help with IP masquerading

[mindless]

I have been dualbooting between Win2k and Redhat 7 for the past few months because I didn't have connection sharing and never got around to setting it up. Ive started to set it up and I am partially successful, from my LAN I can ping my IP assigned with my dialup, but no further. I have no problems accessing the net from my Linux box so its not my connection. Here is my /etc/rc.d/rc.firewall file:

#!/bin/sh

/sbin/depmod -a

/sbin/modprobe ip_masq_ftp

echo "1" > /proc/sys/net/ipv5/ip_forward

/sbin/ipchains -M -S 7200 10 160

#RULESET
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

------EOF------

I have also used the sample at

http://linuxdocs.org/HOWTOs/IP-Masquerade-HOWTO-3.html#ss3.3

And uncommented out the line for dynamic IP connections. I had the same results with each of the rc.firewall files.

My Linux box has an IP of 192.168.0.1, the system I am trying to share it with has an IP of 192.168.0.3 and a default gateway of 192.168.0.1

Please be gentle, I am only a Linux newbie who hopes one day to be worthy of the Tux.

Thanks,
Kevin

 

[SteveMazza]

If you get IP dynamically, then you will also have to compile support for that as per IP-MASQ how-to. Basically, ensure that you have selected all the options appropriate to your kernel (version???) installed the simplest set of forwarding rules possible (looks like you have).

By the way, my rules look like this:
:input ACCEPT
:forward DENY
: output ACCEPT (damn emoticons)
-A forward -s 192.168.1.0/24 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ

Works just peachy. Again, check the kernel options in your compile.

 

[mindless]

<mindless goes and hides in a corner away from those telling him he needs to recompile the kernel>

ahh well I have to do it anyway for NTFS support

Thanks

 

[mindless]

I managed to get the sharing to work but I had to set my default forwarding policy to MASQ which the manual on linuxdocs.org says not to do. Here is my ruleset:

/sbin/ipchains -P forward MASQ
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

I am going to assume that this is a bad thing but I would like to know what I am doing wrong since I can't seem to get it working if the default is set to DENY

 

[Damaged]

ichains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ

Because that's the line you want, not what you're using. Your line missed the destination.

 

[andri]

To wrap everything up, IP masquerading in Linux can be done in three easy steps:

1) echo &quot;1&quot; > /proc/sys/net/ipv4/ip_forward
2) /sbin/ipchains -P forward DENY
3) /sbin/ipchains -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ

Replace 192.168.0.0/255.255.255.0 with what you used in your internal network.

 

[mindless]

Thanks guys, it works, but I had to change it to

ichains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0.0.0.0 -j MASQ

I am going to assume the -i tells it where to forward the packets to so they were just coming back to my network instead of going to the net. I can't get over how much I like Linux Now if only there was a decent browser for it....