On Thu, Feb 5, 2009 at 3:11 PM, Zanga Chimombo <z.chimo...@admarc.co.mw> wrote: >> You said 'i am able to ping 172.21.5.136 but not 172.21.0.1' > > from a client machine on the internal network. > >> and 'i can >> connect fine to the internet from the gateway'. > >> So you can ping, say google.com from your gateway machine correctly? > > yes. > >> But >> you can't ping 172.21.0.1 from your gateway? > > i can ping 172.21.0.1 fine from the gateway but not from a client. > >> Since you can get to the internet from your gateway, then its routing >> should >> be fine, > > everything is indeed fine from the gateway. i can browse www.google.com, > ping my ISPs gateway (172.21.0.1).the problem is the internal network. > >> and the next thing is to configure IP masqurading to allow your >> internal network to connect via that machine. > > so i have to setup iptables? any pointers...? >
My personal recommendation would be to use Shorewall, because I have been impressed with it when I've used it. The guide at http://shorewall.net/two-interface.htm should be appropriate for your needs (and be sure not to miss the notes specific to the Debian package). Shorewall can be used to set up a full set of firewalling rules, plus port forwarding, as well as masquerading but I don't know if you might consider it overkill for your needs. If you want to configure it manually, you could start by looking at http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/, including the comments, but I wouldn't actually do this except in the testing stage, because it's easy to make mistakes in configuration which will cause problems (like allowing incoming requests from the internet to be masqueraded, appearing to your network like they are coming from your gateway machine). More generally, you should be able to find a lot of resources about IP masquerading via Google. Once you've set up the forwarding, you need to have the other machines on your network actually use the gateway to access the internet. If they are using DCHP then that is just a matter of setting the default gateway in your DHCP server config (and you might want to run a DHCP server on your gateway, if you don't already have one on your network). If your machines have static IP addresses, then you need to include a reference to the gateway in their network configuration. In Debian this can be done by adding a line to the appropriate stanza in /etc/interfaces, like eg: iface eth0 inet static address 192.168.0.111 netmask 255.255.255.0 gateway 192.168.0.1 Or for a quick test 'route add default gw 192.168.0.1' on the client should work, assuming that's the IP address of the internal interface of your gateway. Doubtless there are a multitude of GUI tools to do this, depending on what you're running on the client machines, but if you're not using DHCP then I assume you already know how to configure network interfaces. I believe that should cover the usual cases, but if I've made any mistakes or false assumptions, then let me know. Thanks, Nye -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
