Re: [newbie] Problem with sharing ADSL on mdk 10
Derek Jennings wrote: On Friday 05 Mar 2004 22:45, Klemens Arro wrote: SNIP Thanks, but it didn't help, shorewall started but I still can't share my ADSL. As for the question, no I didn't put it there, Mandrake Controll Center internet connection sharing tool put it there. Here is /etc/shorewall/interfaces: #ZONEINTERFACE BROADCAST OPTIONS net ppp+detect loc eth0detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/zones: #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/policy: # THE FOLLOWING POLICY MUST BE LAST # loc net ACCEPT fw net ACCEPT net all DROPinfo all all REJECT info #LAST LINE -- DO NOT REMOVE /etc/shorewall/rules: # PORTPORT(S) DEST LIMIT Nothing to do with your Internet sharing but you should remove these 2 lines ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 137,138,139 - If these lines are present, and you are running Samba (Windows networking), then anyone on the internet could access your Samba file shares. ACCEPT loc fw udp 137,138,139 - Again nothing to do with your problem, but if you want to add any other features to your Linux box you should open up the appropriate port here. Ports you might like to open are :- 22 - ssh service 631 - CUPS print server 1 - Webmin configuration ACCEPT loc fw tcp 137,138,139 - This line has nothing to do with Internet sharing. I do not know how it got in, but I suggest you remove it. REDIRECTloc 3128tcp www - ACCEPT fw net tcp www #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq: You only need one of these lines. The other can be removed. ppp+192.168.0.0/255.255.255.0 ppp+192.168.0.0/255.255.255.0 I assume your internal ethernet is on the 192.168.0.0 subnet? None of the comments I have made above would stop shorewall from working, and you say that shorewall now starts, so it looks as if Internet sharing is actually working. Your problem may be that you have not configured the Windows clients correctly. If you have not started a DHCP server on the Linux box (to allocate IP addresses to the Windows machines), then you should be using static addressing on the Windows clients. (IP addresses manually configured) You should also configure the Windows clients to use the Linux box as the Default Gateway, and you should enter the IP addresses of your ISPs DNS servers in the DNS configuration of your Windows clients. BTW: By default shorewall inhibits 'ping' so do not be surprised if you cannot ping the Linux box from your Windows clients. HTH derek Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). Actually whole MCC firewall and internet connecting is weird: first button Internet connection is always empty, even if i fill there something and I click ok, next time it is empty again. second button manage connection don't show my Internet access (ppp+). third, always after changing firewall rules it asks me my Internet connection (there is written, if adsl, put ppp+) but there is list only (i can't change it) and no ppp+, only eth0 and eth1 (so I have used always eth0, this is connected to ADSL modem). (Sorry about my bad English skills ;)) -- Klemens Arro My software never has bugs; it just develops random features. Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
i know this is not the solution you are after but get yourself a router (in my case a speedtouch 510 - 4 port - NOT usb) share connection with the router. dump shorewall the end On Sunday 07 Mar 2004 H:02, Klemens Arro wrote: Derek Jennings wrote: On Friday 05 Mar 2004 22:45, Klemens Arro wrote: SNIP Thanks, but it didn't help, shorewall started but I still can't share my ADSL. As for the question, no I didn't put it there, Mandrake Controll Center internet connection sharing tool put it there. Here is /etc/shorewall/interfaces: #ZONEINTERFACE BROADCAST OPTIONS net ppp+detect loc eth0detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/zones: #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/policy: # THE FOLLOWING POLICY MUST BE LAST # loc net ACCEPT fw net ACCEPT net all DROPinfo all all REJECT info #LAST LINE -- DO NOT REMOVE /etc/shorewall/rules: # PORTPORT(S) DEST LIMIT Nothing to do with your Internet sharing but you should remove these 2 lines ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 137,138,139 - If these lines are present, and you are running Samba (Windows networking), then anyone on the internet could access your Samba file shares. ACCEPT loc fw udp 137,138,139 - Again nothing to do with your problem, but if you want to add any other features to your Linux box you should open up the appropriate port here. Ports you might like to open are :- 22 - ssh service 631 - CUPS print server 1 - Webmin configuration ACCEPT loc fw