?
Solved

Cable modem ==> Redhat Linux box (and DHCP) ==> Windows Xp box

Posted on 2003-03-21
19
Medium Priority
?
310 Views
Last Modified: 2010-03-18
I am on a cable connection (roadrunner) and I am trying to run a redhat linux box connected to the cable modem, and a winxp machine connected to the linux box via a second NIC.  I am able to get out on the linux system fine but I can't get dhcp to work properly so that the winxp machine can grab an IP.  Yes, I am using a crossover cable.  I _have_ tried to get things right in dhcpd.conf but am having trouble.  I suppose that my biggest problem is understanding which numbers assigned by roadrunner I should use in the .conf file and which numbers I can make up arbitrarily, like the ip to be assigned.  Obviously I want the XP system to be able to talk to the outside.  Also, I am using only one IP and I have only a single system connected to the linux box.  I have worked on this quite a bit and any ideas or insights would be greatly appreciated.  Thank you!!


ifconfig on the linux box says:

eth0     Link encap:Ethernet  HWaddr 00:E0:29:31:1D:B2
     inet addr:24.160.168.56  Bcast:255.255.255.255  Mask:255.255.248.0
     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
     RX packets:2759 errors:0 dropped:0 overruns:0 frame:0
     TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100
     RX bytes:167878 (163.8 Kb)  TX bytes:2024 (1.9 Kb)
     Interrupt:11 Base address:0xec00

eth1     Link encap:Ethernet  HWaddr 00:A0:24:80:72:EC
     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:6
     collisions:0 txqueuelen:100
     RX bytes:0 (0.0 b)  TX bytes:2052 (2.0 Kb)
     Interrupt:5 Base address:0xe800

lo     Link encap:Local Loopback
     inet addr:127.0.0.1  Mask:255.0.0.0
     UP LOOPBACK RUNNING  MTU:16436  Metric:1
     RX packets:10 errors:0 dropped:0 overruns:0 frame:0
     TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:700 (700.0 b)  TX bytes:700 (700.0 b)


what the xp box says with ipconfig:

Windows IP Configuration
Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : columbus.rr.com
        IP Address. . . . . . . . . . . . : 24.160.172.41
        Subnet Mask . . . . . . . . . . . : 255.255.248.0
        Default Gateway . . . . . . . . . : 24.160.168.1


0
Comment
Question by:plytle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +2
19 Comments
 
LVL 2

Accepted Solution

by:
zekker earned 672 total points
ID: 8184506
Hi.

Firstly you have NO IP address on your inside NIC.

eth1     Link encap:Ethernet  HWaddr 00:A0:24:80:72:EC
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6 errors:0 dropped:0 overruns:0 carrier:6
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 b)  TX bytes:2052 (2.0 Kb)
    Interrupt:5 Base address:0xe800




 Is this where you are trying to get your DHCP address? im not entirely clear on it.

You can do this for now since you only have the one XP box on the inside.

Setup your internal IP to be this and make them all static
you can type in setup and go to the network section and take off DHCP from the eth1 nick.

Linux Firewall
eth0 : use DHCP

eth1 :  
IP address  192.168.1.1
netmaks 255.255.255.0

XP :  
IP address : 192.168.1.10
255.255.255.0
Default gateway : 192.168.1.1

Eth 0 on the fireall will have a default gateway setup

Next you will have to enable routing on your firewall and Network Address Translation

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING --o eth0 -j MASQUERADE


You will need to run iptables, go to google and check out the IPTABLES Howto.  lots there but that command i put in will be part of it.  That will enable masquerading on your external nic.  Using static addressing on the inside is fine, you dont need DHCP, unless of course you just want to run it to learn it.

here is a sample config of a cable model connected linux bo

eth0      Link encap:Ethernet  HWaddr 00:D0:B7:19:F5:50
          inet addr:100.112.211.24  Bcast:24.100.166.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2531056 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1422956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1370435202 (1306.9 Mb)  TX bytes:611338292 (583.0 Mb)
          Interrupt:11 Base address:0x7000

eth1      Link encap:Ethernet  HWaddr 00:A0:CC:79:9A:7E
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1141020 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1218942 errors:2 dropped:0 overruns:2 carrier:2
          collisions:0 txqueuelen:100
          RX bytes:598811239 (571.0 Mb)  TX bytes:1278339193 (1219.1 Mb)
          Interrupt:11 Base address:0xc000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:189502 (185.0 Kb)  TX bytes:189502 (185.0 Kb)


hope that helps.!

