hellloo.....
its half past 3 in the morning, i been sipping 6 cups of coffee and heart is beating like hell....
and unable to figure out why my netwrk doesnt work...... sigh....

i got dhcp working all okay, my clients got their ip dynamically by dhcp.
im able to ping internal computers and internal to this server. but, intenal computers CANT ping, say, yahoo.com :( why...... is it the firewall??

im using shorewall 1.4.4b for the firewall. got the default setting ( i.e. from the shorewall.sourceforge.net for 2-interfaces)

still doesnt work. cables are okay, everything physically okay (except myself is dying here)

anybody got any ideas at all... any random thoughts? please... im hopeless already.... 6 days 7 hours trying to figure out ... ugh......

i'll wish u all the best for the rest of your life if you can help... thanks.........

add your isp's dns servers to your /etc/resolv.conf on all your machines

OR

set up your firewall to run bind (bound to its internal nic) and have it forward dns lookups and set up your clients to use your firewall for dns.

those options i have done.. to be sure im setting it again. still no can do...

btw. im on mandrake 9.1
i used that internet connection wizard or watever it was called few days ago and decided to ditch it. coz it sux. and simply messed up the whole setting. now im resorting to editing config files manually.

i have followed several howtos. what i am so 'amazed' is that i did whatever the howto says and i got the exact same result as that of the how-to's, but when it comes to testing the setting.... i cant ping yahoo.com or other sites in the internet from my internal boxes......

thx for that anyway....

Try looking up yahoo.com from the firewall computer, and ping the numeric IP address from your network. If that works, it's probably your DNS; if not, then no traffic whatsoever is getting through and you have a more complex problem.

EDIT: As of now (June 9) yahoo.com is 66.218.71.198

Also, if the firewall is running kernel 2.4.x, run "iptables -t nat -L" to print out your firewalling rules. I think it might be the same syntax for kernel 2.2.x and iptables, but never tried it.

hello again. I slept!..... :o

anyways, apparently something is weird going on. hm when i ping one of my internal boxes:

[root@Chimera etc]# ping 10.168.9.88
PING 10.168.9.88 (10.168.9.88) 56(84) bytes of data.
From 10.168.9.0 icmp_seq=1 Destination Host Unreachable
From 10.168.9.0 icmp_seq=2 Destination Host Unreachable
From 10.168.9.0 icmp_seq=3 Destination Host Unreachable

--- 10.168.9.88 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
, pipe 3

This only happens when my internal box was booted to linux, when it is booted into win98 it was pinging ok. so the question will be, how do i see network configurations in linux like in windows (winipcfg)? what would i need to do to make the setting be the same as that of the windows one? (its in one computer, same network card - just dual boot)

However, pinging yahoo.com or the ip that you gave me from the internal box still doesnt work either i am in windows or linux.

and here is the output of 'iptables -t nat -L'

[root@Chimera etc]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
net_dnat all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth1_masq all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain eth1_masq (1 references)
target prot opt source destination
MASQUERADE all -- Chimera.Lion.at.Plasma.Tower/24 anywhere
MASQUERADE all -- Chimera.Lion.at.Plasma.Tower/24 anywhere

Chain net_dnat (1 references)
target prot opt source destination
DNAT tcp -- anywhere c18989.eburwd2.vic.optusnet.com.autcp dpt:http to:10.168.9.88


any guesses?

Is 10.168.9.0 your server? Correct me if I'm wrong but I believe that that number is reserved, as is x.x.x.255. head over to tldp.org and search for ip mans. That's where I found it once long ago..... Anywho, try using 10.168.9.1 for the server acting as gateway to the web.

heres my old DHCPd.conf :

ddns-update-style interim;
default-lease-time 21600;
max-lease-time 43200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.168.9.255;
option routers 10.168.9.254;
option domain-name-servers 10.168.9.1, 10.168.9.2;
option domain-name "Chimera.Lion.at.Plasma.Towers";

subnet 10.168.9.0 netmask 255.255.255.0 {
range 10.168.9.8 10.168.9.87;
}

# we want the nameserver to appear at a fixed address
host GoldenChimera {
hardware ethernet 00:c0:26:7e:53:fb;
fixed-address 10.168.9.88;
}
and this is going ok. except i cant ping my internal box if its booted into linux.

my new dhcpd.conf

ddns-update-style ad-hoc;
default-lease-time 21600;
max-lease-time 43200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.168.9.255;
option routers 10.168.9.254;
option domain-name-servers 10.168.9.2;
option domain-name "Chimera.Lion.at.Plasma.Towers";
option netbios-name-servers 10.168.9.2;

subnet 10.168.9.1 netmask 255.255.255.0 {
range 10.168.9.8 10.168.9.87;
}

# we want the nameserver to appear at a fixed address
host GoldenChimera {
hardware ethernet 00:c0:26:7e:53:fb;
fixed-address 10.168.9.88;
}
note the 10.168.9.1 (i changed it according to what u said)
this, if I run dhcpd will spit out error like this

/etc/dhcpd.conf line 11: subnet 10.168.9.1: bad subnet number/mask combination.
subnet 10.168.9.1 netmask 255.255.255.0
^
Configuration file errors encountered -- exiting

anyways, i was following this (http://en.tldp.org/HOWTO/mini/DHCP/x369.html) to make my dhcpd.conf

okay, so now i got a little progress....

uninstalled iptables and installed ipchains, then installed pmfirewall. (www.pointman.org)

i can now ping all my internal networks from this server. and vice versa. regardless of OS.

and from internal box (linux) i can ping yahoo.com and justlinux.com (getting their ip etc) but get Destination host unreachable.

from internalbox (windows) i can ping them also, with time out.

but.... still cannot connect to internet from internal box.

any help? pls....

boink

try add firewall by iptables
iptables -t nat -A pOSTROUTING -s 10.168.9.0/24 -o ppp0 -j MASQUERADE