Re: nat and dhcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
uzoma nwosu wrote:
| I'm trying to turn my debian box into nat server. So far, I've got the
| kernel configured with all the netfilter stuff that the IP
| Masquerade-howto on tldp.org said (I'm running 2.4.24, with sarge/sid).
| I've installed dhcpd and it seems to run fine.
| So here's my problem: my laptop (which has a dhcp client thats works on
| campus) can ping my deskstop but that's all. It can't reach the net.
| I have done the echo 1 >/proc/sys/net/ipv4/ip_forward thing to turn it
| on and still nothing. So here is my dhcp.conf and my
| /etc/network/interface file snippets. ANY help would be greatly
| appreciated.
|
| king:/proc/sys/net/ipv4# more /etc/dhcpd.conf
| #
| # Sample configuration file for ISC dhcpd for Debian
| #
| # $Id: dhcpd.conf,v 1.4.2.2 2002/07/10 03:50:33 peloy Exp $
| #
|
| # option definitions common to all supported networks...
| option domain-name "mytalon.com";
| #option domain-name-servers king.mytalon.com;
|
| option subnet-mask 255.255.255.0;
| default-lease-time 600;
| max-lease-time 7200;
|
| #my declared subnet for eth1
| subnet 192.168.0.0 netmask 255.255.255.0 {
| range 192.168.0.1 192.168.0.10;
| option broadcast-address 192.168.0.255;
| # option routers prelude.fugue.com;
| }
|
| king:/proc/sys/net/ipv4# more /etc/network/interfaces
| # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
|
| # The loopback interface
| auto lo
| iface lo inet loopback
|
| # The first network card - this entry was created during the Debian
| installation
| auto eth0
| iface eth0 inet dhcp
|
| #Second network card - 3Com vortex
| auto eth1
| iface eth1 inet static
| address 192.168.0.1
| netmask 255.255.255.0
| network 192.168.0.0
| broadcast 192.168.0.255
|
|
| Something else that I don't completely understand (this is my first time
| ever creating a network) is that my laptop picks up 192.168.2.1 from
| DHCPACK when ifup eth0. Shouldn't it receive on 192.168.0.1?
|
| thanks,
|
| Uzoma
|
|
I have a debian box I use as a dhcp/dns server and router for my small
network.
I use dnsmasq for dhcp/dns setup - because it's really easy to install
and configure. I tried dynamic dns updates for bind, but it was way too
complicated.
Here's the script I use. Luckily it sits behind another router/firewall
so I don't have to worry much about firewalling.
INT_IF defines the interface connected to the internal network
EXT_IF defines the interface connected to the external network
Note: there may be some line-wrapping.
- -------- /etc/init.d/route : start ----------
#!/bin/sh
#
# Startup script for route
#
# description: Starts iptables routing
# chkconfig: 2345 85 15
IPTABLES=/sbin/iptables
INT_IF=eth0
EXT_IF=eth1
# See how we were called.
case "$1" in
~ start)
~ echo -n "Starting router: "
~ # Delete and flush. Default table is "filter". Others like "nat"
must be explicitly stated.
~ # Flush all the rules in filter and nat tables
~ $IPTABLES --flush
~ $IPTABLES --table nat --flush
~ # Delete all chains that are not in default filter and nat table
~ $IPTABLES --delete-chain
~ $IPTABLES --table nat --delete-chain
~ # Set up IP FORWARDing and Masquerading
~ $IPTABLES --table nat --append POSTROUTING -o $EXT_IF -j MASQUERADE
~ $IPTABLES --append FORWARD -i $INT_IF -j ACCEPT
~ # Enables packet forwarding by kernel
~ echo 1 > /proc/sys/net/ipv4/ip_forward
~ echo "Done"
~ ;;
~ stop)
~ echo -n "Stopping router: "
~ # Delete and flush. Default table is "filter". Others like "nat"
must be explicitly stated.
~ # Flush all the rules in filter and nat tables
~ $IPTABLES --flush
~ $IPTABLES --table nat --flush
~ # Delete all chains that are not in default filter and nat table
~ $IPTABLES --delete-chain
~ $IPTABLES --table nat --delete-chain
~ echo "Done"
~ ;;
~ status)
~ echo "Router info: "
~ echo "Not implemented."
~ ;;
~ restart)
~ $0 stop
~ $0 start
~ ;;
~ reload)
~ echo -n "Re-"
~ $0 start
~ echo
~ ;;
~ *)
~ echo "Usage: %s {start|stop|restart|reload|status}\n" "$0"
~ exit 1
esac
exit 0
- -------- /etc/init.d/route : end ----------
- --
Andy Ruddock
- ------------
Senior Software Developer (andy.ruddock@minnesund.net)
GPG Key IDs : DSA/EIGamal=0x4E509520 RSA=0x5C38FD43 DSA=0x8B428591
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAXWalRVHR7k5QlSARApZ4AJ9E11d2ZtIZvDTtizxwtSaCSQWKLQCfQFb3
XweCwWDdUiaU29zRFojWMtU=
=qVID
-----END PGP SIGNATURE-----
Reply to: