Results 1 to 3 of 3
First: Iím a complete linux novice. I installed my first linux distro only a week ago. The last couple of days Iíve been trying to share a internet connection on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-01-2006 #1
- Join Date
- Oct 2006
help: IP masquerading is driving me nuts....
First: Iím a complete linux novice. I installed my first linux distro only a week ago. The last couple of days Iíve been trying to share a internet connection on my network with IP masquerading and it is driving me nuts ! Iíve read dozens of faqs and howtoís but I canít get the silly thing to work. I hope that some of the more experienced linux users on this forum can tell me what Iím doing wrong. Iíll try to describe my LAN setup and what Iíve been trying to do as detailed as possibleÖ
Iíve installed Suse 10.1 on a pc with 2 ethernet cards. This linux machine is connected to a small private LAN trough Ethernet card 0. It is running a Samba file server that acts as a PDC for a bunch of Windows XP Pro Clients. The whole file samba file sharing / PDC thing works like a charm. On Ethernet card 1 Iíve connected a ADSL modem for a high speed internet connection and Iíve configured it for a pppoE connection. This internet connection also works without a problem: I can surf the internet from the linux machine without a problem.
It is when I try to share the internet connection on the linux machine with the Windows XP Pro clients on the private LAN that the trouble starts.
A bit of data before I explain what Iíve tried so for:
- Eth0 in the Linux box has ip 192.168.9.1 (static)
- Eth1 in the Linux box gets a dynamic IP address assigned by my ISP every time that I login to the internet..
- All the other Windows XP Pro Clients on the private LAN have static ipís like 192.168.9.26, 192.168.9.127, Ö.
Iíve flushed all the rules for the filter and nat table with iptables so all the default behavior is accept for all chains. This way Iím certain that the firewall does not get in the way.
I turned on IP forwarding with : echo 1 > /proc/sys/net/ipv4/ip_forward
And Iíve turned on dynamic IP addressing with: echo 1 /proc/sys/net/ipv4/ip_dynaddr
(donít know if this is really necessary)
Iíve tried to turn on masquerading with the following rule:
Iptables Ėt nat ĖA POSTROUTING Ėo pppo Ėj MASQUERADE
I also tried :
Iptables Ėt nat ĖA POSTROUTING Ėo eth1 Ėj MASQUERADE
I also tried :
Iptables Ėt nat ĖA POSTROUTING Ės 192.168.9.0/24 Ėj MASQUERADE
None of the above has any effect: I cannot reach the internet from one of the Windows XP Pro clients.
What I can do :
- I can ping a internet IP from the linux box
- I can ping a win XP Pro client from the linux box.
- I can ping the linux box (192.168.9.1) from a win XP Pro client
What I cannot do:
- I canít ping a internet IP from a Winxp pro client.
On the win XP pro clients I have set the standard gateway to 192.168.9.1 and the primary DNS to the DNS ip adres of my ISP.
Can somebody tell me what Iím doing wrong ???
p.s.: I know that I donít have any firewall protection this way, but is just want to get the masquerade bit working first and Iíll worry about setting up the firewall laterÖ
- 10-02-2006 #2
Something like this maybe?
IPTABLES -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
IPTABLES -A FORWARD -i eth0 -o ppp0 -j ACCEPT
IPTABLES -A FORWARD -j LOG
IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
- 10-05-2006 #3
Originally Posted by rcgreen
- Join Date
- Oct 2006
Sorry, no joy...
Tried everything that was mentioned in this excellent guide and i still keep getting the same problem: no internet acces from my XP Pro clients.
There is a difference however between enabeling Masquerade and not doing anything at all: When no masquerading is enabled and i try to browse a website from a XP Pro client, i instantly get a 'site not found message'.
With Masquerading enabled, the browser keeps tyring to reach the site for a minute or two and then gives the typical 'site not found' message.
It looks as if the dns server from my isp is working and my browser can resolve the right adress, but no traffic gets trough the firewall ???