Sharing connection - last step problem / DNS server? [SOLVED]

Zzipo · 2013-04-08 18:28:01

Hi, I followed the guide:
https://wiki.archlinux.org/index.php/Internet_Share

And I did exactly the next steps:

[Server machine]
wlan0 receives "internet connection"
eth0 will distribute internet connection shared

ip link set up dev eth0
ip addr add 10.0.0.100/24 dev eth0
sysctl net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/iptables.rules
sudo systemctl restart iptables

[Client machine]

sudo ip addr add 10.0.0.120/24 dev enp2s0
sudo ip link set up dev enp2s0
sudo ip route add default via 10.0.0.100 dev enp2s0
sudo echo "nameserver 10.0.0.100" | sudo tee /etc/resolv.conf

I try with those ips, and also with the range 130.0.0.100 and 130.0.0.120, but nothing (I thought that maybe the 10.X.X.X was reserved for local)

I try also disabling iptables from the "server" machine (systemctl stop iptables). The client doesn't have yet iptables activated by default.

I try also writing in the resolv.conf of the client machine:
- manually the values of the resolv.conf of the server.machine
- manually the nameserver 8.8.8.8 and nameserver 8.8.4.4

And nothing.

The problem is that if I do:
ping -c 1 www.google.com
it needs like 20 seconds and it says:
"ping: unknown host www.google.com"

Ah, if i do: ping -c 1 10.0.0.100 it answers correctly the received packet.

In client:

$ route
Kernel IP routing table
Destination  Gateway       Genmask         Flags      Metric     Ref     Use     Iface
default      10.0.0.100     0.0.0.0         UG          0        0       0     enp2s0
10.0.0.0     *              255.255.255.0   U           0       0       0     enp2s0

What do you think it should be?

Last edited by Zzipo (2013-04-09 20:23:12)

aiBo · 2013-04-08 18:41:20

Have you tried pinging a public IP address in the Internet? Like the Google name server 8.8.8.8?

If that works then your problem is your name server on the client machine.

Last edited by aiBo (2013-04-08 18:43:55)

Zzipo · 2013-04-08 18:42:50

Yep, i forgot to say.

ping -c 1 8.8.8.8
100% packet loss

aiBo · 2013-04-08 18:49:51

Are there any other iptables rules defined on the server machine?

Zzipo · 2013-04-08 18:55:04

Buf, yep, I forgot to write.
Probably is something related to this, but the problem is that I just followed the guide of Simple Stateful Firewall... but I really didn't understand everything I was doing (just some parts).

And I don't know how it involves with the new rule.

$ cat /etc/iptables/iptables.rules 
# Generated by iptables-save v1.4.16.3 on Mon Apr  8 20:53:17 2013
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [61:3828]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Mon Apr  8 20:53:17 2013
# Generated by iptables-save v1.4.16.3 on Mon Apr  8 20:53:17 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [26:1675]
:OUTPUT ACCEPT [312473:234447793]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A INPUT -p icmp -m icmp --icmp-type 8 -m recent --set --name ping_limiter --mask 255.255.255.255 --rsource
-A INPUT -p icmp -m icmp --icmp-type 8 -m recent --update --seconds 4 --hitcount 6 --name ping_limiter --mask 255.255.255.255 --rsource -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
-A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
-A UDP -p udp -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Mon Apr  8 20:53:17 2013

But I tried disabling the service of iptables and nothing..