tcp 137,138,139 - This line has nothing to do with Internet sharing. I do not know how it got in, but I suggest you remove it. REDIRECTloc 3128tcp www - ACCEPT fw net tcp www #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq: You only need one of these lines. The other can be removed. ppp+192.168.0.0/255.255.255.0 ppp+192.168.0.0/255.255.255.0 I assume your internal ethernet is on the 192.168.0.0 subnet? None of the comments I have made above would stop shorewall from working, and you say that shorewall now starts, so it looks as if Internet sharing is actually working. Your problem may be that you have not configured the Windows clients correctly. If you have not started a DHCP server on the Linux box (to allocate IP addresses to the Windows machines), then you should be using static addressing on the Windows clients. (IP addresses manually configured) You should also configure the Windows clients to use the Linux box as the Default Gateway, and you should enter the IP addresses of your ISPs DNS servers in the DNS configuration of your Windows clients. BTW: By default shorewall inhibits 'ping' so do not be surprised if you cannot ping the Linux box from your Windows clients. HTH derek Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). Actually whole MCC firewall and internet connecting is weird: first button Internet connection is always empty, even if i fill there something and I click ok, next time it is empty again. second button manage connection don't show my Internet access (ppp+). third, always after changing firewall rules it asks me my Internet connection (there is written, if adsl, put ppp+) but there is list only (i can't change it) and no ppp+, only eth0 and eth1 (so I have used always eth0, this is connected to ADSL modem). (Sorry about my bad English skills ;)) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
On Sunday 07 Mar 2004 10:02, Klemens Arro wrote: SNIP REDIRECTloc 3128tcp www - Did you remove this line Klemens? Because that line definitely *will* interfere with browsing. It intercepts all requests on port 80 and hands them to a Squid proxy server. (Don't forget to restart shorewall after any change) Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). Actually whole MCC firewall and internet connecting is weird: first button Internet connection is always empty, even if i fill there something and I click ok, next time it is empty again. second button manage connection don't show my Internet access (ppp+). third, always after changing firewall rules it asks me my Internet connection (there is written, if adsl, put ppp+) but there is list only (i can't change it) and no ppp+, only eth0 and eth1 (so I have used always eth0, this is connected to ADSL modem). The shorewall configuration GUI in Mandrake sucks. That is why so many people dislike shorewall. You are much better off configuring shorewall directly in the text files. (Or using the webmin module) Flash of inspiration!! -- Rereading the above paragraph gives me an idea. You are using ppp over ethernet yes? Here in the UK we use ppp over atm so I have no personal experience with pppoe, but my understanding is that a ppp connection is made, and then an ethernet connection runs over the top of that, and you make your connection to the ethernet. Yes? In that case your /etc/shorewall/interfaces file should show eth0 as 'net' and eth1 as 'loc' , and your masq file should reference eth0. Perhaps someone who uses pppoe could comment on that. (Sorry about my bad English skills ;)) Your English is just fine. (Where is domain .ee ? ) derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
SNIP Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). I had a problem similar to this when I tried to configure my system. And it was because the silly wizard installs tmdns (?) even though you have bind installed. The result being tmdns takes over and bind never gets to do its job. -- Troy T. Hall Registered Linux User #342150 Mandrake Club Member Abilene, KS. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
