I am facing problems with internet sharing from Linux to windows..
I have Linux (Fedora Core 3) installed on server. The eth0 of the server is used for LAN while eth1 is used for Internet.
On the LAN card of the server, I use Ip address as 192.168.0.1, subnet:255.255.255.0.
On the client i have two OS installed one is WinXP and the other is Fedora Core 3, I assing the Ip address as 192.168.0.2, subnet:255.255.255.0, gateway=Ip address of eth0 LAN.
I can surf the internet from the server. From server, I can ping ip address of client and can ping LAN IP of server from client. But I am unable to surf the internet from the client..
What's the problem? What more settings do I need to do??
I am unable to surf the net from both the OS of the Client i.e from win XP as well as Fedora Core 3..
Nodsu
03-10-2005, 03:14 PM
Search feature and you eyes are your friend.
Here is a thread from the very first page of this very forum:
http://www.techspot.com/vb/topic22575.html
Ad
03-10-2005, 03:14 PM
rekha_divgikar
03-11-2005, 01:42 AM
Hi!
yes, I have already tried the solution link you've mentioned earlier but it is not working for me that's when I posted the question...
I even had downloaded the Firestarter and installed it on my server and then after enabling the "internet sharing" in Firestarter I tried accessing the net from my client PC but it doesn't seem to work...
I should have mentioned the above earlier...
Nodsu
03-11-2005, 03:45 AM
What exactly isn't working? What exactly did you do? What is the network setup on the server and the client?
rekha_divgikar
03-11-2005, 06:33 AM
Hi!
Like I've mentioned earlier, my problem is I cannot access internet from my client PC...
I did exaclty as was mentioned in the solution link, that is setting up the network, and then for the "internet sharing", i chose to download the "firestarter GUI Firewall". Then I installed it on my "server" pc and did the required setting for sharing the internet...
My network setup is as follows:
"The server PC has two network cards"
eth0 => is used for LAN, the settings of which are
Ip address = 192.168.0.1
subnet=255.255.255.0
gateway=<empty>
eth1 => is used for accessing the internet. It's connected to a cable modem.
Ip address = 10.10.10.46
subnet =255.255.255.252
gateway=10.10.10.1
"The Client PC has one network card"
eth0=> is for LAN, the setting of which are
Ip address = 192.168.0.2
subnet:255.255.255.0
gateway=192.168.0.1 (i.e. Ip address of eth0 LAN.)
the LAN network cards are connected via a cable..
Nodsu
03-11-2005, 07:29 AM
OK. Lets' stick with the pretty and straightforward Firestarter.
What error messages does it give you?
What do you get out of "ifconfig -a" and what is in the /etc/firestarter/configuration file?
rekha_divgikar
03-11-2005, 08:06 AM
Hi!
When i run the firestarter i don't get any errors as such. But with the firewall button on, i cannot access any of the websites on the server machine, but when i click the stop firewall button in "Firestarter" i can access the websites.. what's the reason for this.
# --(External Interface)--
# Name of external network interface
IF="eth1"
# Network interface is a PPP link
EXT_PPP="off"
# --(Internal Interface--)
# Name of internal network interface
INIF="eth0"
# --(Network Address Translation)--
# Enable NAT
NAT="on"
# Enable DHCP server for NAT clients
DHCP_SERVER="off"
# Forward server's DNS settings to clients in DHCP lease
DHCP_DYNAMIC_DNS="on"
# --(Inbound Traffic)--
# Packet rejection method
# DROP: Ignore the packet
# REJECT: Send back an error packet in response
STOP_TARGET="DROP"
# --(Outbound Traffic)--
# Default Outbound Traffic Policy
# permissive: everything not denied is allowed
# restrictive everything not allowed is denied
OUTBOUND_POLICY="permissive"
# --(Type of Service)--
# Enable ToS filtering
FILTER_TOS="off"
# Apply ToS to typical client tasks such as SSH and HTTP
TOS_CLIENT="off"
# Apply ToS to typical server tasks such as SSH, HTTP, HTTPS and POP3
TOS_SERVER="off"
# Apply ToS to Remote X server connections
TOS_X="off"
# ToS parameters
# 4: Maximize Reliability
# 8: Maximize-Throughput
# 16: Minimize-Delay
TOSOPT=8
i cannot access any of the websites on the server machine
You mean there are some websites hosted on the server machine? Or do you mean that you cannot browse the web using the server?
If it is the latter then try resolving some names with nslookup. Or enable ping in firestarter and try pinging something.
rekha_divgikar
03-15-2005, 02:42 AM
Hi!
No there are no websites hosted on the server machine(gateway), what I meant was that I could not browse the Internet using the server with firestarter on...
If I have to do the "Internet sharing" from the server machine without using firestarter how do i go about it????