- Zekker  - and yes the IP on my sample on eth0 is fake ;-)











0
 
LVL 2

Expert Comment

by:zekker
ID: 8184558
Just as a followup a network diagram would look something like this


                       INTERNET
                           |
                           |      
                           |  Dhcp assigned
                           |  address: eth0      
                           |  24.100.166.121    
                           |
                         -----    NOTE this linux box
                         --L--    runs IPtables.
                         --Y--
                         --N--
                         --I--
                         --X--
                         ----- eth1
                           |   IP address 192.168.1.1
                           |   255.255.255.0            
                           |

                         -----  IP address 192.168.1.2
                         --X--  255.255.255.0
                         --P--  gateway 192.168.1.1
                         ------
                       


Hope that makes it clearer
 
0
 
LVL 12

Assisted Solution

by:mburdick
mburdick earned 664 total points
ID: 8188252
The kind of help you really need is beyond the scope of this forum in one area... but here goes an attempt.

1) You are using RedHat Linux for your Internet-connected system. I will assume that you installed version 8 of RedHat since you said it is a new endeavor. Did you install Firewalling when you did this? You will need to if you didn't already...

Open a terminal window, and do "rpm -qa |grep tables". You should see something like "iptables-1.2.6a-2" show up. If not, you will need to add this package.

If you need to add IPTABLES, go to www.redhat.com and click the download link. Find the version for your system, download it, and install it (rpm -i <filename.rpm>)

2) You need a quick lesson in networking: There are a number of IP Addresses that have been "permanently" reserved for use in situations like the one you are describing. They are definined in RFC-1918, and are as follows:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

You can use any of these addresses for your own use, but they are NOT routable on the Internet (I'll get to why that's important in a minute). I would recommend that you set the "inside" IP Address on the RedHat machine to 192.168.0.1 with a mask of 255.255.255.0. Do this through the Network Device Configurator (redhat-config-network from a prompt). Click on ETH1 and click Edit. Click the radio button next to the area where you set a static IP Address. DO NOT fill in a gateway address in this area.

3) I would stronly recommed that you install a package called WEBMIN. This allows you to do 99% of what you need to control your Linux machine using a web browser. The most important thing you will be able to use it for is to configure the Linux Firewall and the DHCP server.

You can get WEBMIN from www.webmin.com - download the RPM version from the top right of the page. Once it's installed, open a web browser and go to http://localhost:10000 and log in as root (same password as you use for the root account on the system).

Once logged in, click the Servers button up top, then the DHCP server button in the page. If there isn't already a subnet defined for 192.168.0.0, add one. Keep it simple... put in a range of addresses to hand out from the DHCP server. 192.168.0.100-192.168.0.199 for example. Save the changes.

Now, click the Edit Client Options button. Make sure that you set the DEFAULT GATEWAY to 192.168.0.1 in this section so the clients will route properly. Also, fill in the Subnet Mask as 255.255.255.0. You can try leaving the DNS set at default. If you get an address on the XP machine, but get DNS errors in IE, you'll need to put in a real DNS server's address here. Click Save.

On the DHCP Server options page, apply the changes.

Click the Networking button. Choose the Linux Firewall button in the page.

Near the top, where it says Showing IPTable, click the drop-down and choose Network Address Translation and click the Showing IPTable button. You will need to add a rule to the POSTROUTING section. The action shoule be MASQUERADE and the conditions are OUTGOING INTERFACE EQUALS ETH0. Remember when I said RFC-1918 address are not routable on the Internet? You have to translate your 192.168.0.X address to the publicly routable address assigned to you by your ISP (it's on ETH0). This is done with masquerading.

Click the SAVE button. Make sure that Activate at Boot is set to Y, and apply everything.

Once this is all done, I think you will have enough in place to boot the XP machine (using DHCP) and get out...

I don't really know if that's everything, or if it's exact. But, it should be close enough to get you a lot further than you are right now.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:plytle
ID: 8190156
Thanks for all the excellent information.  I am running webmin and that's making everything much easier.  Here is the situation at the moment.  When I specify a static IP on the XP machine, I am able to talk to the linux system.  However, when I make it dynamic, no IP ever gets allocated and I can't even get to the linux machine.  I suspect the reason is that when I try to run dhcpd, it tells me thereis e no subnet declaration for eth1 (192.168.1.1).  Also, mburdick I couldn't find "default gateway" anywhere on the "edit client options" screen.  At the moment, what I DO have on that screen is only subnet mask at 255.255.255.0 and nothing else specified.  Do I need something in the default routers, client hostname, or broadcast address?  I think I'm much closer than I was but still not quite there.
0
 
LVL 12

Expert Comment

by:mburdick
ID: 8190186
You should fill in the 192.168.0.1 address in the Default Routers field. Default Gateway and Default Router are interchangeable, at least for this exercise.

