Re: Networking: The Saga, The Sequel

Tue, 20 Nov 2001 13:42:39 -0800 

Long post. Hopefully a short responce. I'm doing what it sounds like you are
trying to do. Here's how I have it setup: (only difference is we use static
IP there, but concept is the same)

RH 7.1 box uses IPTABLES to connect clients to net. Simplified example
below:

server name: mail
client1: donna
client2: briana
client3: mark
64.122.X.Y      192.168.0.2                  /-------------Mark
(192.168.0.4)
---------\
/-------------------------------------donna(192.1668.0.10)
        |----------------|
\------------briana(192.168.0.12)
        | eth0       eth1   |
        |----------------|

Config on any of the clients:
DNS: Enabled
Name: <clientname>.their_tld.com
dns server 1: 192.168.0.2
dns server 2: <their ISP's name server>
gateway: 192.168.0.2



server files:
/etc/resolv.conf
search their_tld.com
nameserver 127.0.0.1
nameserver <isp name server>
nameserver <isp name server 2>

/etc/named.conf
// generated by named-bootconf.pl

options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};
key "key" {
        algorithm hmac-md5;
        secret "<I shall not give away secrets>";
};

/etc/rc.d/rc.local last few lines:
/usr/sbin/firewall-script
# load amavis daemons for mail virus scanning
su -c /usr/sbin/amavisd - amavis

/usr/sbin/firewall-script:
[ `lsmod | grep ipchain | awk '{print $1}'` ] && rmmod ipchains
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_connntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward
IPTABLES=/sbin/iptables
echo "  - Enabling SNAT (IPMASQ) functionality on eth0"
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
exit

Works great for  my client (a local lawfirm).

Give it a shot.

----- Original Message -----
From: "Ben Ocean" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 20, 2001 1:24 PM
Subject: Networking: The Saga, The Sequel


> Hello yet again;
>
> First up, I_have_done_my_homework. I've probably spent a good 60 hours
> trying to figure this problem out to date. I'm beginning to understand the
> lingo now. Hopefully, with your help, I can get it right this time.
>
> Secondly, I have gone through all of the old posts to try and (a) glean
> understanding, and (b) address *all* your questions/concerns at the outset
> (to the best of my ability).
>
> Okay, so yeah, still don't have the *(&%$#*% boxes configured.
>
> TOC
>
> I outline the problem,
> show the network configuration via diagram,
> show the configuration on the Doze box,
> show the configuration on the RH box,
> then finally show the problems I am having at the command line in RH
>
>
> OUTLINING THE PROBLEM
>
> I am currently able to ping from the Doze box to the RH box. I cannot
> resolve anything else on the Doze box. I can surf the Internet, etc. from
> the RH box.
>
>
> NETWORK CONFIGURATION
>
> I have a Linux box RH71 that is connected to the Internet via DSL with
> dynamically generated IP addresses. That box is connected to a Doze '98
box.
>
> **Note: If there are discrepancies between the addresses listed
immediately
> below and those in the files, the files are to be considered more
reliable.
>
>    _______                         _____                      ____________
>                      ____                     { ~~~~~~ }
> /  Doze98 \-------------------->/ RH71 \----------------->/ DSL
> *Modem*\------------------>/ ISP \----------------->{  Internet   }
> \________/                      \
> _____/                   \____________/                     \____/
>            { ~~~~~~}
> IP: 192.168.1.2 IP: 192.168.1.1 ??? IP: either dsl.cnw.net; cnw.net;
> 206.40.133.20; 206.129.112.21
> Gate: 192.168.1.1 Gate: 192.168.1.1 ??? ???
> Subn: 255.255.255.0 Subn: 255.255.255.0 ??? ???
>
>
> CONFIGURATION ON THE DOZE BOX
>
> Control Panel >> Networking >> Configuration >> TCP/IP 3Com Ethernet
> blah-blah (double-click)
> IP Address >> Specify an IP address >>
> IP Address 192.168.1.2
> Subnet Mask 255.255.255.0
> DNS Configuration >> Gateway >> Name Servers >> Add
> 192.168.1.1
> 206.40.133.20
> 206.129.112.21
>
>
> CONFIGURATION ON THE RH BOX
>
> ifconfig -a
>
> eth0 Link endcap:Ethernet HWaddr 00:04:75:71:2B:3D
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:19 error:0 dropped:0 overruns:0 frame:0
> TX packets:0 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:100
> Interrupt:11 Base address:0x2400
>
> eth1 Link endcap:Ethernet HWaddr 00:40:D0:0C:B2:22
> inet addr:216.9.0.125 Bcast:216.9.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:16 error:0 dropped:0 overruns:0 frame:0
> TX packets:21 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:100
> Interrupt:10 Base address:0x2000
>
> lo Link endcap:Local Loopback
> indet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:6 error:0 dropped:0 overruns:0 frame:0
> TX packets:6 error:0 dropped:0 overruns:0 carrier:0
> collisions:0 txquelen:0
>
>
> vi /etc/sysconfig/network-scripts/ifcfg-eth0
>
> DEVICE=eth0
> BOOTPROTO=static
> BROADCAST=192.168.1.255
> IPADDR=192.168.1.1
> NETMASK=255.255.225.0
> NETWORK=192.168.1.0
> ONBOOT=yes
>
>
> vi /etc/sysconfig/network-scripts/ifcfg-eth1
>
> DEVICE=eth1
> BOOTPROTO=dhcp
> ONBOOT=yes
>
>
> vi /etc/sysconfig/network-scripts/ifcfg-lo
>
> DEVICE=lo
> IPADDR=127.0.0.1
> NETMASK=255.0.0.0
> NETWORK=127.0.0.0
> BROADCAST=127.255.255.255
> ONBOOT=yes
> NAME=loopback
> BOOTPROTO=none
>
>
> vi /etc/named.conf
>
> options {
> forwarders {
> 206.40.133.20
> 206.129.112.21
> };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
> key "key" {
> algorithm hmac-md5;
> secret "stuff-I-shouldn't-repeat";
> };
>
>
> vi /etc/dhcpd.conf
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> range 192.168.1.2 192.168.1.60;
> default-lease-time 86400;
> max-lease-time 86400;
> option routers 192.168.1.1;
> option broadcast-address 192.168.1.255;
> option subnet-mask 255.255.255.0;
> option domain-name-servers 192.168.1.1, 206.40.133.20, 206.129.112.21;
> }
>
>
> vi /etc/resolv.conf
>
> search dsl.cnw.net cnw.net
> nameserver 206.40.133.20
> nameserver 206.129.112.21
>
>
> vi /etc/modules.conf
>
> alias eth0 3c59x
> alias eth1 tulip
> alias parport_lowlevel parport_pc
> alias usb-controller usb-uhci
>
>
> CONFIGURING MASQUERADING
>
> vi /etc/rc.d/rc.masq
>
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.1.2/24 -j MASQ
> ## I do have other IPchains  installed...
>
> chmod 700 /etc/rc.d/rc.masq
>
> vi /etc/sysconfig/network
>
> NETWORKING=yes
> HOSTNAME=localhost.localdomain
> FORWARD_IPV=true
>
> vi /etc/rc.d/rc.local
>
> (at the end of the file...)
> /etc/rc.d/rc.masq
>
>
> PROBLEMS
>
> ipfwadm -F -f
> Chains are empty (ie. ipfwadm has not been used on them).
> ## Is this even a problem? I don't need IPchains AND IPtables AND IPfwadm,
> just any one of those, correct?
>
> modprobe ipt_MASQUERADE
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module:
> Device or resource busy
> Hint: insmod errors can be caused by incorrect module parameters,
including
> invalid IO or IRQ parameters
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> ipt_MASQUERADE failed
>
> iptables -t nat -L
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module:
> Device or resource busy
> Hint: insmod errors can be caused by incorrect module parameters,
including
> invalid IO or IRQ parameters
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> ip_tables.o failed
> iptables v1.2.1a: can't initialize iptables table 'nat': iptables who? (do
> you need to initialize insmod?)
> Perhaps iptables or your kernel needs to be upgraded
>
> /usr/sbin/ndc start
> bash: /usr/sbin/ndc start: No such file or directory
> ## This, in fact, may be the WHOLE PROBLEM...?
>
> TIA,
> BenO
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to