More info:
[Server machine]

$ ip route
default via 192.168.1.1 dev wlan0  metric 303 
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.100 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.105  metric 303 

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:54:06:28:46 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.100/24 scope global eth0
    inet6 fe80::224:54ff:fe06:2846/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:26:5e:80:5b:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.105/24 brd 192.168.1.255 scope global wlan0
    inet6 fe80::226:5eff:fe80:5be6/64 scope link 
       valid_lft forever preferred_lft forever

[Client machine]

$ ip route
default via 10.0.0.100 dev enp2s0
10.0.0.0/24 dev enp2s0 proto kernel scope link src 10.0.0.120

$ ip addr
1: lo ...
2: enp2s0
   inet 10.0.0.120/24 scope global enp2s0
...
3: wlp1s0

Last edited by Zzipo (2013-04-08 18:59:58)

nomorewindows · 2013-04-08 18:58:15

I would recommend using the internet DNS server for the client instead of going double through the internet share router. I would also recommend using dhcp for automatic configuration of clients, so that they can get their name server and near router address from the internet share machine. Some devices don't work without having a static address, and not with dhcp.

aiBo · 2013-04-08 18:59:28

Allright, I guess the problem might be that your server drops packets which you want to be forwarded, because the default FORWARD rule is DROP.

Try to add these rules:

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT

Disabling iptables doesn't work, since you need the Masquerading rule which you have defined at the very beginning in the nat table.

Last edited by aiBo (2013-04-08 19:03:47)

nomorewindows · 2013-04-08 19:01:36

Unless your machine is directly connected to the internet and it is the firewall, that's when you need the stateful firewall. Otherwise, you can get by with just the masquerade.

Zzipo · 2013-04-08 19:12:51

I just did what you said and nothing..

$ cat /etc/iptables/iptables.rules 
# Generated by iptables-save v1.4.16.3 on Mon Apr  8 21:01:45 2013
*nat
:PREROUTING ACCEPT [12:919]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [6806:477985]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Mon Apr  8 21:01:45 2013
# Generated by iptables-save v1.4.16.3 on Mon Apr  8 21:01:45 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1660:1314332]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A INPUT -p icmp -m icmp --icmp-type 8 -m recent --set --name ping_limiter --mask 255.255.255.255 --rsource
-A INPUT -p icmp -m icmp --icmp-type 8 -m recent --update --seconds 4 --hitcount 6 --name ping_limiter --mask 255.255.255.255 --rsource -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
-A UDP -p udp -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Mon Apr  8 21:01:45 2013

$ sudo systemctl restart iptables.service
$ systemctl status iptables
iptables.service - Packet Filtering Framework
          Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
          Active: active (exited) since Mon 2013-04-08 21:05:38 CEST; 5s ago
         Process: 5995 ExecStop=/usr/lib/systemd/scripts/iptables-flush (code=exited, status=0/SUCCESS)
         Process: 6002 ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules (code=exited, status=0/SUCCESS)

Apr 08 21:05:38 localhost systemd[1]: Starting Packet Filtering Framework...
Apr 08 21:05:38 localhost systemd[1]: Started Packet Filtering Framework.

I am trying directly with ping -c 1 8.8.8.8, and still 100% packet loss.

nomorewindows wrote:

Unless your machine is directly connected to the internet and it is the firewall, that's when you need the stateful firewall...

I am using my computer connected to a Router.
I though iptables was created as a firewall... and that the simple stateful firewall was for the normal "cautious" rules to avoid problems, like open ports, etc. So, was I incorrect?

The funny thing is that I tried to scan ports on a machine with ArchLinux without iptables rules and it says "no open ports".

nomorewindows wrote:

Some devices don't work without having a static address, and not with dhcp.

I don't understand. I think you say that some devices only work with static address, and not dhcp (maybe because they don't have a dhcp server?).

I am trying to use static ip because is just one computer, and i will use sharing connection eventually.

nomorewindows · 2013-04-08 19:30:56

nomorewindows wrote:

Unless your machine is directly connected to the internet and it is the firewall, that's when you need the stateful firewall...

Zzipo wrote:

I am using my computer connected to a Router.
I though iptables was created as a firewall... and that the simple stateful firewall was for the normal "cautious" rules to avoid problems, like open ports, etc. So, was I incorrect?
The funny thing is that I tried to scan ports on a machine with ArchLinux without iptables rules and it says "no open ports".

Some of the rules in stateful firewall are default, but nothing harmed, unless you are blocking dns or something. Other rules in stateful lock it down more. If you are already behind the router, the masquerade rule is sufficient. You could save the rules you have to a backup, and just use only the masquerade rule to see if it helps.

nomorewindows wrote:

Some devices don't work without having a static address, and not with dhcp.

Zzipo wrote:

I don't understand. I think you say that some devices only work with static address, and not dhcp (maybe because they don't have a dhcp server?).
I am trying to use static ip because is just one computer, and i will use sharing connection eventually.

Some devices are tempormental with dhcp, and work better with static addresses, but if your clients are just normal pcs, I would recommend using dhcp. You can set repetitive values in dhcp so that you don't have to keep manually entering them. There are also other values (called "option") that can be useful for other things such as PXE clients. Once you get things set right in dhcp, you should be able to do it without problems. I would make sure that the address your client is using is still in the correct ip pool. There are some ipcalc utils in the repos, to make sure.

Zzipo · 2013-04-09 13:06:45

Perfect, thanks.

Ok, I have done that, with the default rules and add just the masquerade, and now it works.

now, I have tried to do using dhcpd, and I have some problems. I followed this guide: https://wiki.archlinux.org/index.php/Dhcpd

I don't get what is the problem, at least I don't find it.

I installed dhcpd in the server machine and I wrote this:

$ cat /etc/dhcpd.conf
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 10.0.0.100;
subnet 10.0.0.0 netmask 255.255.255.0 {
       range 10.0.0.130 10.0.0.140
}

$ cat /etc/conf.d/dhcpd
#We will provide dhcpd via eth0
DHCP4_ARGS="-q eth0"

$ sudo ip addr add 10.0.0.100/24 dev eth0

$ sudo ip link set up dev eth0

$ ip route add 255.255.255.255 dev eth0

$ sudo systemctl start dhcpd4
Job for dhcpd4.service failed. See 'systemctl status dhcpd4.service' and 'journalctl -xn' for details.

$ sudo systemctl status dhcpd4
dhcpd4.service - IPv4 DHCP server
          Loaded: loaded (/usr/lib/systemd/system/dhcpd4.service; disabled)
          Active: failed (Result: exit-code) since Tue 2013-04-09 14:53:29 CEST; 11s ago
         Process: 9740 ExecStart=/usr/sbin/dhcpd -4 -q -pf /run/dhcpd4.pid (code=exited, status=1/FAILURE)

Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: If you did not get this software from ftp.isc.org, please
Apr 09 14:53:29 localhost dhcpd[9740]: get the latest from ftp.isc.org and install that before
Apr 09 14:53:29 localhost dhcpd[9740]: requesting help.
Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: If you did get this software from ftp.isc.org and have not
Apr 09 14:53:29 localhost dhcpd[9740]: yet read the README, please read it before requesting help.
Apr 09 14:53:29 localhost systemd[1]: dhcpd4.service: control process exited, code=exited status=1
Apr 09 14:53:29 localhost systemd[1]: Failed to start IPv4 DHCP server.
Apr 09 14:53:29 localhost systemd[1]: Unit dhcpd4.service entered failed state

$ sudo journalctl -xn
-- Logs begin at Wed 2013-02-27 22:50:03 CET, end at Tue 2013-04-09 14:53:41 CEST. --
Apr 09 14:53:29 localhost dhcpd[9740]: the README file.
Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: exiting.
Apr 09 14:53:29 localhost sudo[9737]: pam_unix(sudo:session): session closed for user root
Apr 09 14:53:29 localhost systemd[1]: dhcpd4.service: control process exited, code=exited status=1
Apr 09 14:53:29 localhost systemd[1]: Failed to start IPv4 DHCP server.
-- Subject: Unit dhcpd4.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
-- 
-- Unit dhcpd4.service has failed.
-- 
-- The result is failed.
Apr 09 14:53:29 localhost systemd[1]: Unit dhcpd4.service entered failed state
Apr 09 14:53:41 localhost sudo[9743]: ussr1 : TTY=pts/3 ; PWD=/home/ussr1 ; USER=root ; COMMAND=/usr/bin/systemctl stat
Apr 09 14:53:41 localhost sudo[9743]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 09 14:53:41 localhost sudo[9743]: pam_unix(sudo:session): session closed for user root

