LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue88/tag/4.html

425 lines
14 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<META NAME="generator" CONTENT="lgazmail v1.4G.d">
<TITLE>The Answer Gang 88: routing to internet from home . Kernel 2.4</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<!--endcut ==============================================-->
<!-- begin 4 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>routing to internet from home . Kernel 2.4</H3>
<p><strong>From Jose Avalis
</strong></p>
<p></strong></p>
<p align="right"><strong>Answered By Faber Fedor,
Jason Creighton,
Benjamin A. Okopnik,
John Karns
</strong></p>
<P><STRONG>
Hi guys and thanks in advance fro your time. I'm Joe From Toronto.
</STRONG></P>
<P><STRONG>
I have this scenario at home.
</STRONG></P>
<blockquote><code><font color="#000033"><br> 3 WS with Winxx
<br> 1 Linux redhat 7.3
<br> 1 DSL Connection (Bell / Sympatico)
</font></code></blockquote>
<P><STRONG>
I would like to use the linux machine as a router for the internal PC&gt;
Could you help me with that, please???
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
OK, I'll give it a shot. You <EM>have</EM> read and followed the advice in the
IP-Masquerade HOWTO, right? If not, it's always available at the Linux
Documentation Project &lt;<A HREF="http://www.linuxdoc.org&gt"
>http://www.linuxdoc.org&gt</A>;, or possibly on your own
system under <TT>/usr/doc/HOWTO</TT> or <TT>/usr/share/doc/HOWTO.</TT>
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
The Linux Machine has 2 NIC eth0 (10.15.1.10 | 16 ) is connected
to the internal net (hub) , while the other ETH1 (10.16.1.10 | 16) is
connected to the DSL Modem.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
You have private IPs on both interfaces. Given a DSL modem on one of
them, it would usually have an Internet-valid address, either one that
you automatically get via DHCP or a static one that you get from your
ISP (that's become unusual for non-commercial accounts.) Looks like you
have a PPPoE setup - so you're not actually going to be hooking eth0 to
eth1, but eth0 to ppp0.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
as you can see in the following text, everything is Up and run and
I can access internet from the Linux machine.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Jason]
This may see like a stupid question, but do the internal PCs have valid
internet address? (i.e., those outside the 10.*.*.*,
172.16.*.*-172.31.*.* or 192.168.*.* ranges) If they don't, you need to
do IP masquerading. This is not all that hard, I could give a quick &amp;
dirty answer as to how to do it (Or you could look at the
IP-Masquerading-HOWTO, for the long answer), but I'd like to know if
that's your situation first. Yes, I am <EM>that</EM> lazy.
<IMG SRC="../../gx/dennis/smily.gif" ALT=":-)"
height="24" width="20" align="middle">
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
ifconfig says
</STRONG></P>
<p align="center">See attached <tt><a href="../misc/tag/jose.ifconfig-before.txt">jose.ifconfig-before.txt</a></tt></p>
<p align="center">See attached <tt><a href="../misc/tag/jose.ping-before.txt">jose.ping-before.txt</a></tt></p>
<P><STRONG>
The problem is that when I try to access the internet from the
internal lan. I can't access it.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Yep, that's what it is. That MTU of 1492 is a good hint: that's the
correct setting for PPPoE, and that's your only interface with a
Net-valid IP.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [John]
The adjusted MTU for PPPoE (from the usual 1500 to 1492) is necessary, but
can cause problems with the other machines on the LAN unless they too are
adjusted for MTU.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Right - although not quite as bad as the gateway's MTU (that one can
chase its own tail forever - looks like there's no connection!)
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [John]
I've been stuck with using PPPoE for about a month now,
and have found the Roaring Penguin pkg (<A HREF="http://www.roaringpenguin.com"
>http://www.roaringpenguin.com</A>) to
work quite well, once it's configured. I seem to remember reading that it
does the MTU adjustment internally, and alleviates the headache of having
to adjust the rest of the machines on the LAN to use the PPPoE gateway
(see the ifconfig output below).
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Oh, _sweet._ I'm not sure how you'd do that "internally", but I'm no
network-programming guru, and that would save a bunch of headaches.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [John]
Especially nice if one of the LAN nodes
is a laptop that gets carried around to different LAN environments - would
be a real PITA to have to reset the MTU all the time.
</blockQuote>
<blockquote><pre># ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:40:F4:6D:AA:3F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21257 errors:0 dropped:0 overruns:0 frame:0
TX packets:14201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4568502 (4.3 Mb) TX bytes:1093173 (1.0 Mb)
Interrupt:11 Base address:0xcc00
</pre></blockquote>
<blockQuote>
Then I just tacked on the firewall <TT>/</TT> masq script I've been using right
along, with the only change being the external interface from eth0 to
ppp0. PPPoE is also a freak in that the NIC that connects to the modem
doesn't get an assigned IP.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Yep, that's what got me thinking "PPPoE" in the first place. Two
RFC-1918 addresses - huh? An MTU of 1492 for ppp0 and reasonably short
ping times to the Net - oh.
<IMG SRC="../../gx/dennis/smily.gif" ALT=":)"
height="24" width="20" align="middle">
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
all the PCs in the net have as Default gateway 10.15.1.10 (Linux
internal NIC )
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
That part is OK.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Linux's default gateway is the ppp0 adapter
</STRONG></P>
<pre><strong>[root@linuxrh root]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
64.229.190.1 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0
10.16.0.0 0.0.0.0 255.255.0.0 U 40 0 0 eth1
10.15.0.0 0.0.0.0 255.255.0.0 U 40 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 64.229.190.1 0.0.0.0 UG 40 0 0 ppp0
[root@linuxrh root]#
</strong></pre>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Yep, that's what "netstat" says. I've never done masquerading with
PPP-to-Ethernet, but it should work just fine, provided you do the
masquerading correctly.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Can you guys give me some cues of what my problem is ???
