Help w/iptables & masquerade, I looked everywhere

I have looked at lots of how to's and I think I am very close to getting my
linux box to actually route traffic. This is what I have..

Redhat 9
I have DHCP working (can get an address on my WinXP laptop)
I have dnsmasq for DNS server/caching and it seems to work

I need to get NAT working, so I have tried the following w/iptables..
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

I have two eth cards and eth0 is connected to my router and I have Internet
access on the Linux box. Eth1 authmatically assigns IPs to my XP laptop.
DNS seems to work as when I try to connect to www.google.ca I can see that
it resolves the name. Problem is I can't actually access or ping the
Internet from my laptop.

Can anyone help? Do I need to do a route command?

Hi,
Just use http://firewall-jay.sf.net ( its a wonderful all in one
open source product NAT/Firewall ,DMZ etc ) Very easy to setup and
menu based .

Iam using that ( almost 13 months)
if you have config questions just ask me :)

Grant (remove spam.bad.) wrote:
> I have looked at lots of how to's and I think I am very close to
getting my
> linux box to actually route traffic. This is what I have..
>
> Redhat 9
> I have DHCP working (can get an address on my WinXP laptop)
> I have dnsmasq for DNS server/caching and it seems to work
>
> I need to get NAT working, so I have tried the following w/iptables..
> iptables --flush
> iptables --table nat --flush
> iptables --delete-chain
> iptables --table nat --delete-chain
> iptables --table nat --append POSTROUTING --out-interface eth0 -j
MASQUERADE
> iptables --append FORWARD --in-interface eth1 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> I have two eth cards and eth0 is connected to my router and I have
Internet
> access on the Linux box. Eth1 authmatically assigns IPs to my XP
laptop.
> DNS seems to work as when I try to connect to www.google.ca I can see
that
> it resolves the name. Problem is I can't actually access or ping the
> Internet from my laptop.
>
> Can anyone help? Do I need to do a route command?

On Linux/RH9 command line/terminal:
$ route -n
$ ifconfig -a

On XP command line run:
[prompt] ipconfig /all

Linux needs static net/host route to XP interface/IP (eth1)
$ man route

XP needs the Linux box interface IP as its default route/GW
[prompt] ??? can't remember just now which gui tool/dialog

XP:
ping localhost
ping RH9 eth1 IP
ping RH9 by name
ping dns server IP (local?)
ping RH9's ISP gateway directly
ping ISP's dns server directly

If all is OK, enjoy.

If not, remove firewall on RH9 _and_ XP temporarily (and disconnect
from ISP till you're ready to ping that connection). You must confirm
IP connectivity before futzing with the RH9/XP firewalls.

Once you establish connectivity, put XP's firewall in place -- note
that the SP2 update just out finally provides XP with an "acceptable"
host firewall. Use it! Or use ZoneAlarm.

Haven't bothered to look at your iptables rules -- no use till you
confirm connectivity.

All we need really is the output of:
[root]# iptables -L -v

Offhand, the script above, if that's all there is to it, looks shakey.
hth,
prg
email above disabled

I had firestarter installed and I see that it is loading on boot. Do I have
to remove this 1st? How would I uninstall it?


"Ravi kumar.G" <ravi@hyd.4bigravi.com> wrote in message
news:1107277019.805686.259150@f14g2000cwb.googlegr oups.com...
> Hi,
> Just use http://firewall-jay.sf.net ( its a wonderful all in one
> open source product NAT/Firewall ,DMZ etc ) Very easy to setup and
> menu based .
>
> Iam using that ( almost 13 months)
> if you have config questions just ask me :)
>

Oh, never mind I just learned how to uninstall an rpm. So now I will give
Jay's Iptables a try.


