Hi!

I am facing problems with internet sharing from Linux to windows..

I have Linux (Fedora Core 3) installed on server. The eth0 of the server is used for LAN while eth1 is used for Internet.

On the LAN card of the server, I use Ip address as 192.168.0.1, subnet:255.255.255.0.

On the client i have two OS installed one is WinXP and the other is Fedora Core 3, I assing the Ip address as 192.168.0.2, subnet:255.255.255.0, gateway=Ip address of eth0 LAN.

I can surf the internet from the server. From server, I can ping ip address of client and can ping LAN IP of server from client. But I am unable to surf the internet from the client..

What's the problem? What more settings do I need to do??

I am unable to surf the net from both the OS of the Client i.e from win XP as well as Fedora Core 3..

Search feature and you eyes are your friend.
Here is a thread from the very first page of this very forum:
http://www.techspot.com/vb/topic22575.html

Hi!

yes, I have already tried the solution link you've mentioned earlier but it is not working for me that's when I posted the question...

I even had downloaded the Firestarter and installed it on my server and then after enabling the "internet sharing" in Firestarter I tried accessing the net from my client PC but it doesn't seem to work...

I should have mentioned the above earlier...

What exactly isn't working? What exactly did you do? What is the network setup on the server and the client?

Hi!

Like I've mentioned earlier, my problem is I cannot access internet from my client PC...

I did exaclty as was mentioned in the solution link, that is setting up the network, and then for the "internet sharing", i chose to download the "firestarter GUI Firewall". Then I installed it on my "server" pc and did the required setting for sharing the internet...

My network setup is as follows:

"The server PC has two network cards"
eth0 => is used for LAN, the settings of which are
Ip address = 192.168.0.1
subnet=255.255.255.0
gateway=<empty>

eth1 => is used for accessing the internet. It's connected to a cable modem.
Ip address = 10.10.10.46
subnet =255.255.255.252
gateway=10.10.10.1

"The Client PC has one network card"
eth0=> is for LAN, the setting of which are
Ip address = 192.168.0.2
subnet:255.255.255.0
gateway=192.168.0.1 (i.e. Ip address of eth0 LAN.)

the LAN network cards are connected via a cable..

OK. Lets' stick with the pretty and straightforward Firestarter.
What error messages does it give you?
What do you get out of "ifconfig -a" and what is in the /etc/firestarter/configuration file?

Hi!

When i run the firestarter i don't get any errors as such. But with the firewall button on, i cannot access any of the websites on the server machine, but when i click the stop firewall button in "Firestarter" i can access the websites.. what's the reason for this.

==========================================================

In the /etc/firestarter/configuration file the settings are:

#-----------( Firestarter Configuration File )-----------#

# --(External Interface)--
# Name of external network interface
IF="eth1"
# Network interface is a PPP link
EXT_PPP="off"

# --(Internal Interface--)
# Name of internal network interface
INIF="eth0"

# --(Network Address Translation)--
# Enable NAT
NAT="on"
# Enable DHCP server for NAT clients
DHCP_SERVER="off"
# Forward server's DNS settings to clients in DHCP lease
DHCP_DYNAMIC_DNS="on"

# --(Inbound Traffic)--
# Packet rejection method
# DROP: Ignore the packet
# REJECT: Send back an error packet in response
STOP_TARGET="DROP"

# --(Outbound Traffic)--
# Default Outbound Traffic Policy
# permissive: everything not denied is allowed
# restrictive everything not allowed is denied
OUTBOUND_POLICY="permissive"

# --(Type of Service)--
# Enable ToS filtering
FILTER_TOS="off"
# Apply ToS to typical client tasks such as SSH and HTTP
TOS_CLIENT="off"
# Apply ToS to typical server tasks such as SSH, HTTP, HTTPS and POP3
TOS_SERVER="off"
# Apply ToS to Remote X server connections
TOS_X="off"
# ToS parameters
# 4: Maximize Reliability
# 8: Maximize-Throughput
# 16: Minimize-Delay
TOSOPT=8

