Hi, I am a little new to Linux and don't know much of it in details, so I am doing as instructed.
I have tried the same with Red Hat 9.0 and installed all the packages and everything. But it seems that the problem does not get resolved easily, as I am getting the same problem of the 1. Ipchains: Incompatible with this Kernel and 2. Ipchains: Protocol is not available I have installed the Red Hat 9 version, which I got it in the DIGIT Aug 2003 magazine. I did exactly as under. Please go through it and tell me where did I go wrong. >>Start of Message<< Shailesh, Try this. 1. Take two Ethernet cards (though u can do with one also, but for security purposes) 2. Put on eth0 your local network - lets say 192.168.1.* lets say - 192.168.1.1 (rest of your windoze cud be on 192.168.1.*) 3. Put on your eth1 for isp. Now if the isp gives permanent ip address, great, configure your eth1 for the same, if not, configure your eth1 to pick address dynamically. route add gw <yr isp gw> eth1 3.a. If your eth1 is dynamic, then you will need to execute a script that automatically runs the route add command everytime it is brought up 4. to run name server, simply install bind, bindutils, caching-name server rpms (i would strongly recommend to upgrade to rh 9.0 since the original 7.2 has security punctured bind). 5. I assume you will need to run proxy, Install all rpms of squid on the server.For access control use squidguard. 6.In addition to this, if you would want internal systems to connect directly to the net, using your linux box as gw. 6.a - to all machines on your lan make add the gateway as 192.168.1.1(ip of yr linux box) 6.b - in all your machines on your lan, make the dns as 192.168.1.1(ip of yr linux box) 6.c A simple and correct method would be to run the linux box as dhcp server (on eth0) and boot all windoze from this - so that the above config is not required on client side. 6.d. execute - echo "1" > /proc/sys/net/ipv4/ip_forward (this will allow your linux box to masq) 6.e. Now you need to add rules so that your internal users can go outside ( i am assuming u r going to use ipchains in 7.2) ipchains -F (flush) ipchains -X (remove rules) ipchains -A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ (Allow all source 192.168.1.0 to talk to any outside 0.0.0.0/0.0.0.0) You can ofcourse add more filters as you go along. Thats it - you are on. 7. If you need people from outside to come into your network (gosh! Cant be dumber than this) u will need to add rules in reverse direction. 8. Use webmin, to configure above, it will make your life so much more simpler. regards, alok sinha >>End of Messege<< -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lokesh Bhog Sent: Monday, August 18, 2003 10:15 PM To: The Linux-Delhi mailing list Subject: Re: [ilugd] NAT & DNS on 7.2 ? Try using similar commands using iptables. The error message seems to indicate that the settings in kernel are not done to support ipchains. Either. a) Use redhat linux 9.0 or 7.3 or 8.0 with iptables b) Use iptables instead of ipchains c) Recompile the kernel and use ipchains. d) It may be a problem on how you have installed linux or are giving the commands therefore, such error messages are appearing. Please share what commands you are giving. e) Use redhat linux 7.1 - I had tested these things on that version and it used to work without any problem. Lokesh ----- Original Message ----- From: "Shailesh J. Kumar" <[EMAIL PROTECTED]> To: "The Linux-Delhi mailing list" <[EMAIL PROTECTED]> Sent: Monday, August 18, 2003 7:20 AM Subject: RE: [ilugd] NAT & DNS on 7.2 ? > Hi, > > I did the needful but was unable to do so coz of the following error. > > When I flush the ipchains its giving an error "ipchains: Incompatible with this Kernel" > > And when I make an entry to the existing ipchains it gives "ipchains: Protocol is not available" > > I am using Red Hat 7.2 (Enigma) 2.4.7-10 #1 Thu Sep6 17:27:27 EDT 2001 i686 > > How do I resolve the problem? I need to setup the gateway system ASAP as there is no backup and the Main router IOS got Corrupt. > > Shailesh > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alok Sinha > Sent: Tuesday, August 12, 2003 5:35 PM > To: The Linux-Delhi mailing list > Subject: Re: [ilugd] NAT & DNS on 7.2 ? > > Shailesh, > > Try this. > > 1. Take two ethernet cards (though u can do with one also, but for > security purposes) > > 2. Put on eth0 your local network - lets say 192.168.1.