I don't know if this is correct:
- DHCP4_ARGS="-q eth0" says "just provide dhcpd server to eth0 interface connections?"
- route add 255.255.255.255 dev eth0 What is? I read about Routing table but still I don't understand "Another step is to tell the routing table on which interface to listen to for the 255.255.255.255 broadcasts" .

nomorewindows · 2013-04-09 13:30:18

Zzipo wrote:

Perfect, thanks.

Ok, I have done that, with the default rules and add just the masquerade, and now it works.

now, I have tried to do using dhcpd, and I have some problems. I followed this guide: https://wiki.archlinux.org/index.php/Dhcpd

I don't get what is the problem, at least I don't find it.

I installed dhcpd in the server machine and I wrote this:

$ cat /etc/dhcpd.conf
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 10.0.0.100;
subnet 10.0.0.0 netmask 255.255.255.0 {
       range 10.0.0.130 10.0.0.140
}

$ cat /etc/conf.d/dhcpd
#We will provide dhcpd via eth0
DHCP4_ARGS="-q eth0"

$ sudo ip addr add 10.0.0.100/24 dev eth0

$ sudo ip link set up dev eth0

$ ip route add 255.255.255.255 dev eth0

$ sudo systemctl start dhcpd4
Job for dhcpd4.service failed. See 'systemctl status dhcpd4.service' and 'journalctl -xn' for details.

$ sudo systemctl status dhcpd4
dhcpd4.service - IPv4 DHCP server
          Loaded: loaded (/usr/lib/systemd/system/dhcpd4.service; disabled)
          Active: failed (Result: exit-code) since Tue 2013-04-09 14:53:29 CEST; 11s ago
         Process: 9740 ExecStart=/usr/sbin/dhcpd -4 -q -pf /run/dhcpd4.pid (code=exited, status=1/FAILURE)

Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: If you did not get this software from ftp.isc.org, please
Apr 09 14:53:29 localhost dhcpd[9740]: get the latest from ftp.isc.org and install that before
Apr 09 14:53:29 localhost dhcpd[9740]: requesting help.
Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: If you did get this software from ftp.isc.org and have not
Apr 09 14:53:29 localhost dhcpd[9740]: yet read the README, please read it before requesting help.
Apr 09 14:53:29 localhost systemd[1]: dhcpd4.service: control process exited, code=exited status=1
Apr 09 14:53:29 localhost systemd[1]: Failed to start IPv4 DHCP server.
Apr 09 14:53:29 localhost systemd[1]: Unit dhcpd4.service entered failed state

$ sudo journalctl -xn
-- Logs begin at Wed 2013-02-27 22:50:03 CET, end at Tue 2013-04-09 14:53:41 CEST. --
Apr 09 14:53:29 localhost dhcpd[9740]: the README file.
Apr 09 14:53:29 localhost dhcpd[9740]: 
Apr 09 14:53:29 localhost dhcpd[9740]: exiting.
Apr 09 14:53:29 localhost sudo[9737]: pam_unix(sudo:session): session closed for user root
Apr 09 14:53:29 localhost systemd[1]: dhcpd4.service: control process exited, code=exited status=1
Apr 09 14:53:29 localhost systemd[1]: Failed to start IPv4 DHCP server.
-- Subject: Unit dhcpd4.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
-- 
-- Unit dhcpd4.service has failed.
-- 
-- The result is failed.
Apr 09 14:53:29 localhost systemd[1]: Unit dhcpd4.service entered failed state
Apr 09 14:53:41 localhost sudo[9743]: ussr1 : TTY=pts/3 ; PWD=/home/ussr1 ; USER=root ; COMMAND=/usr/bin/systemctl stat
Apr 09 14:53:41 localhost sudo[9743]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 09 14:53:41 localhost sudo[9743]: pam_unix(sudo:session): session closed for user root

I don't know if this is correct:
- DHCP4_ARGS="-q eth0" says "just provide dhcpd server to eth0 interface connections?"
- route add 255.255.255.255 dev eth0 What is? I read about Routing table but still I don't understand "Another step is to tell the routing table on which interface to listen to for the 255.255.255.255 broadcasts" .