# --(ICMP Filtering)--
# Enable ICMP filtering
FILTER_ICMP="off"
# Allow Echo requests
ICMP_ECHO_REQUEST="off"
# Allow Echo replies
ICMP_ECHO_REPLY="off"
# Allow Traceroute requests
ICMP_TRACEROUTE="off"
# Allow MS Traceroute Requests
ICMP_MSTRACEROUTE="off"
# Allow Unreachable Requests
ICMP_UNREACHABLE="off"
# Allow Timestamping Requests
ICMP_TIMESTAMPING="off"
# Allow Address Masking Requests
ICMP_MASKING="off"
# Allow Redirection Requests
ICMP_REDIRECTION="off"
# Allow Source Quench Requests
ICMP_SOURCE_QUENCHES="off"

# --(Broadcast Traffic)--
# Block external broadcast traffic
BLOCK_EXTERNAL_BROADCAST="on"
# Block internal broadcast traffic
BLOCK_INTERNAL_BROADCAST="off"

# --(Traffic Validation)--
# Block non-routable traffic on the public interfaces
BLOCK_NON_ROUTABLES="off"

# --(Logging)--
# System log level
LOG_LEVEL=info

=============================================================

I get the following out of "ifconfig -a"

eth0 Link encap:Ethernet HWaddr 00:80:48:31:B4:34
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::280:48ff:fe31:b434/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:1302 (1.2 KiB)
Interrupt:5 Base address:0xc400

eth1 Link encap:Ethernet HWaddr 00:0D:88:45:AA:2E
inet addr:10.10.10.46 Bcast:10.10.10.47 Mask:255.255.255.252
inet6 addr: fe80::20d:88ff:fe45:aa2e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7331 errors:0 dropped:0 overruns:0 frame:0
TX packets:7355 errors:0 dropped:0 overruns:0 carrier:0
collisions:38 txqueuelen:1000
RX bytes:4018358 (3.8 MiB) TX bytes:1003296 (979.7 KiB)
Interrupt:11 Base address:0xc800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1966 errors:0 dropped:0 overruns:0 frame:0
TX packets:1966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2832848 (2.7 MiB) TX bytes:2832848 (2.7 MiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:202.149.49.210 P-t-P:202.63.169.94 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:5834 errors:0 dropped:0 overruns:0 frame:0
TX packets:6892 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3753690 (3.5 MiB) TX bytes:823730 (804.4 KiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

============================================================

You mean there are some websites hosted on the server machine? Or do you mean that you cannot browse the web using the server?

If it is the latter then try resolving some names with nslookup. Or enable ping in firestarter and try pinging something.

Hi!

No there are no websites hosted on the server machine(gateway), what I meant was that I could not browse the Internet using the server with firestarter on...

If I have to do the "Internet sharing" from the server machine without using firestarter how do i go about it????

Have installed fedora core 3 all over again on the server machine and have given the same settings as I had mentioned earlier... I can surf the Internet from the server machine, now how do i go about sharing the internet from the server machine, so that I can access the Internet from the client machine too...

My network is working fine, I can ping to and from both the machines...

The simplest setup with iptables:

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
eth0 is the external interface here.
Edit the /proc/sys/net/ipv4/ip_forward to contain "1"

when I tried to edit the /proc/sys/net/ipv4/ip_forward to contain "1" and save the changes to the file it gives me an error saying cannot save the file...

So, how do i proceed form here..

Try "echo 1 > /proc/sys/net/ipv4/ip_forward"?

Don't you mean


"echo 1 >> /proc/sys/net/ipv4/ip_forward"

??

Make a copy of config files before editing them. Use VI if possible.

Yes, have tried "echo 1 > /proc/sys/net/ipv4/ip_forward", I get an output as "1" but I still can't access the internet from the client machine...

Hmm..
I just set this this on my FC3 machine to test and it worked flawlessly.

What is the network setup on the client machine? TCP/IP and DNS.

Do you have iptables active on the server (try "/etc/init.d/iptables restart")? Do you have any other firewall rules on the server? (What do you get out of "iptables -L" and "iptables -L -t nat")?
You could run tcpdump on the server LAN interface and see what traffic goes through when the client tries to connect..

PS
The >> syntax is no good. ip_forward has to contain exactly one byte valued ASCII "1" so we have to use > (write to file) instead of >> (append to file).

Ah, OK. I am just not in the habbit of using > incase I overwrite something, thinking I was using >>.

