YR wrote: > I tried over a dozen sites, forums and wikis with various > instructions and I still can't get this to work. So many 'tutorials' > instruct you to 'apt-get' more software that would simply conflict > with what is already installed, when what is installed actually > works, i just don't know how to configure it!
People here are volunteers. The reason people ask to install additional software is typically to be within the space that they know. For example I use Shorewall as my firewall router rule builder and know it pretty well. Therefore I will suggest it as a good way to go and will help with the configuration of it. But if you are using any other process then I probably won't be able to help because I would need to learn about these other tools. Since I am volunteering the help and am always short on time that isn't a possibility. However if you say you are using a different tool then someone who uses it might see the message and then jump in to help with it. It is a team effort. We all help in the spots that we can. Here you didn't say what tool you are using. Are you writing native Linux netfilter iptables rules? Or are you using a builder of some sort? Mind you raw iptables is fine. But just very tedious and easy to make mistakes. That is why I prefer to use a higher level tool to build the rules for me such as Shorewall. I find it excellent with a lot of good documentation and therefore I recommend it. As far as your statement that what you have installed is working. It actually sounds like it isn't working or you wouldn't be posting. :-) > The system has 2 network cards. Debian accesses the internet via > eth0 without problems. (typical dhcp getting IP from ISP) > the internet connection is shared, Note that while Windows calls it connection sharing that is a windows specific term. No one else calls it that. It sounds silly to me to hear it in the context of a Linux netfilter discussion. At this point your machine is a router. > and the xp machine connected to eth1 connects to the internet also > without problems (none that I saw anyway) the dhcp server on debian > assigns an ip to the eth1 machine successfully in the 10.x.x.x range So it sounds like you have forwarding and NAT/masquerading set up successfully. Good so far. > my problem is that I cannot access the machine on eth1 when it > serves. For example, from the machine connected to eth1 I could play > quake 3 connecting to a server on the internet flawlessly, but I > cannot host a server myself, others can't connect to me. > how to I forward the ports to the eth1 machine so that I can have a > server on it? (or as routers often call it "virtual servers") Here you need to supply some more detail. The words "it" and "the machine" are just ambiguous enough that I am not positive which machine is which. I will guess that your iptables rules are routing packets from eth1 to eth0 but not allowing packets from eth1 to the local machine itself. It may not be obvious but packets to the router host needs to be allowed separately in addition to the packets routing through it. > I also want to activate the firewall on the debian machine but that > also has caused problems with the internet connection sharing, > leaving the machine on eth1 connectionless. Obviously your firewall rules are blocking the routed packets. You didn't show us what you are trying and so there isn't a way for us to help you deduce what is wrong. The distinction between firewall rules and router rules is pretty nebulous. Both are using iptables, right? It would be great if you told us what you are doing to get routing going. And then tell us what you are trying to do to turn on firewalling. > my attempt with firewall is only half a success, as the machine on > eth1 can only be given an IP by debian if firewall is off, Sounds like your firewall is blocking your DHCP packets. You need to allow them through. > and then eth1 machine will only access the internet if I turn the > firewall back on. It sounds like your firewall rules are also your routing rules. Bob
signature.asc
Description: Digital signature
