Sharing Internet in Fedora Core 3

rekha_divgikar · Mar 17, 2005

Hi!

The nameserver package is already installed and have also started the daemon (/etc/init.d/named start)..

etc/resolv.conf file show's the foll:

serach localhost
nameserver 202.63.164.17
nameserver 202.63.164.18

Nodsu · Mar 17, 2005

OK. And these are the same DNS servers you told the client machine to use?

rekha_divgikar · Mar 18, 2005

yes... I used this DNS for the client system...

Nodsu · Mar 18, 2005

In that case either the masquerading is set up wrong or you have a firewall somewhere that blocks the traffic.

Just set up a mock ICS with two Linux machines:

MACHINE1 (the server):

[root@mihkel ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:10C:7B:92:5E
inet addr:192.168.135.19 Bcast:192.168.135.255 Mask:255.255.255.0
inet6 addr: fe80::210:dcff:fe7b:925e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1432 Metric:1
RX packets:84041 errors:0 dropped:0 overruns:0 frame:0
TX packets:60583 errors:0 dropped:0 overruns:0 carrier:0
collisions:6799 txqueuelen:1000
RX bytes:63820444 (60.8 MiB) TX bytes:8026743 (7.6 MiB)

[root@mihkel ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:00:86:1C:45:71
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::200:86ff:fe1c:4571/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:586 errors:0 dropped:0 overruns:0 frame:0
TX packets:609 errors:0 dropped:0 overruns:0 carrier:0
collisions:53 txqueuelen:1000
RX bytes:44566 (43.5 KiB) TX bytes:566468 (553.1 KiB)
Interrupt:3 Base address:0x300

[root@mihkel ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@mihkel ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@mihkel ~]# tail /etc/resolv.conf
search sidetk.pvasise .pvasise
nameserver 192.168.111.1
nameserver 192.168.111.3
nameserver 192.168.111.223
[root@mihkel ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.135.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default privador.sidetk 0.0.0.0 UG 0 0 0 eth0

MACHINE2 (the client):

Ren:~ # ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0D:60:7B:1D:00
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20d:60ff:fe7b:1d00/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:656 errors:0 dropped:0 overruns:0 frame:0
TX packets:622 errors:0 dropped:0 overruns:0 carrier:0
collisions:103 txqueuelen:1000
RX bytes:575031 (561.5 Kb) TX bytes:51942 (50.7 Kb)
Base address:0x8000 Memory:c0220000-c0240000

Ren:~ # tail /etc/resolv.conf
nameserver 192.168.111.1
search valper
Ren:~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth1

The steps roughly to set it up..
Server side:

iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/iptables restart
ifconfig eth1 10.0.0.1
ifconfig eth1 up

Client:

ifconfig eth1 10.0.0.2
iconfig eth1 up
route add default gw 10.0.0.1
vi /etc/resolv.conf

sifonell · Mar 21, 2005

Hi,

Let's do this in a few very easy steps. First this will run on any sysV based distribution (ie Fedora, Mandrake etc)

Firs, make sure that you have uninstalled or at least disabled the firestarter or whatever other external trick you have enabled

Let the stepping begin ...

Step 1:

We configure the ip_forwarding which will let the packats "flow" from one interface to another.
In order to do this, in your favorite text editor, open the file /etc/sysctl.conf
Initially, the line looks like this

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

You have to change it to

net.ipv4.ip_forward = 1

save and exit.

Now, why did we do it like this instead of just echoing in /proc/sys/net ... ? Because changin if the file in /proc, only ensures it running until the next restart. It will not work after that, because at startup, the netwqork service, via sysct, parses the file /etc/sysctl.conf, where it will read "do not enable ip_forward".

Step 2:

# service network restart
(# as in ... you have to be root)

Step 3: we add the firewall and nat rules in iptables

You arfe running on a kernel newer than 2.4 so we can safely do this:

# iptables -t nat -I POSTROUTING -s 192.168.0.1/24 -j SNAT --to-source 10.10.10.10

i didn't remember your outgoing address soi said ... 10.10.10.10 . You replace it with yours!

Step 4:
We ensure that the next time the system starts the rule will be loaded

# service iptables save

Step 5:

Double check the config of interfaces :

eth0 (the lan interface), must have no gateway set

the interfaces in the network must have as gateway, the ip of your eth0

Step 6:

The final check

from your linux based client machine (from the net 192.168.0.)
# traceroute [an external ip address]

from your windows based client machine
> tracert [an external ip address]

It is important that you check it with ip addresses
first and then with hostnames. This way we also check for name resolution failures.

Hope this is helpfull.

TechSpot

Sharing Internet in Fedora Core 3

rekha_divgikar Newcomer, in training

Nodsu Newcomer, in training

rekha_divgikar Newcomer, in training

Nodsu Newcomer, in training

sifonell Newcomer, in training