| 1 |
Daniel Pielmeier wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> I have a similar problem like Dale in this thread [gentoo-user] Need |
| 5 |
> help networking two machines, but i think it is not exactly the same. |
| 6 |
> |
| 7 |
> I was trying to set up a home router following the |
| 8 |
> gentoo-home-router-guide |
| 9 |
> http://www.gentoo.org/doc/de/home-router-howto.xml |
| 10 |
> with shorewall as firewall following the two-interfaces-guide |
| 11 |
> http://www.shorewall.net/two-interface.htm. |
| 12 |
> |
| 13 |
> I can connect from the router to the internet. |
| 14 |
> I can log in from the router to the desktop per ssh and back. |
| 15 |
> I have set up an rsync on the router and rsync works from the desktop. |
| 16 |
> I have set up dnsmasq on the server and dns is working on the desktop. |
| 17 |
> I can ping between router and desktop and from the router to the internet |
| 18 |
> |
| 19 |
> I have set up an ntp on the router but ntp from the desktop gives me. |
| 20 |
> 14 Jan 20:25:53 ntpdate[31522]: no server suitable for synchronization |
| 21 |
> found |
| 22 |
> |
| 23 |
> I can't ping from the desktop to the internet. |
| 24 |
> ping www.gentoo.org |
| 25 |
> PING www.gentoo.org (38.99.64.202) 56(84) bytes of data. |
| 26 |
> |
| 27 |
> --- www.gentoo.org ping statistics --- |
| 28 |
> 13 packets transmitted, 0 received, 100% packet loss, time 11999ms |
| 29 |
> |
| 30 |
> As you can see the address is resolved but i get 100% packet loss. |
| 31 |
> Until now i have spent much time on this issues, so i hope to solve |
| 32 |
> these problems with your help. |
| 33 |
> I have added the configurations which may help you to discover my |
| 34 |
> problem below. First the router configuration and then the desktop |
| 35 |
> configuration. |
| 36 |
> I hope i did not forget anything as it is very much, but if anything |
| 37 |
> you need is missing please ask for it. |
| 38 |
> |
| 39 |
> Thanks Daniel |
| 40 |
> |
| 41 |
> |
| 42 |
|
| 43 |
Hi, |
| 44 |
|
| 45 |
I used this script a long time ago. It worked until iptables got |
| 46 |
changed. It still worked but it gave a few errors. Maybe some guru can |
| 47 |
look at this and update it for us both. Then maybe I can get someone to |
| 48 |
upgrade the script on the site. I had to edit the very first bit about |
| 49 |
which interface is what. Here it is: |
| 50 |
|
| 51 |
> #!/bin/bash |
| 52 |
> IPTABLES='/sbin/iptables' |
| 53 |
> # Set interface values |
| 54 |
> EXTIF='ppp0' |
| 55 |
> #INTIF0='eth0' |
| 56 |
> INTIF1='eth0' |
| 57 |
> INTIF2='eth1' |
| 58 |
> INTIF3='eth2' |
| 59 |
> |
| 60 |
> # enable ip forwarding in the kernel |
| 61 |
> /bin/echo 1 > /proc/sys/net/ipv4/ip_forward |
| 62 |
> # flush rules and delete chains |
| 63 |
> $IPTABLES -F |
| 64 |
> $IPTABLES -X |
| 65 |
> # enable masquerading to allow LAN internet access |
| 66 |
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE |
| 67 |
> # forward LAN traffic from $INTIF1 to Internet interface $EXTIF |
| 68 |
> $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state |
| 69 |
> NEW,ESTABLISHED -j ACCEPT |
| 70 |
> # forward LAN traffic from $INTIF2 to Internet interface $EXTIF |
| 71 |
> $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state |
| 72 |
> #NEW,ESTABLISHED -j ACCEPT |
| 73 |
> #echo -e " - Allowing access to the SSH server" |
| 74 |
> $IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT |
| 75 |
> #echo -e " - Allowing access to the HTTP server" |
| 76 |
> $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT |
| 77 |
> # block out all other Internet access on $EXTIF |
| 78 |
> $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP |
| 79 |
> $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP |
| 80 |
> |
| 81 |
|
| 82 |
OK. Now some guru help us out here. LOL I got to redo my install on |
| 83 |
my second machine. I rebooted it and it is in awful shape. I think |
| 84 |
something is wrong with a init script. It boots the kernel but errors |
| 85 |
out trying to enter a run level. Portage can't complete a compile |
| 86 |
either. It complains about the date not being set, but it is. I need |
| 87 |
to get the rust out anyway on installing. Yup, the old command line |
| 88 |
way. I boot gentoo nox. LOL I have to use the 2005.1 install guide |
| 89 |
though. :-( |
| 90 |
|
| 91 |
Supper time. |
| 92 |
|
| 93 |
Dale |
| 94 |
|
| 95 |
:-) :-) :-) :-) |
| 96 |
|
| 97 |
|
| 98 |
-- |
| 99 |
www.myspace.com/dalek1967 |
| 100 |
|
| 101 |
-- |
| 102 |
gentoo-user@g.o mailing list |
Archives