quodlibet
01-31-2003, 10:19 AM
I have a DSL connection to my ISP, which requires DHCP. One linux box is connected to the DSL modem, and to my internal network, IP masquerading for the internal network (which is only one machine, right now--running linux.) Let me call the box connected to the modem the router, and the other one the client.
OK, from the client, I can ping everything by IP address including:
192.168.0.2 (the client)
192.168.0.1 (the router=the gateway for the client)
192.168.1.95 (the IP address of the router, assigned by DHCP)
192.168.1.254 (the router's gateway, also the only nameserver per the router)
62.210.162.137 (www.justlinux.org)
From the router, I can ping everything:
192.168.0.2
...
www.justlinux.org
But from the client I can't ping any URL, including www.justlinux.org
I have made /etc/resolv.conf on the client look exactly like the same file on the router:
nameserver 192.168.1.254
nameserver 192.168.1.254
search launchmodem.com
(I've also tried sticking in IPs for other servers--as suggested in various threads on this forum. It didn't work, but I'm open to suggestions.) (Bonus question: Do you have to restart the network for the changes in /etc/resolv.conf to take effect?)
Per IP_Masquerade_HOWTO.txt, I enabled both ip_forward and ip_dynaddr under /proc/sys/net/ipv4.
I configured ipchains per the Routing.html from this site. When things didn't work, I added the following rule, per IP_Masquerade_HOWTO.txt:
#$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
.. which I entered as:
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 0p udp
(BTW, I know IP_Masquerade_HOWTO says to use iptables with my kernel, which is 2.4.18=redhat 7.3, but whatever got me connected to DSL automagically slapped in ipchains. Rather than break that connection trying to convert over to iptables, I'm using ipchains with my 2.4 kernel even though IP_Masquerading_HOWTO says to use iptables.)
When I type
# /sbin/ipchains -n -L
I get:
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT udp ------ 192.168.1.254 0.0.0.0/0 53 -> 1025:65535
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67:68 -> 67:68
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67:68 -> 67:68
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 2049
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 2049
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7100
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67 -> 68
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
For what it's worth, from the client, both
host www.justlinux.org
... and ...
dig www.justlinux.org
tell me:
connection timed out; no servers could be reached
So what am I missing? Do I have to run bind on my router?
OK, from the client, I can ping everything by IP address including:
192.168.0.2 (the client)
192.168.0.1 (the router=the gateway for the client)
192.168.1.95 (the IP address of the router, assigned by DHCP)
192.168.1.254 (the router's gateway, also the only nameserver per the router)
62.210.162.137 (www.justlinux.org)
From the router, I can ping everything:
192.168.0.2
...
www.justlinux.org
But from the client I can't ping any URL, including www.justlinux.org
I have made /etc/resolv.conf on the client look exactly like the same file on the router:
nameserver 192.168.1.254
nameserver 192.168.1.254
search launchmodem.com
(I've also tried sticking in IPs for other servers--as suggested in various threads on this forum. It didn't work, but I'm open to suggestions.) (Bonus question: Do you have to restart the network for the changes in /etc/resolv.conf to take effect?)
Per IP_Masquerade_HOWTO.txt, I enabled both ip_forward and ip_dynaddr under /proc/sys/net/ipv4.
I configured ipchains per the Routing.html from this site. When things didn't work, I added the following rule, per IP_Masquerade_HOWTO.txt:
#$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
.. which I entered as:
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 0p udp
(BTW, I know IP_Masquerade_HOWTO says to use iptables with my kernel, which is 2.4.18=redhat 7.3, but whatever got me connected to DSL automagically slapped in ipchains. Rather than break that connection trying to convert over to iptables, I'm using ipchains with my 2.4 kernel even though IP_Masquerading_HOWTO says to use iptables.)
When I type
# /sbin/ipchains -n -L
I get:
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT udp ------ 192.168.1.254 0.0.0.0/0 53 -> 1025:65535
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67:68 -> 67:68
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67:68 -> 67:68
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 2049
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 2049
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009
REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7100
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 67 -> 68
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
For what it's worth, from the client, both
host www.justlinux.org
... and ...
dig www.justlinux.org
tell me:
connection timed out; no servers could be reached
So what am I missing? Do I have to run bind on my router?