Problem setting up home ADSL <- linux -> LAN on Debian Sarge

Hi,

I have trouble setting up above configuration. I've come half way. From
"linux" computer I can work and see Internet and LAN, I just cannot access
Internet from LAN (I can access internal LAN computers).

I'd kindly ask for guidance, what is missing in my setup.

Thanks in advance,

regards,

Rob.


dcerouter_260:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
213.250.19.90 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 213.250.19.90 0.0.0.0 UG 0 0 0
ppp0


dcerouter_260:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0E:A6:A7:8B:F4
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20e:a6ff:fea7:8bf4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:778 errors:0 dropped:0 overruns:0 frame:0
TX packets:457 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:111611 (108.9 KiB) TX bytes:76826 (75.0 KiB)
Interrupt:209 Memory:feaf8000-0

eth1 Link encap:Ethernet HWaddr 00:80:5A:28:94:EA
inet6 addr: fe80::280:5aff:fe28:94ea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7121 errors:0 dropped:0 overruns:0 frame:0
TX packets:9393 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1089273 (1.0 MiB) TX bytes:5029346 (4.7 MiB)
Interrupt:193 Base address:0xd000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
TX packets:2674 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9503023 (9.0 MiB) TX bytes:9503023 (9.0 MiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:193.77.90.224 P-t-P:213.250.19.90 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2495 (2.4 KiB) TX bytes:13661 (13.3 KiB)

dcerouter_260:~$

Robert Rozman wrote:
> Hi,
>
> I have trouble setting up above configuration. I've come half way. From
> "linux" computer I can work and see Internet and LAN, I just cannot access
> Internet from LAN (I can access internal LAN computers).
>
> I'd kindly ask for guidance, what is missing in my setup.
>
> Thanks in advance,
>
> regards,
>
> Rob.
>
>
> dcerouter_260:~$ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 213.250.19.90 0.0.0.0 255.255.255.255 UH 0 0 0
> ppp0
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 0.0.0.0 213.250.19.90 0.0.0.0 UG 0 0 0
> ppp0
>
>
> dcerouter_260:~$ ifconfig
> eth0 Link encap:Ethernet HWaddr 00:0E:A6:A7:8B:F4
> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> inet6 addr: fe80::20e:a6ff:fea7:8bf4/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:778 errors:0 dropped:0 overruns:0 frame:0
> TX packets:457 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:111611 (108.9 KiB) TX bytes:76826 (75.0 KiB)
> Interrupt:209 Memory:feaf8000-0
>
> eth1 Link encap:Ethernet HWaddr 00:80:5A:28:94:EA
> inet6 addr: fe80::280:5aff:fe28:94ea/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:7121 errors:0 dropped:0 overruns:0 frame:0
> TX packets:9393 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1089273 (1.0 MiB) TX bytes:5029346 (4.7 MiB)
> Interrupt:193 Base address:0xd000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2674 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:9503023 (9.0 MiB) TX bytes:9503023 (9.0 MiB)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:193.77.90.224 P-t-P:213.250.19.90 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:23 errors:0 dropped:0 overruns:0 frame:0
> TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:2495 (2.4 KiB) TX bytes:13661 (13.3 KiB)
>
> dcerouter_260:~$
>
>
The internal LAN address you are using is in the private, non-routable
range, which means that any traffic from your local lan that makes it
out onto the Internet will be quietly dropped. This is as it should be.
It is not as simple as setting your Linux box to just route IP packets
from your LAN to the Internet as they will have the rivate IP source
address.

If the Internet connection is working then the next step is to work out
how you want to foward traffic from your local LAN to the Internet.
Basic options are NAT/Masquerade or Proxy.

NAT basically passes all your LAN traffic through to the Internet but
changes the source address to you public Internet address rather than
your private LAN address. Generally done with iptables on Linux. The
advantage to this method is that it will handle pretty much any protocol
(with the possible exception of active ftp connections and other
protcols that assign inbound ports dynamically).