DHCP4_ARGS="-q" will allow for any interfaces that match the subnet/etc.
When dhcp issues its' address, it will automatically figure out what the broadcast address is.
Give your ifconfig so that we can see if you have changed to the demangled network naming convention and to make sure of the fact that we aren't assigning an address to the wrong interface. You only need to set a static address on the far side (internal) of your router. The dhcp can come from your internet router (ISP side) for the other side.

All your /etc/dhcpd.conf needs is like this:

subnet 10.0.0.0 netmask 255.255.255.224 {
range 10.0.0.10 10.0.0.20;
option routers (whatever the static ip of the internal network side is);
option time-servers 132.164.3.102;
option domain-name-servers 208.67.222.222,208.67.220.220,8.8.8.8;
}

You may also want to define your interfaces in /etc/network.d and enable them with systemd by netcfg@(interface).

Last edited by nomorewindows (2013-04-09 13:44:38)

Zzipo · 2013-04-09 14:29:40

is necessary the time-servers?

My idea is just to have a network 192.168.1.X where there are different computers (only one is mine), the other of other users of the same network.

I have access to the router of the all users, it is located in 192.168.1.1

And then I want to create the dhcp server in my machine (something that I got with static IP finally by disabling the rules of the firewall in my iptables), to provide another network to another computers (mine) connected to my computer, and I though in the 10.0.0.X network.

$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.100  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::224:54ff:fe06:2846  prefixlen 64  scopeid 0x20<link>
        ether 00:24:54:06:28:46  txqueuelen 1000  (Ethernet)
        RX packets 39  bytes 2550 (2.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27  bytes 2451 (2.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2857  bytes 251936 (246.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2857  bytes 251936 (246.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.105  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::226:5eff:fe80:5be6  prefixlen 64  scopeid 0x20<link>
        ether 00:26:5e:80:5b:e6  txqueuelen 1000  (Ethernet)
        RX packets 1218659  bytes 204379561 (194.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2065100  bytes 1658062553 (1.5 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I have tried now:

$ cat /etc/dhcp.conf
subnet 10.0.0.0 netmask 255.255.255.224 {
       range 10.0.0.10 10.0.0.20;
       option routers 192.168.1.105;
       option time-servers 132.164.3.102;
       option domain-name-servers 8.8.8.8;                                                                          
}

$ cat /etc/conf.d/dhcp
DHCP4_ARGS="-q"

$ ip route
default via 192.168.1.1 dev wlan0  metric 303 
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.100 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.105  metric 303

I have tried changing option routers with: 10.0.0.100, 192.168.1.1 (the router to access internet through the first network), 192.168.1.105 (the ip of the network where are other users, in the server machine).
The same error.

And, how does it know that should be the dhcp thorugh eth0?
Like in dhcpcd@eth0.service...

I don't have neither /etc/network.d/ directory, nor /etc/iftab , nor /etc/conf.d/network
(I read about changing the interface names there)
https://wiki.archlinux.org/index.php/Sy … _interface