"Grant (remove spam.bad.)" <trueg@spam.bad.shaw.ca> wrote in message
news:0jaMd.253590$6l.6324@pd7tw2no...
> I had firestarter installed and I see that it is loading on boot. Do I
have
> to remove this 1st? How would I uninstall it?
>
>
> "Ravi kumar.G" <ravi@hyd.4bigravi.com> wrote in message
> news:1107277019.805686.259150@f14g2000cwb.googlegr oups.com...
> > Hi,
> > Just use http://firewall-jay.sf.net ( its a wonderful all in one
> > open source product NAT/Firewall ,DMZ etc ) Very easy to setup and
> > menu based .
> >
> > Iam using that ( almost 13 months)
> > if you have config questions just ask me :)
> >
>
>

Sorry, but I didn't quite catch all of that. I have connectivity as I can
ping www.google.ca from eth0. If I ping from eth1 I get name resolution,
but "Desination Host Unreachable". Here is my route table....

192.168.2.0 0.0.0.0 255.255.255.0 U eth0
192.168.1.0 0.0.0.0 255.255.255.0 U eth1
169.254.0.0 0.0.0.0 255.255.0.0 U eth1
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 192.168.2.1 0.0.0.0 UG eth0

I'm not worried about the workstations yet as I can't even ping from eth1
yet.

"prg" <rdgentry1@cablelynx.com> wrote in message
news:1107280653.761287.99330@c13g2000cwb.googlegro ups.com...
>
> Grant (remove spam.bad.) wrote:
> > I have looked at lots of how to's and I think I am very close to
> getting my
> > linux box to actually route traffic. This is what I have..
> >
> > Redhat 9
> > I have DHCP working (can get an address on my WinXP laptop)
> > I have dnsmasq for DNS server/caching and it seems to work
> >
> > I need to get NAT working, so I have tried the following w/iptables..
> > iptables --flush
> > iptables --table nat --flush
> > iptables --delete-chain
> > iptables --table nat --delete-chain
> > iptables --table nat --append POSTROUTING --out-interface eth0 -j
> MASQUERADE
> > iptables --append FORWARD --in-interface eth1 -j ACCEPT
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > I have two eth cards and eth0 is connected to my router and I have
> Internet
> > access on the Linux box. Eth1 authmatically assigns IPs to my XP
> laptop.
> > DNS seems to work as when I try to connect to www.google.ca I can see
> that
> > it resolves the name. Problem is I can't actually access or ping the
> > Internet from my laptop.
> >
> > Can anyone help? Do I need to do a route command?
>
> On Linux/RH9 command line/terminal:
> $ route -n
> $ ifconfig -a
>
> On XP command line run:
> [prompt] ipconfig /all
>
> Linux needs static net/host route to XP interface/IP (eth1)
> $ man route
>
> XP needs the Linux box interface IP as its default route/GW
> [prompt] ??? can't remember just now which gui tool/dialog
>
> XP:
> ping localhost
> ping RH9 eth1 IP
> ping RH9 by name
> ping dns server IP (local?)
> ping RH9's ISP gateway directly
> ping ISP's dns server directly
>
> If all is OK, enjoy.
>
> If not, remove firewall on RH9 _and_ XP temporarily (and disconnect
> from ISP till you're ready to ping that connection). You must confirm
> IP connectivity before futzing with the RH9/XP firewalls.
>
> Once you establish connectivity, put XP's firewall in place -- note
> that the SP2 update just out finally provides XP with an "acceptable"
> host firewall. Use it! Or use ZoneAlarm.
>
> Haven't bothered to look at your iptables rules -- no use till you
> confirm connectivity.
>
> All we need really is the output of:
> [root]# iptables -L -v
>
> Offhand, the script above, if that's all there is to it, looks shakey.
> hth,
> prg
> email above disabled
>

After I install Jay's FW set it up and start it up I loose all Internet
connectivity. for example, prior to fw-jay start I can ping from eth0 w/no
problem and I can ping from eth1 and at least get name resolusion but after
I turn on the firewall I loose all name resolution and I can no longer even
ping my router from eth0.


"Grant (remove spam.bad.)" <trueg@spam.bad.shaw.ca> wrote in message
news:b8dMd.254799$6l.202249@pd7tw2no...
> Oh, never mind I just learned how to uninstall an rpm. So now I will give
> Jay's Iptables a try.
>
>
> "Grant (remove spam.bad.)" <trueg@spam.bad.shaw.ca> wrote in message
> news:0jaMd.253590$6l.6324@pd7tw2no...
> > I had firestarter installed and I see that it is loading on boot. Do I
> have
> > to remove this 1st? How would I uninstall it?
> >
> >
> > "Ravi kumar.G" <ravi@hyd.4bigravi.com> wrote in message
> > news:1107277019.805686.259150@f14g2000cwb.googlegr oups.com...
> > > Hi,
> > > Just use http://firewall-jay.sf.net ( its a wonderful all in one
> > > open source product NAT/Firewall ,DMZ etc ) Very easy to setup and
> > > menu based .
> > >
> > > Iam using that ( almost 13 months)
> > > if you have config questions just ask me :)
> > >
> >
> >
>
>

Never mind, it ended up begin the wireless bridge I was using. I
plugged in my laptop directly and it worked perfectly. Thank you for the
help.

"Grant (remove spam.bad.)" <trueg@spam.bad.shaw.ca> wrote in message
news:eZdMd.255023$6l.122551@pd7tw2no...
> Sorry, but I didn't quite catch all of that. I have connectivity as I can
> ping www.google.ca from eth0. If I ping from eth1 I get name resolution,
> but "Desination Host Unreachable". Here is my route table....
>
> 192.168.2.0 0.0.0.0 255.255.255.0 U eth0
> 192.168.1.0 0.0.0.0 255.255.255.0 U eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U lo
> 0.0.0.0 192.168.2.1 0.0.0.0 UG eth0
>
> I'm not worried about the workstations yet as I can't even ping from eth1
> yet.
>
> "prg" <rdgentry1@cablelynx.com> wrote in message
> news:1107280653.761287.99330@c13g2000cwb.googlegro ups.com...
> >
> > Grant (remove spam.bad.) wrote:
> > > I have looked at lots of how to's and I think I am very close to
> > getting my
> > > linux box to actually route traffic. This is what I have..
> > >
> > > Redhat 9
> > > I have DHCP working (can get an address on my WinXP laptop)
> > > I have dnsmasq for DNS server/caching and it seems to work
> > >
> > > I need to get NAT working, so I have tried the following w/iptables..
> > > iptables --flush
> > > iptables --table nat --flush
> > > iptables --delete-chain
> > > iptables --table nat --delete-chain
> > > iptables --table nat --append POSTROUTING --out-interface eth0 -j
> > MASQUERADE
> > > iptables --append FORWARD --in-interface eth1 -j ACCEPT
> > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > >
> > > I have two eth cards and eth0 is connected to my router and I have
> > Internet
> > > access on the Linux box. Eth1 authmatically assigns IPs to my XP
> > laptop.
> > > DNS seems to work as when I try to connect to www.google.ca I can see
> > that
> > > it resolves the name. Problem is I can't actually access or ping the
> > > Internet from my laptop.
> > >
> > > Can anyone help? Do I need to do a route command?
> >
> > On Linux/RH9 command line/terminal:
> > $ route -n
> > $ ifconfig -a
> >
> > On XP command line run:
> > [prompt] ipconfig /all
> >
> > Linux needs static net/host route to XP interface/IP (eth1)
> > $ man route
> >
> > XP needs the Linux box interface IP as its default route/GW
> > [prompt] ??? can't remember just now which gui tool/dialog
> >
> > XP:
> > ping localhost
> > ping RH9 eth1 IP
> > ping RH9 by name
> > ping dns server IP (local?)
> > ping RH9's ISP gateway directly
> > ping ISP's dns server directly
> >
> > If all is OK, enjoy.
> >
> > If not, remove firewall on RH9 _and_ XP temporarily (and disconnect
> > from ISP till you're ready to ping that connection). You must confirm
> > IP connectivity before futzing with the RH9/XP firewalls.
> >
> > Once you establish connectivity, put XP's firewall in place -- note
> > that the SP2 update just out finally provides XP with an "acceptable"
> > host firewall. Use it! Or use ZoneAlarm.
> >
> > Haven't bothered to look at your iptables rules -- no use till you
> > confirm connectivity.
> >
> > All we need really is the output of:
> > [root]# iptables -L -v
> >
> > Offhand, the script above, if that's all there is to it, looks shakey.
> > hth,
> > prg
> > email above disabled
> >
>
>