</blockQuote>
<blockQuote>
I don't have any firewall installed.
</blockQuote>
<blockQuote>
Thanks a lot.
JOE
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
That's probably the problem. Seriously - a firewall is nothing more than
a set of routing rules; in order to do masquerading, you need - guess
what? - some routing rules (as well as having it enabled in the kernel.)
Here are the steps in brief - detailed in the Masquerading HOWTO:
</blockQuote>
<blockQuote><ol>
<LI>Make sure that your kernel supports masquerading; reconfigure and
<LI>Load the "ip_masq" module if necessary.
<LI>Enable IP forwarding (ensure that /proc/sys/net/ipv4/ip_forward is
<LI>Set up the rule set (the HOWTO has good examples.)
</ol></blockQuote>
<blockQuote>
That's the whole story. If you're missing any part of it, go thou and
fix it until it cries "Lo, I surrender!" If you run into problems while
following the advice in the HOWTO, feel free to ask here.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
One thing you didn't mention doing is turning on forwarding between the
NICs; you have to tell the Linux to forward packets from one NIC to the
other. To see if it is turned on, do this:
</blockQuote>
<blockquote><pre>cat /proc/sys/net/ipv4/ip_forward
</pre></blockquote>
<blockQuote>
If it says "0", then it's not turned on. To turn it on, type
</blockQuote>
<blockquote><pre>echo "1" &gt; /proc/sys/net/ipv4/ip_forward
</pre></blockquote>
<blockQuote>
And see if your Win boxen can see the internet.
</blockQuote>
<blockQuote>
If that is your problem, once you reboot the Linux box you'll lose the
setting. There are two ways not to lose the setting. One is to put
the echo command above into your <TT>/etc/rc.local</TT> file. The second and
Approved <A HREF="http://www.redhat.com/">Red Hat</A> Way is to put the line
</blockQuote>
<blockquote><pre>net.ipv4.ip_forward = 1
</pre></blockquote>
<blockQuote>
in your <TT>/etc/sysctl.conf</TT> file. I don't have any Red Hat 7.3 boxes lying
around, so I don't know if Red Hat changed the syntax between 7.x and
8.x. One way to check is to run
</blockQuote>
<blockquote><pre>/sbin/sysctl -a | grep forward
</pre></blockquote>
<blockQuote>
and see which one looks most like what I have.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hey Faber in NJ <TT>/....</TT> thanks for your clues. In fact it was in 0, I
changed it to 1, I've restarted tehe box and it is in 1 now; but it is
still not working.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
Well, that's a start. There's no way it would have worked with it being
0!
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
First at all, m I right with this setup method? I mean using Linux
as a router only ??? or shoud I set up a masquerading and use the NAT
facility to populate all my internal addresses in Internet?
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
Whoops! Forgot that piece! Yes, you'll hve to do masquerading/NAT (I
can never keep the two distinct in my head).
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Jason]
It seems to me that you would want the DSL modem
(eth1) to be the default route to the internet, not the modem (ppp0).
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Because maybe the problem is that I'm trying to route my internal net
to the DSL net and Internet and maybe it is not a valid proc.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Faber]
Well, it can be done, that's for sure. We just have to get all the t's
dotted and the i's crossed.
<IMG SRC="../../gx/dennis/smily.gif" ALT=":-)"
height="24" width="20" align="middle">
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Jason]
IP-Masquerading. Here's the HOWTO:
</blockQuote>
<blockQuote><BLOCKQuote>
<A HREF="http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO"
>http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO</A>
</BLOCKQuote></blockQuote>
<blockQuote>
And here's a script that's supposed (I've never used it) to just be a
"fill in the blanks and go":
</blockQuote>
<blockQuote><BLOCKQuote>
<A HREF="http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html#RC.FIREWALL-2.4.X"
>http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html#RC.FIREWALL-2.4.X</A>
</BLOCKQuote></blockQuote>
<blockQuote>
Note this is in the HOWTO, it's just later on after explaining all the
gory details of NATing.
</blockQuote>
<HR width="10%" align="left"><P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hey, thanks for your mail, the thing is working now. I didn<64>t know that the
NAT functions in Linux are called Masquerading.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Yeah, that's an odd one.
</blockQuote>
<blockQuote>
Masquerading is only a specific case (one-to-many) of NAT. As an example
of other stuff that NAT can do, IBM had an ad for the Olympics a while
back (their equipment handled all the traffic for the website); they did
"many-to-many" NAT to split up the load.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Thanks again for your help, due to I'm new in Linux, it took me a while to
learn of the terminology in this platform.
</STRONG></P>
<P><STRONG>
To many NOS in may head.
</STRONG></P>
<P><STRONG>
I have averything working now, including the firewall, I had to compile
the kernel again, but it was ok.
</STRONG></P>
<P><STRONG>
C U.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
<IMG SRC="../../gx/dennis/smily.gif" ALT="&lt;grin&gt;"
height="24" width="20" align="middle"> You're welcome! Glad we could help.
</blockQuote>
<!-- end 4 -->
Reference in New Issue View Git Blame Copy Permalink