* lets say - > 192.168.1.1 (rest of your windoze cud be on 192.168.1.*) > > 3. Put on your eth1 for isp. Now if the isp gives permanent ip address, > great, configure your eth1 for the same, if not, configure your eth1 to > pick address dynamically. > route add gw <yr isp gw> eth1 > > 3.a. If your eth1 is dynamic, then you will need to execute a script > that automatically runs the route add command everytime it is brought up > > > > 4. to run name server, simply install bind, bindutils, caching-name > server rpms (i would strongly recommend to upgrade to rh 9.0 since the > original 7.2 has security punctured bind). > > 5. I assume you will need to run proxy > Install all rpms of squid on the server.For access control use > squidguard. > > 6.In addition to this, if you would want internal systems to connect > directly to the net, using your linux box as gw. > 6.a - to all machines on your lan make add the gateway as 192.168.1.1 > (ip of yr linux box) > 6.b - in all your machines on your lan, make the dns as 192.168.1.1 > (ip of yr linux box) > 6.c A simple and correct method would be to run the linux box as dhcp > server (on eth0) and boot all windoze from this - so that the above > config is not required on client side. > 6.d. execute > echo "1" > /proc/sys/net/ipv4/ip_forward (this will allow your > linux box to masq) > 6.e. Now you need to add rules so that your internal users can go > outside ( i am assuming u r going to use ipchains in 7.2) > ipchains -F (flush) > ipchains -X (remove rules) > ipchains -A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j > MASQ (Allow all source 192.168.1.0 to talk to any outside > 0.0.0.0/0.0.0.0) > You can ofcourse add more filters as you go along. > > Thats it - you are on. > > 7. If you need people from outside to come into your network (gosh! cant > be dumber than this) u will need to add rules in reverse direction. > > 8. Use webmin, to configure above, it will make your life so much more > simpler. > > > regards, > alok sinha > > Naresh Narang wrote: > > > O reilly's book "TCP/IP Network administration" by > > Craig Hunt is a good book to start with. > > > > Regards > > --Naresh > > > > --- "Shailesh J. Kumar" <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > I have installed Linux 7.2 on a machine, which has > > > two LAN Cards. > > > > > > One LAN Card has a Live IP given by our ISP. The > > > Other LAN Card has a Local > > > IP, which is the Gateway IP of my organization. > > > > > > I want to Setup this system to act as the Gateway of > > > the whole organization. > > > For it to act as a gateway NAT has to be configured. > > > > > > 1) How do I configure NAT on the system, for it act > > > as a Gateway of all the > > > machines on different Platforms e.g. Win95, Win98, > > > Win2k, WinXP (User > > > Machines). > > > 2) How can I also configure this system to act as a > > > DNS Server of the whole > > > organization, replicating my ISPs DNS? > > > 3) Also can it be configured to keep a DNS Cache for > > > faster performance and > > > speed? > > > > > > I would be gr8ful if anyone could help me out by > > > providing me some > > > documentation or links to the above. > > > > > > Regards > > > > > > Shailesh > > > > > > > > > _______________________________________________ > > > ilugd mailing list > > > [EMAIL PROTECTED] > > > http://frodo.hserus.net/mailman/listinfo/ilugd > > > > ===== > > -- Naresh > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site design software > > http://sitebuilder.yahoo.com > > > > _______________________________________________ > > ilugd mailing list > > [EMAIL PROTECTED] > > http://frodo.hserus.net/mailman/listinfo/ilugd > > > _______________________________________________ > ilugd mailing list > [EMAIL PROTECTED] > http://frodo.hserus.net/mailman/listinfo/ilugd > > > > _______________________________________________ > ilugd mailing list > [EMAIL PROTECTED] > http://frodo.hserus.net/mailman/listinfo/ilugd __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