You should also click on the Edit Network Interfaces button and choose ETH1 (the inside adapter) in the list. Then click Save. This tells the system to only listen for DHCP requests on that interface.

One other thing that you may want to check:

In the Linux Firewall section of WEBMIN (under Networking), you should make sure that there is a rule at the top of the RH-Lokkit chain that says Accept if the input interface is ETH1 (your inside adapter).

This will guarantee that all internal traffic is allowed in to the system, including DHCP requests.
0
 

Author Comment

by:plytle
ID: 8190319
Hmm - tere is no RH-Lokkit chain in the firewall section.  The only things there are OUTPUT, POSTROUTING and PREROUTING and the only item in any of those is Masquerade in POSTROUTING.  It sounds like that could be a problem....
0
 

Author Comment

by:plytle
ID: 8190321
Hmm - tere is no RH-Lokkit chain in the firewall section.  The only things there are OUTPUT, POSTROUTING and PREROUTING and the only item in any of those is Masquerade in POSTROUTING.  It sounds like that could be a problem....
0
 
LVL 12

Expert Comment

by:mburdick
ID: 8190354
You need to display the Packet Filtering filter, and there should be a Chain installed called RH-Lokkit 0-50-Input (again - making the assumption that you are running RedHat 8, and installed the standard firewall features).

0
 

Author Comment

by:plytle
ID: 8191327
Okay, I didn't have the firewall setup as you said, but it is now and I have everything just as you specified in the firewall part of webmin and elsewhere.  Again, I can't pick up an IP wen I choose dynamic on the xp box but when I specify 192.168.0.2 it lets me talk to the linux box but not anywhere beyond.  I can ping stuff on the linux, but anything else it can't find, and that's when I ping by ip, so it's not just a DNS problem.  Frankly it doesn't matter to me if I specify the IP on the xp machine or it's assigned by the firewall, but regardless I need to get the packets from the xp out beyond the linux box.  Thanks for all of your help so far!
0
 
LVL 12

Expert Comment

by:mburdick
ID: 8191794
Can you post a copy of your /etc/sysconfig/iptables file? I want to see exactly what your system has enabled so I can help you figure out where it's falling apart.
0
 

Author Comment

by:plytle
ID: 8198571
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth0 --dport 67:68 --sport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth1 --dport 67:68 --sport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 -j REJECT  --syn
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed


Thanks a bunch!
0
 
LVL 3

Expert Comment

by:droswell
ID: 8218317
Don't you need DHCP server installed and running?
Dan
0
 

Author Comment

by:plytle
ID: 8218523
My understanding of what mburdick says is that the firewall handles dhcp requests and dhcpd doesn't have to run - perhaps I'm totally off on that.  When I try to run dhcpd it complains about things not being configured for the device (eth1).  I'm also having trouble being able to specify a valid IPv4 address for the machine so that Apache will run, but that is a horse of a different feather....
0
 
LVL 12

Expert Comment

by:mburdick
ID: 8218590
You definitely DHCPD running. The Webmin interface should give you A) plenty of control over it and B) the ability to start it up.
0
 
LVL 3

Expert Comment

by:droswell
ID: 8218591
If using a static ip works, but DHCP won't, then you are simply not getting served an ip from your linux machine. MBurdick had a good post - verify your dhcp server settings are correct in webmin, and that the DHCP server service is running on the correct interface. The firewall WILL ip masquerade and filter traffic, but it will NOT hand out DHCP addresses.
0
 
LVL 3

Assisted Solution

by:droswell
droswell earned 664 total points
ID: 8218601
If using a static ip works, but DHCP won't, then you are simply not getting served an ip from your linux machine. MBurdick had a good post - verify your dhcp server settings are correct in webmin, and that the DHCP server service is running on the correct interface. The firewall WILL ip masquerade and filter traffic, but it will NOT hand out DHCP addresses.
0
 

Expert Comment

by:CleanupPing
ID: 9077603
plytle:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question