nomorewindows · 2013-04-09 15:50:43

The dhcp server has to agree with the same subnet mask as the static ip address/subnet. So the static IP to go along with the dhcp scope should match. The static IP/subnet is 255.255.255.0 and the dhcp scope, which there is nothing wrong with using 255.255.255.0, but since there isn't likely to be many machines, I just used 255.255.255.224. But they have to match. And the router address as it is passed onto the clients on the intranet side have to route through the multi-homed router and need to use the router's static ip to pass it onto the internet side. The multi-homed router already has the gateway to the internet router, all it needs to do is pass it onto the client, and the client assumes the multi-homed router is the end point for the internet (as far as it is concerned). The DNS server can definitely use the internet address, since it is double duty to ask the multi-homed router and then pass it onto the client twice (and takes twice as long). So the subnet mask is differing. 255.255.255.224 is 10.0.0.0/27. The static IP to match up with the pool of /27 is more likely to use something like 10.0.0.1. Since it is a private network, it doesn't much matter what the hosts static ip as long as it stays within the pool. 10.0.0.100 is fine for /24.

Last edited by nomorewindows (2013-04-09 15:54:11)

Zzipo · 2013-04-09 19:14:06

Thank you very much.

Now it works.

The last questions related to dhcp.

a) The way to establish a maximum number of clients for that network is through the range? if I write: 10.0.0.10 10.0.0.10 I only allow one, ... etc? Or is there any variable to define "max-connections"/"max-limit-clients"?

b) I don't know if this makes sanse, but, imagine that I have a network where I want to provide internet connection through my connection, and I don't know previously the MAC interfaces of the clients, but I want to provide any type of "login/pass" to them, and if another try to connect to my switch and he/she hasn't got the credentials... cannot have an IP, and therefore, surf on the Web. Is changing the dhcpd.conf? Or is another mechanism? --Subquestion: even if he writes the static IP will he access to the internet?
How difficult is to guess what could be the static ip to connect to that network? Imagine that I write instead 10.0.0.100 for the gateway, 24.66.22.100. And from the client machine, I connect to the eth0 (switch, cross..). How can I guess that is in that network?

nomorewindows · 2013-04-09 20:10:59

Zzipo wrote:

Thank you very much.
Now it works.
The last questions related to dhcp.
a) The way to establish a maximum number of clients for that network is through the range? if I write: 10.0.0.10 10.0.0.10 I only allow one, ... etc? Or is there any variable to define "max-connections"/"max-limit-clients"?
b) I don't know if this makes sanse, but, imagine that I have a network where I want to provide internet connection through my connection, and I don't know previously the MAC interfaces of the clients, but I want to provide any type of "login/pass" to them, and if another try to connect to my switch and he/she hasn't got the credentials... cannot have an IP, and therefore, surf on the Web. Is changing the dhcpd.conf? Or is another mechanism? --Subquestion: even if he writes the static IP will he access to the internet?
How difficult is to guess what could be the static ip to connect to that network? Imagine that I write instead 10.0.0.100 for the gateway, 24.66.22.100. And from the client machine, I connect to the eth0 (switch, cross..). How can I guess that is in that network?

You can set a ip address to a client by MAC address, in dhcpd.conf. As far as what's on the internal network, there's several different implications that could possibly be used. I'd start a new thread for that question and mark this one solved.

Zzipo · 2013-04-09 20:22:40

Thanks, I will do.

Arch Linux

#1 2013-04-08 18:28:01

Sharing connection - last step problem / DNS server? [SOLVED]

#2 2013-04-08 18:41:20

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#3 2013-04-08 18:42:50

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#4 2013-04-08 18:49:51

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#5 2013-04-08 18:55:04

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#6 2013-04-08 18:58:15

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#7 2013-04-08 18:59:28

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#8 2013-04-08 19:01:36

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#9 2013-04-08 19:12:51

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#10 2013-04-08 19:30:56

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#11 2013-04-09 13:06:45

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#12 2013-04-09 13:30:18

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#13 2013-04-09 14:29:40

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#14 2013-04-09 15:50:43

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#15 2013-04-09 19:14:06

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#16 2013-04-09 20:10:59

Re: Sharing connection - last step problem / DNS server? [SOLVED]

#17 2013-04-09 20:22:40

Re: Sharing connection - last step problem / DNS server? [SOLVED]

Board footer