[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Failing to use Linux PC as router

On Sun, Nov 12, 2006 at 09:48:03PM +0100, Hans Vogelsberger wrote:
 
> After three weeks of studying books, manuals and HOWTOS and try-
> ing to configure the two computers, I am constantly running in
> circles. I can ping from one computer to the other and from the
> old computer to the internet, and I can do everything I did be-
> fore with my old computer, but there is no connection at all
> between the new one and the internet. This I need urgently be-
> cause the AMD 64 has only a daily build netinst Etch I downloa-
> ded and burned to disk on October 17th. It is terribly castra-
> ted (even using 'more' instead of 'less'), but there is no way
> out of the networking circles without apt-get or aptitude which
> seem to be unreachable. My third computer, the one within the
> skull, seems to be rapidly loosing flexibility and efficiency
> after an uptime of more than 75 years.
> 
> ====================================================================
> /etc/network/interfaces
> ====================================================================
> OLD:
> ====
> # The loopback interface
> auto lo
> iface lo inet loopback
> # The first network card
> up sysctl -w net.ipv4.ip_forward=1
> auto eth0
> iface eth0 inet dhcp
>         address 192.168.1.2
>         netmask 255.255.255.0
>         inet_route add default gw 192.168.1.0/24
>         up iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0\
>         -j MASQUERADE
>                 #*# Shouldn't these two lines be enough to guarantee
>                     dhcp access for BOTH computers ??? #*#
> # The second network card
> auto eth1
> iface eth1 inet static
>         address 192.168.1.1
>         netmask 255.255.255.0
> up iptables -A FORWARD -s 192.168.1.3 -d 192.168.1.2
> up iptables -A FORWARD -s 192.168.1.2 -d 192.168.1.3
>                 #*# Two lines added because route and MASQUERADE of
>                     eth0 seemed useless, but didn't help either #*#
> #*# TRIED after setting eth0 to inet static,
>     but TOTALLY COMMENTED OUT after resetting
>     eth0 to dhcp because the br0 did not find
>     oth0: #*#
> NEW:
> ====
> # The loopback interface
> auto lo
> iface lo inet loopback
> # The second network card
> up sysctl -w net.ipv4.ip_forward=1
> auto oth1
> iface oth1 inet static
>         address 192.168.1.3
>         netmask 255.255.255.0


I am unfamiliar with trying to set up a firewall from within
/etc/network/interfaces, although I see that the debian-reference does
this.

I have a similar setup where my 486 has the modem (although ppp).

I think that the dhcp from your ISP should set the gateway; you don't
need to.

If running sarge, ipforward is set in /etc/network/options, and if Etch
is in /etc/sysctl.conf

For a basic firewall, at least until things work and you want to tweak,
I use ipmasq.  Out of the box it sets up a basic forwarding firewall.
Later, if you want more control, use shorewall.

What nameserver setup are you using for the new computer?  I use dnsmasq
on the 486 and point my new computer's resolv.conf at the 486.

To summarize; you may be trying to do too much in
/etc/network/interfaces when Debian has default ways of doing this
differently.

Doug.
Reply to: