Home router: can't access WAN from within the LAN

Message

sebgarden · Post by **sebgarden** » Sat Jul 09, 2005 12:54 pm

Hello all,
I followed the Home router howto from the gentoo documentation. I have one server, a linux computer with address 192.168.0.1. One Windows XP PC is behind the router. I can access and browse the internet on the server without any problem. I can access the server from the PC. I can resolve DNS adresses from the PC.

BUT I CAN'T access the internet from the PC. Typing google.com in Firefox on the PC brings nothing up. I checked pretty much every configuration file I use (nevertheless, exactly what is in the howto). And now, I'm clueless. Any idea ?

Regards,

Sébastien.

adaptr · Post by **adaptr** » Sat Jul 09, 2005 1:10 pm

Did you enable IP forwarding on the server ?

sebgarden · Post by **sebgarden** » Sun Jul 10, 2005 12:19 am

Yep, it was also part of the configuration:

Code: Select all

# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

and also the stuff in /etc/sysctl.conf of course.

sebgarden · Post by **sebgarden** » Sun Jul 10, 2005 10:54 am

I'm pretty sure it only comes from my firewall. Booting the PC with a gentoo LiveCD diesn't help, the server still blocks the traffic ... I'm gonna try again, maybe with firestarter.

Sébastien

comprookie2000 · Post by **comprookie2000** » Sun Jul 10, 2005 11:59 am

You could try this for iptables Wan eth0 LAN eth1, works for me, I had some trouble with the guide also but found this somewhere;
# iptables -F; iptables -t nat -F; iptables -t mangle -F
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -P INPUT DROP

sebgarden · Post by **sebgarden** » Sun Jul 10, 2005 4:08 pm

I tried your iptables rules. They don't work for me. Should be a noob error but I cannot see it.

sebgarden · Post by **sebgarden** » Sun Jul 10, 2005 5:56 pm

I swithched eth0 and eth1, just in case. Now:

eth0=WAN
eth1=LAN

Here are the messages I get on the server after typing ipconfig /release & ipconfig /renew on the PC and then trying to open a web page with firefox on the PC:

Code: Select all

Jul 10 19:44:59 hortensia dhcpd: DHCPRELEASE of 192.168.0.250 from 00:10:dc:c5:69:38 (christian) via eth1 (found)
Jul 10 19:45:05 hortensia dhcpd: DHCPDISCOVER from 00:10:dc:c5:69:38 via eth1
Jul 10 19:45:06 hortensia dhcpd: DHCPOFFER on 192.168.0.250 to 00:10:dc:c5:69:38 (christian) via eth1
Jul 10 19:45:06 hortensia dhcpd: DHCPREQUEST for 192.168.0.250 (192.168.0.1) from 00:10:dc:c5:69:38 (christian) via eth1
Jul 10 19:45:06 hortensia dhcpd: DHCPACK on 192.168.0.250 to 00:10:dc:c5:69:38 (christian) via eth1

I tried firestarter but I just cannot get it to work. It says my interface eth0 is not ready and cannot start the firewall.
Anyway, this story kinda hurt my flatmates, who cannot connect to the internet. I'm trying hard to solve this issue but cannot get rid of this f* nat problem.

Post-Scriptum: I can ping the windows server from the indows PC. But I cannot ping the windows PC from the linux server. I don't think it hurts ?!

comprookie2000 · Post by **comprookie2000** » Sun Jul 10, 2005 6:07 pm

You could check Networking options ---> in the kernel, but if it was working before thats not it but ...

sebgarden · Post by **sebgarden** » Sun Jul 10, 2005 6:15 pm

I just rebuild the 2.6.12-gentoo-r4 kernel with the strictly necessary options, as indicated in the official Gentoo guide. No clue. Still doesn't work. I feel/fear I must dive into iptables caveats.

For reference: my configuration is following

(WAN)-Speedtouch DSL Modem ----- (Eth0)-LAPTOP-(Eth1)-----Switch-----Windows PC

The laptop is the dhcp/dnsmasq/firewall server.

comprookie2000 · Post by **comprookie2000** » Sun Jul 10, 2005 6:30 pm

It could be something simple, if the router is set up like;

Code: Select all

iface_eth0="192.168.1.96 broadcast 192.168.1.255 netmask 255.255.255.0"
iface_eth1="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
gateway="eth0/192.168.1.254"

set up one of the box's;

Code: Select all

iface_eth0="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"
gateway="eth0/192.168.0.1"

/etc/resolv.conf

Code: Select all

nameserver 192.168.0.1

just something to look at ...

sebgarden · Post by **sebgarden** » Sun Jul 17, 2005 11:59 pm

Tried. Still doesn't work. I had some emails conversation with vapier, the author of the guide. Still no clue. I handled the problem to my flat mate. He will try to get a home router on his windows computer working. We'll see if he can manage it.

comprookie2000 · Post by **comprookie2000** » Mon Jul 18, 2005 12:12 am

I just did a upgrade and eth0 and eth1 switched
I had a heck of a time getting it to work again
before eth0=WAN eth1=LAN
now eth1=WAN eth0=LAN
I forgot to change;
# nano /etc/conf.d/dnsmasq
Add "-i eth0" to DNSMASQ_OPTS
to "-i eth1" to DNSMASQ_OPTS