Firestarter on Fedora

Hi,

I hope this is the correct place to post this... (and apologies if I
get any teminology wrong, I'm still a relatively newbie with Linux
admin).

I've got the following setup:

Internet connection -> wireless router (192.168.0.1) -> Fedora (eth0)
(DHCP / 192.168.0.3) -> Fedora (eth1) (192.168.0.100)-> Switch -> ~10
Windows computers (192.168.0.101-110)

I want to share the internet between all 10 Windows computers, and
after trying to understand iptables, realised Firestarter should do
all the hardwork for me! I've downloaded and installed it, but I still
have problems. The most obvious problems are
- after installing Firestarter, I can't get any of the Windows
computers to recognise the internet (whether using static or dynamic
IP addresses)
- even though I've run the Firestarter internet sharing wizard (using
the DHCP options), I get a message saying

"Failed to start the firewall

An unknown error occurred

Please check your network device settings and make sure your internet
connection is active"

My internet connection is active (I'm using it to write this!).

If I deactivate eth1 then I don't get the error message. When I
restart the network (/etc/init.d/network restart) I get the following:

--------

Shutting down interface eth0: Firewall started
Failed to start DHCP server
[ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
SIOCGIFFLAGS: No such device
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...External network device eth0 is
not ready. Aborting..
Internal network device eth1 is not ready. Aborting..
done.
[ OK ]
Bringing up interface eth1: [ OK ]
--------

When I run ifconfig -a, for eth1, it gives the inet addr as
192.168.1.100 (*not* 192.168.0.100) - is this something that could be
causing a problem? I can post the full results of ipconfig and route -
n if it's helpful. I also hope to run Samba eventually - is this
something I should take into consideration at this stage?

If anyone can answer any of my problems I'd be most grateful!

Thanks,
Chris

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ChrisW wrote:
> Hi,
>
> I hope this is the correct place to post this... (and apologies if I
> get any teminology wrong, I'm still a relatively newbie with Linux
> admin).
>
> I've got the following setup:
>
> Internet connection -> wireless router (192.168.0.1) -> Fedora (eth0)
> (DHCP / 192.168.0.3) -> Fedora (eth1) (192.168.0.100)-> Switch -> ~10
> Windows computers (192.168.0.101-110)

I've not used Firestarter.

You've not indicated any network masks, so I'm assuming they're /24. Is
there any specific reason you chose eth0 and eth1 of your Fedora box to be
of same network.

If you put your 'eth1' and your Windows boxen in different network
than 'eth0', you can setup internet connection sharing very easily.

Edit '/etc/sysctl.conf' and set 'net.ipv4.ip_forward' equals to '1'. This
will enable IPv4 packet forwarding between your interfaces. Now you need to
enable masquerading, to do this simply execute:

root# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now try accessing internet from your other Windows box, if it works, you
need to save this firewall configuration, execute:

root# iptables-save >/etc/sysconfig/iptables

Above command will also overwrite your existing firewall rules. So it is
better to first create a desired firewall, using 'iptables' command, and
then save all rules at once using 'iptables-save'.

HTH
- --
Ashish Shukla आशीष श�क�ल http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHSo4JHy+EEHYuXnQRAo4kAJ9RKhYVETcdWKiWhk47c5 HJ1MpNDQCeMpH5
qu9ygfbOjgZfcJKI/bKv8Rs=
=SGgn
-----END PGP SIGNATURE-----

> You've not indicated any network masks, so I'm assuming they're /24. Is
> there any specific reason you chose eth0 and eth1 of your Fedora box to be
> of same network.

Would it be correct then to have eth0 as 192.168.0.3 and eth1 as
192.168.1.100, and the Windows computers as 192.168.1.101-110?

> If you put your 'eth1' and your Windows boxen in different network
> than 'eth0', you can setup internet connection sharing very easily.
>
> Edit '/etc/sysctl.conf' and set 'net.ipv4.ip_forward' equals to '1'. This
> will enable IPv4 packet forwarding between your interfaces. Now you need to
> enable masquerading, to do this simply execute:
>
> root# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> Now try accessing internet from your other Windows box, if it works, you
> need to save this firewall configuration, execute:
>
> root# iptables-save >/etc/sysconfig/iptables
>
> Above command will also overwrite your existing firewall rules. So it is
> better to first create a desired firewall, using 'iptables' command, and
> then save all rules at once using 'iptables-save'.
>

Thanks, I'll have a go (presumably this should "just work" if my
assumption about different networks (see above) is correct...?)

Chris

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

,--- ChrisW writes:

[...]

| Would it be correct then to have eth0 as 192.168.0.3 and eth1 as
| 192.168.1.100, and the Windows computers as 192.168.1.101-110?

It'll be correct, but make sure network mask of both interfaces are
255.255.255.0 .

HTH
- --
Ashish Shukla आशीष श�क�ल http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHSw4DHy+EEHYuXnQRAoK2AKDu6CUT7Vh3dnFgP4E4nr yZMUz7dQCfWcOj
iY1V6PkPA2mTn6knRaFHfvI=
=GJbM
-----END PGP SIGNATURE-----

>
> | Would it be correct then to have eth0 as 192.168.0.3 and eth1 as
> | 192.168.1.100, and the Windows computers as 192.168.1.101-110?
>
> It'll be correct, but make sure network mask of both interfaces are
> 255.255.255.0 .

Thanks very much, this works! (After I worked out I had to supply
Windows with an appropriate DNS server as well). It only worked after
restarting Fedora, not just restarting the network service.. is there
any reason for this?

Chris

ChrisW wrote:

>>
>> | Would it be correct then to have eth0 as 192.168.0.3 and eth1 as
>> | 192.168.1.100, and the Windows computers as 192.168.1.101-110?
>>
>> It'll be correct, but make sure network mask of both interfaces are
>> 255.255.255.0 .
>
> Thanks very much, this works! (After I worked out I had to supply
> Windows with an appropriate DNS server as well). It only worked after
> restarting Fedora, not just restarting the network service.. is there
> any reason for this?

That's probably due to the fact that sysctl 'net.ipv4.ip_forward' is not set
to 1 which is required for packet forwarding between IPv4 interfaces. You
just set the entry in '/etc/sysctl.conf' and entries
from '/etc/sysctl.conf' are read and executed the time of bootup.

If you want that to be immediately effective, you could try:

root# sysctl net.ipv4.ip_forward=1

Sorry I forgot to mention this.

>
> Chris

HTH
--
Ashish Shukla आशीष श�क�ल http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --