> -----Original Message-----
> From: Ben Ocean [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 20, 2001 3:25 PM
> To: [EMAIL PROTECTED]
> Subject: Networking: The Saga, The Sequel
>
>
> Hello yet again;
Hello...
>
> OUTLINING THE PROBLEM
>
> I am currently able to ping from the Doze box to the RH box. I cannot
> resolve anything else on the Doze box. I can surf the
> Internet, etc. from
> the RH box.
>
Can you ping an outside IP address from the win box? i.e. ping the
206.40.133.20
address you have below.
> IP: 192.168.1.2 IP: 192.168.1.1 ???
> IP: either dsl.cnw.net; cnw.net;
> 206.40.133.20; 206.129.112.21
> Gate: 192.168.1.1 Gate: 192.168.1.1 ???
> ???
> Subn: 255.255.255.0 Subn: 255.255.255.0 ???
> ???
The gateway on the RH7.1 box should be set to the gateway that the DSL
provider gave you. Also, make sure that the RH7.1 box is configured to
allow packet forwarding, by doing the following: echo 1 >
/proc/sys/net/ipv4/ip_forward
>
>
> CONFIGURATION ON THE DOZE BOX
>
> Control Panel >> Networking >> Configuration >> TCP/IP 3Com Ethernet
> blah-blah (double-click)
> IP Address >> Specify an IP address >>
> IP Address 192.168.1.2
> Subnet Mask 255.255.255.0
> DNS Configuration >> Gateway >> Name Servers >> Add
> 192.168.1.1
> 206.40.133.20
> 206.129.112.21
>
Try removing the 192.168.1.1 address from you DNS configuration. You don't
need this, unless you are going to run your own DNS. For trouble-shooting
sakes, remove it and try pinging an outside address.
>
> CONFIGURATION ON THE RH BOX
>
> ifconfig -a
>
> eth0 Link endcap:Ethernet HWaddr 00:04:75:71:2B:3D
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:19 error:0 dropped:0 overruns:0 frame:0
> TX packets:0 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:100
> Interrupt:11 Base address:0x2400
>
> eth1 Link endcap:Ethernet HWaddr 00:40:D0:0C:B2:22
> inet addr:216.9.0.125 Bcast:216.9.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:16 error:0 dropped:0 overruns:0 frame:0
> TX packets:21 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:100
> Interrupt:10 Base address:0x2000
>
> lo Link endcap:Local Loopback
> indet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:6 error:0 dropped:0 overruns:0 frame:0
> TX packets:6 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:0
>
Looks fine...
>
> vi /etc/sysconfig/network-scripts/ifcfg-eth0
>
> DEVICE=eth0
> BOOTPROTO=static
> BROADCAST=192.168.1.255
> IPADDR=192.168.1.1
> NETMASK=255.255.225.0
> NETWORK=192.168.1.0
> ONBOOT=yes
Looks fine...
>
>
> vi /etc/sysconfig/network-scripts/ifcfg-eth1
>
> DEVICE=eth1
> BOOTPROTO=dhcp
> ONBOOT=yes
OK...
>
> vi /etc/named.conf
>
> options {
> forwarders {
> 206.40.133.20
> 206.129.112.21
> };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
> key "key" {
> algorithm hmac-md5;
> secret "stuff-I-shouldn't-repeat";
> };
OK...I think, but don't worry about this yet.
>
>
> vi /etc/dhcpd.conf
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> range 192.168.1.2 192.168.1.60;
> default-lease-time 86400;
> max-lease-time 86400;
> option routers 192.168.1.1;
> option broadcast-address 192.168.1.255;
> option subnet-mask 255.255.255.0;
> option domain-name-servers 192.168.1.1, 206.40.133.20,
> 206.129.112.21;
I would remove the 192.168.1.1 address here for now. Get the networking and
then your DNS.
>
>
> vi /etc/resolv.conf
>
> search dsl.cnw.net cnw.net
> nameserver 206.40.133.20
> nameserver 206.129.112.21
>
>
> CONFIGURING MASQUERADING
>
> vi /etc/rc.d/rc.masq
>
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.1.2/24 -j MASQ
> ## I do have other IPchains installed...
I am assuming that the rest of your IP chains rule are setup correctly. The
MASQ option looks right.
>
> chmod 700 /etc/rc.d/rc.masq
>
> vi /etc/sysconfig/network
>
> NETWORKING=yes
> HOSTNAME=localhost.localdomain
> FORWARD_IPV=true
>
> vi /etc/rc.d/rc.local
>
> (at the end of the file...)
> /etc/rc.d/rc.masq
>
>
> PROBLEMS
>
> ipfwadm -F -f
> Chains are empty (ie. ipfwadm has not been used on them).
> ## Is this even a problem? I don't need IPchains AND IPtables
> AND IPfwadm,
> just any one of those, correct?
You can only use 1. I would chose IPchains for now, but plan to move to
IPtables
eventually. ipchains -L should list the rules.
>
> modprobe ipt_MASQUERADE
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o:
> init_module:
> Device or resource busy
> Hint: insmod errors can be caused by incorrect module
> parameters, including
> invalid IO or IRQ parameters
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> ipt_MASQUERADE failed
>
> iptables -t nat -L
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o:
> init_module:
> Device or resource busy
> Hint: insmod errors can be caused by incorrect module
> parameters, including
> invalid IO or IRQ parameters
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> ip_tables.o failed
> iptables v1.2.1a: can't initialize iptables table 'nat':
> iptables who? (do
> you need to initialize insmod?)
> Perhaps iptables or your kernel needs to be upgraded
>
Don't use until you get ipchains working. One or the other, not both.
> /usr/sbin/ndc start
> bash: /usr/sbin/ndc start: No such file or directory
> ## This, in fact, may be the WHOLE PROBLEM...?
I do not believe that your internal DNS is working.
Finally, another help reference that you may or may not have seen.
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworkGateway.html
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