Have installed fedora core 3 all over again on the server machine and have given the same settings as I had mentioned earlier... I can surf the Internet from the server machine, now how do i go about sharing the internet from the server machine, so that I can access the Internet from the client machine too...
My network is working fine, I can ping to and from both the machines...
Nodsu
03-15-2005, 04:22 AM
The simplest setup with iptables:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
eth0 is the external interface here.
Edit the /proc/sys/net/ipv4/ip_forward to contain "1"
Ad
03-15-2005, 04:22 AM
rekha_divgikar
03-15-2005, 07:55 AM
when I tried to edit the /proc/sys/net/ipv4/ip_forward to contain "1" and save the changes to the file it gives me an error saying cannot save the file...
So, how do i proceed form here..
Nodsu
03-15-2005, 10:25 AM
Try "echo 1 > /proc/sys/net/ipv4/ip_forward"?
Phantasm66
03-15-2005, 10:45 AM
Try "echo 1 > /proc/sys/net/ipv4/ip_forward"?
Don't you mean
"echo 1 >> /proc/sys/net/ipv4/ip_forward"
??
Make a copy of config files before editing them. Use VI if possible.
rekha_divgikar
03-15-2005, 02:03 PM
Yes, have tried "echo 1 > /proc/sys/net/ipv4/ip_forward", I get an output as "1" but I still can't access the internet from the client machine...
Nodsu
03-15-2005, 04:09 PM
Hmm..
I just set this this on my FC3 machine to test and it worked flawlessly.
What is the network setup on the client machine? TCP/IP and DNS.
Do you have iptables active on the server (try "/etc/init.d/iptables restart")? Do you have any other firewall rules on the server? (What do you get out of "iptables -L" and "iptables -L -t nat")?
You could run tcpdump on the server LAN interface and see what traffic goes through when the client tries to connect..
PS
The >> syntax is no good. ip_forward has to contain exactly one byte valued ASCII "1" so we have to use > (write to file) instead of >> (append to file).
Phantasm66
03-15-2005, 07:14 PM
Ah, OK. I am just not in the habbit of using > incase I overwrite something, thinking I was using >>.
rekha_divgikar
03-16-2005, 07:54 AM
Hi!
The network setup on the client machine is as follows..
IP: 192.168.0.254
subnet:255.255.255.0
gateway:192.168.0.1 (IP address of the server machine)
DNS:192.168.0.1
Yes I have iptables active on my server machine.. No I have no other firewall rules on the server..
You have set the DNS server for the client to be your FC3 machine, but you haven't set up DNS on it so you won't be able to resolve any names on the client.
It would be the easiest to tell the client machine the address of the DNS of your ISP or whatever the server is using.
rekha_divgikar
03-17-2005, 05:48 AM
How do I set up DNS on the server??? Please could u guide me???
I have tried giving DNS of the ISP on the client machine, but it doesn't work...
Nodsu
03-17-2005, 08:07 AM
What DNS server is the server machine using? Look in the /etc/resolv.conf file. You are really better off not overcomplicating things.
I suppose all you need to do is install the nameserver package (if not installed already) and start the daemon (/etc/init.d/named start)
rekha_divgikar
03-17-2005, 09:01 AM
Hi!
The nameserver package is already installed and have also started the daemon (/etc/init.d/named start)..
Ren:~ # tail /etc/resolv.conf
nameserver 192.168.111.1
search valper
Ren:~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth1
The steps roughly to set it up..
Server side:
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/iptables restart
ifconfig eth1 10.0.0.1
ifconfig eth1 up
Client:
ifconfig eth1 10.0.0.2
iconfig eth1 up
route add default gw 10.0.0.1
vi /etc/resolv.conf
sifonell
03-21-2005, 11:12 AM
Hi,
Let's do this in a few very easy steps. First this will run on any sysV based distribution (ie Fedora, Mandrake etc)
Firs, make sure that you have uninstalled or at least disabled the firestarter or whatever other external trick you have enabled
Let the stepping begin ...
Step 1:
We configure the ip_forwarding which will let the packats "flow" from one interface to another.
In order to do this, in your favorite text editor, open the file /etc/sysctl.conf
Initially, the line looks like this
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
You have to change it to
net.ipv4.ip_forward = 1
save and exit.
Now, why did we do it like this instead of just echoing in /proc/sys/net ... ? Because changin if the file in /proc, only ensures it running until the next restart. It will not work after that, because at startup, the netwqork service, via sysct, parses the file /etc/sysctl.conf, where it will read "do not enable ip_forward".
Step 2:
# service network restart
(# as in ... you have to be root)
Step 3: we add the firewall and nat rules in iptables
You arfe running on a kernel newer than 2.4 so we can safely do this:
Bookmark / Share this 