Proxying runs a server on the Linux box which accepts requests then
re-issues them. The benefit is that the request/results can be
manipulated (content/virus scanned etc). Done on a per protocol basis
and used mainly for web access.

If you're a relative beginner you might want to take a look at IPCop
(http://ipcop.org/) or Smoothwall (http://smoothwall.org/). Both are
firewall distributions with NAT & Proxying already built in. They
provide a boot iso image to get you up & running (careful - they both
wipe your hard drive as part of their install). The also have a web
based admin screen. If nothing else they will give you a good
understanding of what goes into a firewall type system and how its put
together.

B.

Robert Rozman wrote:

> Hi,
>
> I have trouble setting up above configuration. I've come half way. From
> "linux" computer I can work and see Internet and LAN, I just cannot access
> Internet from LAN (I can access internal LAN computers).
>
> I'd kindly ask for guidance, what is missing in my setup.
>
> Thanks in advance,
>
> regards,
>
> Rob.
>
>
> dcerouter_260:~$ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 213.250.19.90 0.0.0.0 255.255.255.255 UH 0 0 0
> ppp0
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 0.0.0.0 213.250.19.90 0.0.0.0 UG 0 0 0
> ppp0
>
>
> dcerouter_260:~$ ifconfig
> eth0 Link encap:Ethernet HWaddr 00:0E:A6:A7:8B:F4
> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> inet6 addr: fe80::20e:a6ff:fea7:8bf4/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:778 errors:0 dropped:0 overruns:0 frame:0
> TX packets:457 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:111611 (108.9 KiB) TX bytes:76826 (75.0 KiB)
> Interrupt:209 Memory:feaf8000-0
>
> eth1 Link encap:Ethernet HWaddr 00:80:5A:28:94:EA
> inet6 addr: fe80::280:5aff:fe28:94ea/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:7121 errors:0 dropped:0 overruns:0 frame:0
> TX packets:9393 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1089273 (1.0 MiB) TX bytes:5029346 (4.7 MiB)
> Interrupt:193 Base address:0xd000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2674 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:9503023 (9.0 MiB) TX bytes:9503023 (9.0 MiB)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:193.77.90.224 P-t-P:213.250.19.90
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:23 errors:0 dropped:0 overruns:0 frame:0
> TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:2495 (2.4 KiB) TX bytes:13661 (13.3 KiB)
>
> dcerouter_260:~$
Hi!

#route add default dev ppp0
to make make ppp0 the default gateway of you Linux box
#echo "1">/proc/sys/net/ipv4/ip_forward
to make your Linux box forward packets.
Alex

"Robert Rozman" <(E-Mail Removed)> wrote in
news:aKPae.11680$(E-Mail Removed):

> I have trouble setting up above configuration. I've come half way.
> From "linux" computer I can work and see Internet and LAN, I just
> cannot access Internet from LAN (I can access internal LAN computers).

I find iptables to be quite daunting and so I took the easy way out on
this one. I installed firestarter firewall, ran the wizard, and had my
LAN on the net in minutes. I have a similar setup to you, only I use
redhat but it is the same setup that you have and firestarter is
available in deb packages. Install firestarter, then start up an x
session, and run firestarter from the menu. If you are not root at the
time, you will have to give the root password to access the firestarter
GUI. On my redhat gnome desktop, it is in the menu under system tools,
more system tools, firestarter firewall tool.

Run the wizard under the Firewall menu, "Run Wizard", answer the
questions, and you will be on the net in no time.

This is the very simplest way to to and it worked quite well for me. If
you want to do it manually, then you have to enable ipv4 forwarding on
the machine, this is easy to google for, and also enable ppp0 as the
default gateway. For me, firestarter came to the rescue, was easy as
hell, and got me setup in just a few minutes. I wanted to use smoothwall
as my webim has a module for it but smoothwall was just too darned hard
for me. I work 6 days a week as a TV repairman and am pretty tired when I
come home, I don't have the time to learn all about iptables and
masquerading, it is very time consuming but a very good thing to learn,
if you can swing the time. Good luck.

--
~Ohmster
ohmster at newsguy dot com