Hi!

The network setup on the client machine is as follows..

IP: 192.168.0.254
subnet:255.255.255.0
gateway:192.168.0.1 (IP address of the server machine)
DNS:192.168.0.1

Yes I have iptables active on my server machine.. No I have no other firewall rules on the server..

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

-----------------------------------------------------------------

[root@localhost ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

----------------------------------------------------------------------

I ran the "tcpdump" on the server, the traffic is as follows when the client tries to connect to the server..

[root@localhost ~]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:08:26.758918 IP 192.168.0.254.32855 > 202-63-164-17.broadband.isp.exatt.net.domain: 62515+ AAAA? www.gizmodo.com. (33)
17:08:29.815979 IP 192.168.0.254.32853 > 202-63-164-17.broadband.isp.exatt.net.domain: 64199+ AAAA? www.tomshardware.com. (38)
17:08:31.758518 IP 192.168.0.254.32856 > 202-63-164-18.broadband.isp.exatt.net.domain: 62515+ AAAA? www.gizmodo.com. (33)
17:08:34.815717 IP 192.168.0.254.32854 > 202-63-164-18.broadband.isp.exatt.net.domain: 64199+ AAAA? www.tomshardware.com. (38)
17:08:36.758225 IP 192.168.0.254.32855 > 202-63-164-17.broadband.isp.exatt.net.domain: 62515+ AAAA? www.gizmodo.com. (33)
17:08:39.815536 IP 192.168.0.254.32857 > 202-63-164-17.broadband.isp.exatt.net.domain: 27249+ A? www.tomshardware.com. (38)
17:08:41.779705 IP 192.168.0.254.32856 > 202-63-164-18.broadband.isp.exatt.net.domain: 62515+ AAAA? www.gizmodo.com. (33)
17:08:44.815220 IP 192.168.0.254.32858 > 202-63-164-18.broadband.isp.exatt.net.domain: 27249+ A? www.tomshardware.com. (38)
17:08:46.778776 IP 192.168.0.254.32859 > 202-63-164-17.broadband.isp.exatt.net.domain: 60049+ A? www.gizmodo.com. (33)
17:08:49.814930 IP 192.168.0.254.32857 > 202-63-164-17.broadband.isp.exatt.net.domain: 27249+ A? www.tomshardware.com. (38)
17:08:51.778457 IP 192.168.0.254.32860 > 202-63-164-18.broadband.isp.exatt.net.domain: 60049+ A? www.gizmodo.com. (33)
17:08:54.814669 IP 192.168.0.254.32858 > 202-63-164-18.broadband.isp.exatt.net.domain: 27249+ A? www.tomshardware.com. (38)
17:08:56.778171 IP 192.168.0.254.32859 > 202-63-164-17.broadband.isp.exatt.net.domain: 60049+ A? www.gizmodo.com. (33)
17:08:59.814509 IP 192.168.0.254.32861 > 202-63-164-17.broadband.isp.exatt.net.domain: 58496+ A? www.tomshardware.com. (38)
17:09:01.777908 IP 192.168.0.254.32860 > 202-63-164-18.broadband.isp.exatt.net.domain: 60049+ A? www.gizmodo.com. (33)
17:09:04.814215 IP 192.168.0.254.32862 > 202-63-164-18.broadband.isp.exatt.net.domain: 58496+ A? www.tomshardware.com. (38)
17:09:06.777789 IP 192.168.0.254.32863 > 202-63-164-17.broadband.isp.exatt.net.domain: 15901+ A? www.gizmodo.com. (33)

17 packets captured
17 packets received by filter
0 packets dropped by kernel

---------------------------------------------------------------------------------

You have set the DNS server for the client to be your FC3 machine, but you haven't set up DNS on it so you won't be able to resolve any names on the client.
It would be the easiest to tell the client machine the address of the DNS of your ISP or whatever the server is using.

How do I set up DNS on the server??? Please could u guide me???

I have tried giving DNS of the ISP on the client machine, but it doesn't work...

What DNS server is the server machine using? Look in the /etc/resolv.conf file. You are really better off not overcomplicating things.

I suppose all you need to do is install the nameserver package (if not installed already) and start the daemon (/etc/init.d/named start)