Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

Cable modem ==> Redhat Linux box (and DHCP) ==> Windows Xp box

I am on a cable connection (roadrunner) and I am trying to run a redhat linux box connected to the cable modem, and a winxp machine connected to the linux box via a second NIC.  I am able to get out on the linux system fine but I can't get dhcp to work properly so that the winxp machine can grab an IP.  Yes, I am using a crossover cable.  I _have_ tried to get things right in dhcpd.conf but am having trouble.  I suppose that my biggest problem is understanding which numbers assigned by roadrunner I should use in the .conf file and which numbers I can make up arbitrarily, like the ip to be assigned.  Obviously I want the XP system to be able to talk to the outside.  Also, I am using only one IP and I have only a single system connected to the linux box.  I have worked on this quite a bit and any ideas or insights would be greatly appreciated.  Thank you!!


ifconfig on the linux box says:

eth0     Link encap:Ethernet  HWaddr 00:E0:29:31:1D:B2
     inet addr:24.160.168.56  Bcast:255.255.255.255  Mask:255.255.248.0
     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
     RX packets:2759 errors:0 dropped:0 overruns:0 frame:0
     TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100
     RX bytes:167878 (163.8 Kb)  TX bytes:2024 (1.9 Kb)
     Interrupt:11 Base address:0xec00

eth1     Link encap:Ethernet  HWaddr 00:A0:24:80:72:EC
     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:6
     collisions:0 txqueuelen:100
     RX bytes:0 (0.0 b)  TX bytes:2052 (2.0 Kb)
     Interrupt:5 Base address:0xe800

lo     Link encap:Local Loopback
     inet addr:127.0.0.1  Mask:255.0.0.0
     UP LOOPBACK RUNNING  MTU:16436  Metric:1
     RX packets:10 errors:0 dropped:0 overruns:0 frame:0
     TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:700 (700.0 b)  TX bytes:700 (700.0 b)


what the xp box says with ipconfig:

Windows IP Configuration
Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : columbus.rr.com
        IP Address. . . . . . . . . . . . : 24.160.172.41
        Subnet Mask . . . . . . . . . . . : 255.255.248.0
        Default Gateway . . . . . . . . . : 24.160.168.1


0
plytle
Asked:
plytle
  • 6
  • 5
  • 3
  • +2
3 Solutions
 
zekkerCommented:
Hi.

Firstly you have NO IP address on your inside NIC.

eth1     Link encap:Ethernet  HWaddr 00:A0:24:80:72:EC
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6 errors:0 dropped:0 overruns:0 carrier:6
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 b)  TX bytes:2052 (2.0 Kb)
    Interrupt:5 Base address:0xe800




 Is this where you are trying to get your DHCP address? im not entirely clear on it.

You can do this for now since you only have the one XP box on the inside.

Setup your internal IP to be this and make them all static
you can type in setup and go to the network section and take off DHCP from the eth1 nick.

Linux Firewall
eth0 : use DHCP

eth1 :  
IP address  192.168.1.1
netmaks 255.255.255.0

XP :  
IP address : 192.168.1.10
255.255.255.0
Default gateway : 192.168.1.1

Eth 0 on the fireall will have a default gateway setup

Next you will have to enable routing on your firewall and Network Address Translation

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING --o eth0 -j MASQUERADE


You will need to run iptables, go to google and check out the IPTABLES Howto.  lots there but that command i put in will be part of it.  That will enable masquerading on your external nic.  Using static addressing on the inside is fine, you dont need DHCP, unless of course you just want to run it to learn it.

here is a sample config of a cable model connected linux bo

eth0      Link encap:Ethernet  HWaddr 00:D0:B7:19:F5:50
          inet addr:100.112.211.24  Bcast:24.100.166.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2531056 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1422956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1370435202 (1306.9 Mb)  TX bytes:611338292 (583.0 Mb)
          Interrupt:11 Base address:0x7000

eth1      Link encap:Ethernet  HWaddr 00:A0:CC:79:9A:7E
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1141020 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1218942 errors:2 dropped:0 overruns:2 carrier:2
          collisions:0 txqueuelen:100
          RX bytes:598811239 (571.0 Mb)  TX bytes:1278339193 (1219.1 Mb)
          Interrupt:11 Base address:0xc000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:189502 (185.0 Kb)  TX bytes:189502 (185.0 Kb)


hope that helps.!

- Zekker  - and yes the IP on my sample on eth0 is fake ;-)











0
 
zekkerCommented:
Just as a followup a network diagram would look something like this


                       INTERNET
                           |
                           |      
                           |  Dhcp assigned
                           |  address: eth0      
                           |  24.100.166.121    
                           |
                         -----    NOTE this linux box
                         --L--    runs IPtables.
                         --Y--
                         --N--
                         --I--
                         --X--
                         ----- eth1
                           |   IP address 192.168.1.1
                           |   255.255.255.0            
                           |

                         -----  IP address 192.168.1.2
                         --X--  255.255.255.0
                         --P--  gateway 192.168.1.1
                         ------
                       


Hope that makes it clearer
 
0
 
mburdickCommented:
The kind of help you really need is beyond the scope of this forum in one area... but here goes an attempt.

1) You are using RedHat Linux for your Internet-connected system. I will assume that you installed version 8 of RedHat since you said it is a new endeavor. Did you install Firewalling when you did this? You will need to if you didn't already...

Open a terminal window, and do "rpm -qa |grep tables". You should see something like "iptables-1.2.6a-2" show up. If not, you will need to add this package.

If you need to add IPTABLES, go to www.redhat.com and click the download link. Find the version for your system, download it, and install it (rpm -i <filename.rpm>)

2) You need a quick lesson in networking: There are a number of IP Addresses that have been "permanently" reserved for use in situations like the one you are describing. They are definined in RFC-1918, and are as follows:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

You can use any of these addresses for your own use, but they are NOT routable on the Internet (I'll get to why that's important in a minute). I would recommend that you set the "inside" IP Address on the RedHat machine to 192.168.0.1 with a mask of 255.255.255.0. Do this through the Network Device Configurator (redhat-config-network from a prompt). Click on ETH1 and click Edit. Click the radio button next to the area where you set a static IP Address. DO NOT fill in a gateway address in this area.

3) I would stronly recommed that you install a package called WEBMIN. This allows you to do 99% of what you need to control your Linux machine using a web browser. The most important thing you will be able to use it for is to configure the Linux Firewall and the DHCP server.

You can get WEBMIN from www.webmin.com - download the RPM version from the top right of the page. Once it's installed, open a web browser and go to http://localhost:10000 and log in as root (same password as you use for the root account on the system).

Once logged in, click the Servers button up top, then the DHCP server button in the page. If there isn't already a subnet defined for 192.168.0.0, add one. Keep it simple... put in a range of addresses to hand out from the DHCP server. 192.168.0.100-192.168.0.199 for example. Save the changes.

Now, click the Edit Client Options button. Make sure that you set the DEFAULT GATEWAY to 192.168.0.1 in this section so the clients will route properly. Also, fill in the Subnet Mask as 255.255.255.0. You can try leaving the DNS set at default. If you get an address on the XP machine, but get DNS errors in IE, you'll need to put in a real DNS server's address here. Click Save.

On the DHCP Server options page, apply the changes.

Click the Networking button. Choose the Linux Firewall button in the page.

Near the top, where it says Showing IPTable, click the drop-down and choose Network Address Translation and click the Showing IPTable button. You will need to add a rule to the POSTROUTING section. The action shoule be MASQUERADE and the conditions are OUTGOING INTERFACE EQUALS ETH0. Remember when I said RFC-1918 address are not routable on the Internet? You have to translate your 192.168.0.X address to the publicly routable address assigned to you by your ISP (it's on ETH0). This is done with masquerading.

Click the SAVE button. Make sure that Activate at Boot is set to Y, and apply everything.

Once this is all done, I think you will have enough in place to boot the XP machine (using DHCP) and get out...

I don't really know if that's everything, or if it's exact. But, it should be close enough to get you a lot further than you are right now.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
plytleAuthor Commented:
Thanks for all the excellent information.  I am running webmin and that's making everything much easier.  Here is the situation at the moment.  When I specify a static IP on the XP machine, I am able to talk to the linux system.  However, when I make it dynamic, no IP ever gets allocated and I can't even get to the linux machine.  I suspect the reason is that when I try to run dhcpd, it tells me thereis e no subnet declaration for eth1 (192.168.1.1).  Also, mburdick I couldn't find "default gateway" anywhere on the "edit client options" screen.  At the moment, what I DO have on that screen is only subnet mask at 255.255.255.0 and nothing else specified.  Do I need something in the default routers, client hostname, or broadcast address?  I think I'm much closer than I was but still not quite there.
0
 
mburdickCommented:
You should fill in the 192.168.0.1 address in the Default Routers field. Default Gateway and Default Router are interchangeable, at least for this exercise.

You should also click on the Edit Network Interfaces button and choose ETH1 (the inside adapter) in the list. Then click Save. This tells the system to only listen for DHCP requests on that interface.

One other thing that you may want to check:

In the Linux Firewall section of WEBMIN (under Networking), you should make sure that there is a rule at the top of the RH-Lokkit chain that says Accept if the input interface is ETH1 (your inside adapter).

This will guarantee that all internal traffic is allowed in to the system, including DHCP requests.
0
 
plytleAuthor Commented:
Hmm - tere is no RH-Lokkit chain in the firewall section.  The only things there are OUTPUT, POSTROUTING and PREROUTING and the only item in any of those is Masquerade in POSTROUTING.  It sounds like that could be a problem....
0
 
plytleAuthor Commented:
Hmm - tere is no RH-Lokkit chain in the firewall section.  The only things there are OUTPUT, POSTROUTING and PREROUTING and the only item in any of those is Masquerade in POSTROUTING.  It sounds like that could be a problem....
0
 
mburdickCommented:
You need to display the Packet Filtering filter, and there should be a Chain installed called RH-Lokkit 0-50-Input (again - making the assumption that you are running RedHat 8, and installed the standard firewall features).

0
 
plytleAuthor Commented:
Okay, I didn't have the firewall setup as you said, but it is now and I have everything just as you specified in the firewall part of webmin and elsewhere.  Again, I can't pick up an IP wen I choose dynamic on the xp box but when I specify 192.168.0.2 it lets me talk to the linux box but not anywhere beyond.  I can ping stuff on the linux, but anything else it can't find, and that's when I ping by ip, so it's not just a DNS problem.  Frankly it doesn't matter to me if I specify the IP on the xp machine or it's assigned by the firewall, but regardless I need to get the packets from the xp out beyond the linux box.  Thanks for all of your help so far!
0
 
mburdickCommented:
Can you post a copy of your /etc/sysconfig/iptables file? I want to see exactly what your system has enabled so I can help you figure out where it's falling apart.
0
 
plytleAuthor Commented:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --syn
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth0 --dport 67:68 --sport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth1 --dport 67:68 --sport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 -j REJECT  --syn
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 -j REJECT  --syn
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed


Thanks a bunch!
0
 
droswellCommented:
Don't you need DHCP server installed and running?
Dan
0
 
plytleAuthor Commented:
My understanding of what mburdick says is that the firewall handles dhcp requests and dhcpd doesn't have to run - perhaps I'm totally off on that.  When I try to run dhcpd it complains about things not being configured for the device (eth1).  I'm also having trouble being able to specify a valid IPv4 address for the machine so that Apache will run, but that is a horse of a different feather....
0
 
mburdickCommented:
You definitely DHCPD running. The Webmin interface should give you A) plenty of control over it and B) the ability to start it up.
0
 
droswellCommented:
If using a static ip works, but DHCP won't, then you are simply not getting served an ip from your linux machine. MBurdick had a good post - verify your dhcp server settings are correct in webmin, and that the DHCP server service is running on the correct interface. The firewall WILL ip masquerade and filter traffic, but it will NOT hand out DHCP addresses.
0
 
droswellCommented:
If using a static ip works, but DHCP won't, then you are simply not getting served an ip from your linux machine. MBurdick had a good post - verify your dhcp server settings are correct in webmin, and that the DHCP server service is running on the correct interface. The firewall WILL ip masquerade and filter traffic, but it will NOT hand out DHCP addresses.
0
 
CleanupPingCommented:
plytle:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 6
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now