|

»

Notebook as Internet client as well as router (for the other computers)

View: New views

4 Messages — Rating Filter: Alert me

	Notebook as Internet client as well as router (for the other computers) by David Moerike-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, I have a MBO "eurobook" 8375 - equiv. to Mitac 8375, running Squeeze - the Internet connection through the Cable modem to "KabelBW" works fine. However, I also want to connect the other computers through it (in the notebook is eth0 the built-in card and is connected to the Internet, eth2 to the LAN). Please help me to find out if I forgot sth (for example a kernel module), or if I made sth. wrong, or if it isn't successful because of a bug. eurobook-debian:/home/david# echo 1 > /proc/sys/net/ipv4/ip_forward eurobook-debian:/home/david# cat /proc/sys/net/ipv4/ip_forward 1 eurobook-debian:/home/david# modprobe -v iptable_nat insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/nf_conntrack.ko insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/x_tables.ko insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_nat.ko insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/ip_tables.ko insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/iptable_nat.ko eurobook-debian:/home/david# iptables -A POSTROUTING -t nat -j MASQUERADE eurobook-debian:/home/david# iptables -t nat --list-rules -P PREROUTING ACCEPT -P POSTROUTING ACCEPT -P OUTPUT ACCEPT -A POSTROUTING -j MASQUERADE eurobook-debian:/home/david# iptables -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination A ping to the other computers is successful. - On the other computer (there is also Squeeze running): #route add default gw 169.254.195.183 To enter, for example, http://de.wikipedia.org in the browser, or a ping is not successful, even not a ping to 91.198.174.2 (that is the address at present time). Again checking the modules on the notebook: eurobook-debian:/home/david# lsmod \|grep ip iptable_filter 2624 0 ipt_MASQUERADE 2592 1 iptable_nat 4680 1 ip_tables 10160 2 iptable_filter,iptable_nat nf_nat 15544 2 ipt_MASQUERADE,iptable_nat x_tables 13284 3 ipt_MASQUERADE,iptable_nat,ip_tables nf_conntrack_ipv4 12268 3 iptable_nat,nf_nat nf_conntrack 55540 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4 ipv6 235364 29 crypto_blkcipher 15236 1 ecb -- To UNSUBSCRIBE, email to debian-testing-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Notebook as Internet client as well as router (for the other computers) by David Moerike-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message At present time I don't understand all commands in the script; however, using "sniffit", I found out something: On the second computer (client), if a ping package is sent for the internet, that is, for an address that does not begin with 169.254 (they come from avahi) the source address is not 169.254.10.246, but 0.0.0.0 - Why? Is that a bug? If yes, is there a workaround for it? The command on the client: route add default gw 196.254.195.183 - that is the local address of the notebook - has no effect on this. Why? However, the command: iptables -t nat -o eth0 -A POSTROUTING -j MASQUERADE shouldn't it replace the 0.0.0.0 with the address that I got (through dhclient during system startup) from the provider, just as it replaces the local address with the address from the provider? Why doesn't it do that? Jordi Ferrando Fabra schrieb: > Hi David, > Attached my firewall script, hope it helps. > Good luck. > > David wrote: > >> Hello, >> >> I have a MBO "eurobook" 8375 - equiv. to Mitac 8375, running Squeeze - >> the Internet connection through the Cable modem to "KabelBW" works fine. >> >> However, I also want to connect the other computers through it (in the >> notebook is eth0 the built-in card and is connected to the Internet, >> eth2 to the LAN). >> >> Please help me to find out if I forgot sth (for example a kernel >> module), or if I made sth. wrong, or if it isn't successful because of >> a bug. >> >> eurobook-debian:/home/david# echo 1 > /proc/sys/net/ipv4/ip_forward >> eurobook-debian:/home/david# cat /proc/sys/net/ipv4/ip_forward >> 1 >> >> eurobook-debian:/home/david# modprobe -v iptable_nat >> insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/nf_conntrack.ko >> insmod >> /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko >> insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/x_tables.ko >> insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_nat.ko >> insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/ip_tables.ko >> insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/iptable_nat.ko >> eurobook-debian:/home/david# iptables -A POSTROUTING -t nat -j MASQUERADE >> >> eurobook-debian:/home/david# iptables -t nat --list-rules >> -P PREROUTING ACCEPT >> -P POSTROUTING ACCEPT >> -P OUTPUT ACCEPT >> -A POSTROUTING -j MASQUERADE >> >> eurobook-debian:/home/david# iptables -t nat --list >> Chain PREROUTING (policy ACCEPT) >> target prot opt source destination >> Chain POSTROUTING (policy ACCEPT) >> target prot opt source destination >> MASQUERADE all -- anywhere anywhere >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> A ping to the other computers is successful. - On the other computer >> (there is also Squeeze running): >> >> #route add default gw 169.254.195.183 >> >> To enter, for example, http://de.wikipedia.org in the browser, or a >> ping is not successful, even not a ping to 91.198.174.2 (that is the >> address at present time). >> >> Again checking the modules on the notebook: >> >> eurobook-debian:/home/david# lsmod \|grep ip >> iptable_filter 2624 0 >> ipt_MASQUERADE 2592 1 >> iptable_nat 4680 1 >> ip_tables 10160 2 iptable_filter,iptable_nat >> nf_nat 15544 2 ipt_MASQUERADE,iptable_nat >> x_tables 13284 3 ipt_MASQUERADE,iptable_nat,ip_tables >> nf_conntrack_ipv4 12268 3 iptable_nat,nf_nat >> nf_conntrack 55540 4 >> ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4 >> ipv6 235364 29 >> crypto_blkcipher 15236 1 ecb >> >> >> > > -- To UNSUBSCRIBE, email to debian-testing-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Notebook as Internet client as well as router (for the other computers) by Thiago Jung Bauermann-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi David, I don't know enough networking-fu to help you, but is it an option to use the "share this internet connection with other computers" checkbox in network- manager? I never tried it, but I'm confident that it will work and do everything necessary behind the scenes. And you can use GNOME's nm-applet even on KDE4. I know because I do... -- []'s Thiago Jung Bauermann > At present time I don't understand all commands in the script; > > however, using "sniffit", I found out something: > > On the second computer (client), if a ping package is sent for the > internet, that is, for an address that does not begin with 169.254 (they > come from avahi) the source address is not 169.254.10.246, but 0.0.0.0 - > Why? > > Is that a bug? If yes, is there a workaround for it? > > The command on the client: route add default gw 196.254.195.183 > > - that is the local address of the notebook - has no effect on this. Why? > > However, the command: > > iptables -t nat -o eth0 -A POSTROUTING -j MASQUERADE > > shouldn't it replace the 0.0.0.0 with the address that I got (through > dhclient during system startup) from the provider, just as it replaces > the local address with the address from the provider? Why doesn't it do > that? > > Jordi Ferrando Fabra schrieb: > > Hi David, > > Attached my firewall script, hope it helps. > > Good luck. > > > > David wrote: > >> Hello, > >> > >> I have a MBO "eurobook" 8375 - equiv. to Mitac 8375, running Squeeze - > >> the Internet connection through the Cable modem to "KabelBW" works fine. > >> > >> However, I also want to connect the other computers through it (in the > >> notebook is eth0 the built-in card and is connected to the Internet, > >> eth2 to the LAN). > >> > >> Please help me to find out if I forgot sth (for example a kernel > >> module), or if I made sth. wrong, or if it isn't successful because of > >> a bug. > >> > >> eurobook-debian:/home/david# echo 1 > /proc/sys/net/ipv4/ip_forward > >> eurobook-debian:/home/david# cat /proc/sys/net/ipv4/ip_forward > >> 1 > >> > >> eurobook-debian:/home/david# modprobe -v iptable_nat > >> insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/nf_conntrack.ko > >> insmod > >> /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko > >> insmod /lib/modules/2.6.26-2-686/kernel/net/netfilter/x_tables.ko > >> insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/nf_nat.ko > >> insmod /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/ip_tables.ko > >> insmod > >> /lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/iptable_nat.ko > >> eurobook-debian:/home/david# iptables -A POSTROUTING -t nat -j > >> MASQUERADE > >> > >> eurobook-debian:/home/david# iptables -t nat --list-rules > >> -P PREROUTING ACCEPT > >> -P POSTROUTING ACCEPT > >> -P OUTPUT ACCEPT > >> -A POSTROUTING -j MASQUERADE > >> > >> eurobook-debian:/home/david# iptables -t nat --list > >> Chain PREROUTING (policy ACCEPT) > >> target prot opt source destination > >> Chain POSTROUTING (policy ACCEPT) > >> target prot opt source destination > >> MASQUERADE all -- anywhere anywhere > >> Chain OUTPUT (policy ACCEPT) > >> target prot opt source destination > >> A ping to the other computers is successful. - On the other computer > >> (there is also Squeeze running): > >> > >> #route add default gw 169.254.195.183 > >> > >> To enter, for example, http://de.wikipedia.org in the browser, or a > >> ping is not successful, even not a ping to 91.198.174.2 (that is the > >> address at present time). > >> > >> Again checking the modules on the notebook: > >> > >> eurobook-debian:/home/david# lsmod \|grep ip > >> iptable_filter 2624 0 > >> ipt_MASQUERADE 2592 1 > >> iptable_nat 4680 1 > >> ip_tables 10160 2 iptable_filter,iptable_nat > >> nf_nat 15544 2 ipt_MASQUERADE,iptable_nat > >> x_tables 13284 3 ipt_MASQUERADE,iptable_nat,ip_tables > >> nf_conntrack_ipv4 12268 3 iptable_nat,nf_nat > >> nf_conntrack 55540 4 > >> ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4 > >> ipv6 235364 29 > >> crypto_blkcipher 15236 1 ecb -- To UNSUBSCRIBE, email to debian-testing-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Bug in avahi? was: Notebook as Internet client as well as router (for the other computers) by David Moerike-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message iptables -t nat -o eth0 -A POSTROUTING -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward These lines seem to work fine, the problem is something else. At present time - through avahi - the local address of the server (notebook) is 169.254.195.183 on eth2 and ot the other computer (client) 169.254.10.246 When running - on the client - iceweasel (firefox) http://91.198.174.2 that is the german wikipedia, and then on the client a ping -c3 on that address sniffit -a -b -P ICMP,TCP -t 91.198.174.2 -F eth2 (on the server) shows: eurobook-debian:/home/david# sniffit -a -b -P ICMP,TCP -t 91.198.174.2 -F eth2 Forcing device to eth2 (user requested)... Make sure you have read the docs carefully. Supported Network device found. (eth2) Sniffit.0.3.7 Beta is up and running.... (91.198.174.2) Packet ID (from_IP.port-to_IP.port): 0.0.0.0.43280-91.198.174.2.80 E . . < . & @ . @ . . . . . . . [ . . . . . . P . . A . . . . . . . . . . . . . . . . . . . . . . . C . . . . . . . . . Packet ID (from_IP.port-to_IP.port): 0.0.0.0.43280-91.198.174.2.80 E . . < . ' @ . @ . . . . . . . [ . . . . . . P . . A . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . Packet ID (from_IP.port-to_IP.port): 0.0.0.0.43280-91.198.174.2.80 E . . < . ( @ . @ . . . . . . . [ . . . . . . P . . A . . . . . . . . . . . . . . . . . . . . . . . L . . . . . . . . . ICMP message id: 0.0.0.0 > 91.198.174.2 ICMP type: Echo ICMP message id: 0.0.0.0 > 91.198.174.2 ICMP type: Echo ICMP message id: 0.0.0.0 > 91.198.174.2 ICMP type: Echo When running the sniffer on the client (without the -F option because it has only one network adapter, eth0), there is the same result. Before running the iceweasel and the ping on the client, I entered route add default gw 169.254.195.183 _Conclusion:_ The client sends every package, that is not for the LAN, with the source address 0.0.0.0 - so I believe it's a bug, maybe in the kernel or in package avahi-daemon or avahi-autoipd. So I want to set up a - local - DHCP server on the laptop, instead of using avahi. David Jordi Ferrando Fabra schrieb: > Sorry for the complex script. > > If you have eth0 connected to the internet these two lines add DNAT to > the LAN > iptables -t nat -o eth0 -A POSTROUTING -j MASQUERADE > echo 1 > /proc/sys/net/ipv4/ip_forward > > On the LAN, I don't see what address you are using. > Assuming LAN is eth1 and the "server" has address 192.168.1.1 with > network mask 255.255.255.0 > The others computer on the LAN should have addressing as: > -- To UNSUBSCRIBE, email to debian-testing-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...