Derek Jennings wrote: On Sunday 07 Mar 2004 10:02, Klemens Arro wrote: SNIP REDIRECTloc 3128tcp www - Did you remove this line Klemens? Because that line definitely *will* interfere with browsing. It intercepts all requests on port 80 and hands them to a Squid proxy server. (Don't forget to restart shorewall after any change) Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). Actually whole MCC firewall and internet connecting is weird: first button Internet connection is always empty, even if i fill there something and I click ok, next time it is empty again. second button manage connection don't show my Internet access (ppp+). third, always after changing firewall rules it asks me my Internet connection (there is written, if adsl, put ppp+) but there is list only (i can't change it) and no ppp+, only eth0 and eth1 (so I have used always eth0, this is connected to ADSL modem). The shorewall configuration GUI in Mandrake sucks. That is why so many people dislike shorewall. You are much better off configuring shorewall directly in the text files. (Or using the webmin module) Flash of inspiration!! -- Rereading the above paragraph gives me an idea. You are using ppp over ethernet yes? Here in the UK we use ppp over atm so I have no personal experience with pppoe, but my understanding is that a ppp connection is made, and then an ethernet connection runs over the top of that, and you make your connection to the ethernet. Yes? In that case your /etc/shorewall/interfaces file should show eth0 as 'net' and eth1 as 'loc' , and your masq file should reference eth0. Perhaps someone who uses pppoe could comment on that. (Sorry about my bad English skills ;)) Your English is just fine. (Where is domain .ee ? ) derek Thanks a lot, but I didn't get it to work. I didn't have time to wait, so I installed Mandrake 9.2 back :( When I have more time I'll tray again. And domain .ee is from Estonia (south from Finland, very small country) -- Klemens Arro My software never has bugs; it just develops random features. Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
Troy Thomas Hall wrote: SNIP Yes, my internal ethernet subnet is 192.168.0.0. I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box. And dhcpd daemon is running and is configured (with DHCP configuration wizard). I liked to get it work like mdk 9.x had (DHCP auto configuring windows). I had a problem similar to this when I tried to configure my system. And it was because the silly wizard installs tmdns (?) even though you have bind installed. The result being tmdns takes over and bind never gets to do its job. Thanks a lot, but I already installed Mandrake 9.2 back, I didn't have time :( When I have more time I'll tray again. -- Klemens Arro My software never has bugs; it just develops random features. Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Problem with sharing ADSL on mdk 10
On Friday 05 Mar 2004 22:45, Klemens Arro wrote: SNIP Thanks, but it didn't help, shorewall started but I still can't share my ADSL. As for the question, no I didn't put it there, Mandrake Controll Center internet connection sharing tool put it there. Here is /etc/shorewall/interfaces: #ZONEINTERFACE BROADCAST OPTIONS net ppp+detect loc eth0detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/zones: #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/policy: # THE FOLLOWING POLICY MUST BE LAST # loc net ACCEPT fw net ACCEPT net all DROPinfo all all REJECT info #LAST LINE -- DO NOT REMOVE /etc/shorewall/rules: # PORTPORT(S) DEST LIMIT Nothing to do with your Internet sharing but you should remove these 2 lines ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 137,138,139 - If these lines are present, and you are running Samba (Windows networking), then anyone on the internet could access your Samba file shares. ACCEPT loc fw udp 137,138,139 - Again nothing to do with your problem, but if you want to add any other features to your Linux box you should open up the appropriate port here. Ports you might like to open are :- 22 - ssh service 631 - CUPS print server 1 - Webmin configuration ACCEPT loc fw tcp 137,138,139 - This line has nothing to do with Internet sharing. I do not know how it got in, but I suggest you remove it. REDIRECTloc 3128tcp www - ACCEPT fw net tcp www #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq: You only need one of these lines. The other can be removed. ppp+192.168.0.0/255.255.255.0 ppp+192.168.0.0/255.255.255.0 I assume your internal ethernet is on the 192.168.0.0 subnet? None of the comments I have made above would stop shorewall from working, and you say that shorewall now starts, so it looks as if Internet sharing is actually working. Your problem may be that you have not configured the Windows clients correctly. If you have not started a DHCP server on the Linux box (to allocate IP addresses to the Windows machines), then you should be using static addressing on the Windows clients. (IP addresses manually configured) You should also configure the Windows clients to use the Linux box as the Default Gateway, and you should enter the IP addresses of your ISPs DNS servers in the DNS configuration of your Windows clients. BTW: By default shorewall inhibits 'ping' so do not be surprised if you cannot ping the Linux box from your Windows clients. HTH derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
