1) Using MCC wizard do I need two NIC's . My DSL is Ethernet, i have as many hubs and switches as I can use ... Can I connect the DSL router directly to a hub and still route through a single NIC for a gateway i.e. Can i route from eth0 => ppp0 and perform the NAT there?? or do I need two NICs definitively. It really doesn't seem that obvious from MCC but shorewall say it must be a different hub/switch never mind the same card. I can see theoretically you can have two IP's for the same NIC and just route between them (vmware uses virtual ones for instance) 2) Do I have to use DHCP ???? I'm presuming I set the IP of the router PC as the default gw for the others. It needs to go through the ppp0 as far as I can see otherwise it won't get authentification from ppp.secrets??? So Im presuming the router PC has to have an open Internet connection ? The other PC's route through that connection ?? Someone answer please !!! Quote Link to comment Share on other sites More sharing options...
Michel Posted June 27, 2003 Report Share Posted June 27, 2003 You give me more credit than I'm worth :)... I've never set up a network, bet I try to help you as good as I can. It can be you know all of this stuff, so sorry for wasting your time then...(good chance I'll waste your time and confuse you in teh meanwhile...:)) Suppose you have a zone for your local lan. Then you coudl route all your traffic coming from the local and send it on. And route all teh outgoing traffic(internet stuff anyway) towards your gateway that accepts all stuff from the lan. I think this is what you want, if I'm not using the wrongw ords, making myself ridiculous :) ansd maybe some typo's too:). Anyway. One way( but mayeb not the best way) I could think of is to specify this in the rules-file in /etc/shorewall. you have the NAT-command for forwarding..... This may help and is probably what you're lookign for: http://www.shorewall.net/two-interface.htm Hopefully it helps a little bit...:D Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 27, 2003 Author Report Share Posted June 27, 2003 Yeah, I looked at that. The first thing was the polite warning to MDK users ... If you are running Shorewall under Mandrake 9.0 or later, you can easily configure the above setup using the Mandrake "Internet Connection Sharing" applet. From the Mandrake Control Center, select "Network & Internet" then "Connection Sharing". Note however, that the Shorewall configuration produced by Mandrake Internet Connection Sharing is strange and is apt to confuse you if you use the rest of this documentation (it has two local zones; "loc" and "masq" where "loc" is empty; this conflicts with this documentation which assumes a single local zone "loc"). We therefore recommend that once you have set up this sharing that you uninstall the Mandrake Shorewall RPM and install the one from the download page then follow the instructions in this Guide. According to Shorewall I need TWO interfaces, MDK don't specify very decisively. I know it should be possible (perhaps not advisable) with a single NIC and Im trying to work out exactly what the Mandrake wizard did. ugghh Quote Link to comment Share on other sites More sharing options...
MottS Posted June 27, 2003 Report Share Posted June 27, 2003 Hi Gowator and Michel Ok .. to start what I have to say : You NEED 2 nics for it to work correctly. One nic connected to your DSL modem (eth0 for instance) and the other one to the hub (eth1). Now start your net connection (ppp0e) and run the ICS wizard. The computers connected to the hub should be able to access the net no problem by now if you configured them to get an IP from a DHCP server (the Mandrake box that has 2 nics - the server). By now, NAT is enabled on the server as well as a DHCP server (to give IPs to the clients on the hub) and a firewall (ie Shorewall). Now, the only thing you have to tweak is Shorewall. Forget about the MCC for that since this GUI was probably made for a 1 interface computer (simple desktop .. not a server). You have to play with the files in /etc/shorewall/. The important files are policy and rules. Read the top of each files since lots of examples are there for you to understand what you can do with them. If you want to play with them, forget about the 'loc' zone. By using the ICS wizard in the MCC, you have the three following zones: 'net' = the big internet, 'masq' = the computers behind the hub and 'fw' = the server (the machine on which Shorewall is running). .. oh yeah, by default all connections from the 'masq' zone to the 'fw' zone are blocked. If you want to kill the firewall between them (between the computers behind the hub and the firewall), put that line in /etc/shorwall/policy before 'all all DROP' and restart shorewall (type 'service shorewall restart' as root in a console) masq fw ACCEPT Good luck MOttS Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 27, 2003 Author Report Share Posted June 27, 2003 We really do need a we are not worthy emoticon :D Thanks, Its good to have it spelt out. Its kinda phasing to see the MDK CC so vague and then when you check out the vendor site tell you differently and that the MCC defined one is 'confusing' if you follow the quick start. Now I definitively know I need 2 NIC's that will help. Its no problem I have at least 20 lying about. I guess I can disable the DHCP server later if I temporarily deactivate the present one running on a different machine. It was (the other PC) my squid/NFS/DHCP server in addition to doing my DVD/MP3/DivX --- c'est la vie --- I can redo it later.... Just out of interest: I'll do it with 2 NIC's but VMWARE uses virtual NIC's and runs NAT over them. I can't see in theory why this shouldn't work if you assign a virtual IP to the aliased NIC... Surely the packet forwarding will just follow the routing ??? Quote Link to comment Share on other sites More sharing options...
MottS Posted June 27, 2003 Report Share Posted June 27, 2003 I guess you have to choose a BRIDGED network and link it to the Ethernet card on which ICS is enabled (if the modem is connected to eth0 then ICS is enabled on eth1). This way your VMWare client will receives an IP from the DHCP server and act just like another client behind the hub. Look there: http://www.vmware.com/support/ws4/doc/netw...ws.html#1061788 MOttS Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 27, 2003 Author Report Share Posted June 27, 2003 Illl check it later when the easy config is working Its always easier to work out how it works once its actually working :-) Im currently with 2nd card about to try the MCC for sharing ... Quote Link to comment Share on other sites More sharing options...
MottS Posted June 27, 2003 Report Share Posted June 27, 2003 Its always easier to work out how it works once its actually working :-) :mystilol: Alors j'espère que ça va fonctionner pour que tu comprennent comment tout fonctionne... MOttS Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 28, 2003 Author Report Share Posted June 28, 2003 Many thanks all who helped out, esp. Motts. As usual i spent a long time frustrated and learned loads. I guess my configuration is half standalone and half two-interface as defined by shorewall. That is I actually want tobe able to use my firewall/routing PC as a normal PC. So, now it works minimally (and with static IP) I can start to learn. Motts: alors ca marche! merci mille fois pour ton aide. comme d'habitude, maintenant que ca fonctionne, tout parait simple... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.