You are not logged in.
Hey guys, I've been struggling trying to get my LAN setup with arch as a router. My setup is going to be: internet -> arch router -> hub -> other computers.
I've searched the forums but I'm pretty lost on what's going on with the networking. I was able to use Coyote Linux to get this to work out, but I'd much rather have a concrete Arch setup running my server. Please help with anything you can.
Offline
As a little addition, I'd like to add, this internet connection is coming from a cable modem, into eth0 and going out on eth1.
Offline
Offline
There's no internet connection sharing, which is really what I'm trying to get to happen.
Offline
Please, first check arch fourms and wiki - there are similar threads already.
Also (almost) any linux networking guide should be working with arch - and there are plenty of them.
You should search for iptables nat (network address translation) and packet forwarding. Basic configuration should be quite easy but it depends on your internet and local network configuration (software and hardware).
Offline
.... like this http://bbs.archlinux.org/viewtopic.php? … t=iptables
Offline
Ok guys, I've run through a lot of iptables and nat links and tried some things. But I still can't get the internet shared. The client computers still can't connect to the router. Is there something in rc.conf I need to change? I've already messed with the gateway option, but it's done nothing. Would this still need to have the dhcp option on the client to load? I'm vey confused/
Offline
here's some more info for anyone that wants to take a peek:
rc.conf of router:
# /etc/rc.conf - Main Configuration for Arch Linux
#
#
# Localization
#
# HARDWARECLOCK: set to "UTC" or "localtime"
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: fount in /usr/share/kbd/consolefonts (only needed for non-us)
# USECOLOR: use ANSI color sequences in startup messages
#
HARDWARECLOCK="localtime"
TIMEZONE=Canada/Pacific
KEYMAP=us
CONSOLEFONT=
USECOLOR="yes"
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
#
# Networking
#
HOSTNAME="YourDad"
#
# Module to load at boot-up (in this order)
# (prefix a module with a ! to disable it)
#
MODULES=(!usbserial !ide-scsi natsemi 3c509 sr_mod hw_random parport_pc parport ohci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm snd_page_alloc snd_timer snd_ac97_codec snd soundcore gameport shpchp pci_hotplug tsdev evdev crc32 rtc lp)
#
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# (prefix an interface in INTERFACES with a ! to disable it)
#
# Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
#
lo="lo 127.0.0.1"
eth0="dhcp"
#eth1="dhcp"
eth1="eth1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(lo eth0 eth1)
#
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# (prefix a route in ROUTES with a ! to disable it)
#
gateway="default gw 192.168.0.1"
#gateway="default gw 65.24.88.1"
ROUTES=(!gateway)
#
# Daemons to start at boot-up (in this order)
# (prefix a daemon with a ! to disable it)
#
DAEMONS=(syslog-ng hotplug !pcmcia network netfs crond sshd rc.ipmasq !iptables proftpd)
# End of file
And here's the iptables nat setup I used:
#!/bin/sh
IPTABLES=/usr/sbin/iptables
#All The lines below are NAT routing
# flush any old rules
$IPTABLES -F -t nat
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.1/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.0.1/24 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward
and finally an ifconfig:
eth0 Link encap:Ethernet HWaddr 00:A0:CC:76:0D:38
inet addr:165.45.15.107 Bcast:255.255.255.255 Mask:255.255.248.0
inet6 addr: fe80::2a0:ccff:fe76:d38/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12450 errors:0 dropped:0 overruns:0 frame:0
TX packets:1149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1748956 (1.6 Mb) TX bytes:161417 (157.6 Kb)
Interrupt:10 Base address:0x7000
eth1 Link encap:Ethernet HWaddr 00:50:04:88:25:B6
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:4ff:fe88:25b6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6232 (6.0 Kb) TX bytes:1854 (1.8 Kb)
Interrupt:11 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:544 (544.0 b) TX bytes:544 (544.0 b)
Offline
i did a similar simple set up on the distcc machines
i used http://bbs.archlinux.org/viewtopic.php? … ight=arnos
this to nat its nice and easy
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU/ d- s: a- C L U P+ L+++ E--- W+
N 0+ K- W-- !O !M V-- PS+ PE- V++ PGP T 5 Z+ R* TV+ B+
DI-- D- G-- e-- h! r++ z+ z*
------END GEEK CODE BLOCK------
Offline
did you enable ip forwarding?
Not sure how up to date this is, but I did a quick google, and it looked promising.
http://www.wfu.edu/~mudayja/router.html
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Have you looked into IPcop?
very clean little distro that sets up all this stuff automatically. Might be worth it to have that setup and then poke around in there until you get a better understanding of how the configuration is supposed to look.
Offline
I used Smoothwall for the longest time - smoothwall is very nice - and built on top of IPcop
Offline
MODULES=(!usbserial !ide-scsi natsemi 3c509 sr_mod hw_random parport_pc parport ohci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm snd_page_alloc snd_timer snd_ac97_codec snd soundcore gameport shpchp pci_hotplug tsdev evdev crc32 rtc lp)
Thanks for showing me that... now I'm gonna have nightmares
DaDeXTeR (Martin Lefebvre)
My screenshots on PicasaWeb
[img]http://imagegen.last.fm/dadexter/recenttracks/dadexter.gif[/img]
Offline
eth1 192.168.0.1
gateway="default gw 192.168.0.1"
Now that can't be right. You need to set up your ISP's gateway, not your own IP.
EDIT: And it's disabled. Oops. Yeah, it's dhcp.
Offline
Well, I just ended up turning my old box into a FreeBSD server, which happened to be pretty easy to setup. Thanks for the help anyway, everyone. You guys are great.
Offline
I once had a OpenBSD router.
when the harddrive failed, I installed FreeBSD and tried to run pf with it.
after 2 days of struggle, I ended up installing Gentoo.
gentoo sucks on the desktop, but as a server, gentoo is great.
To err is human... to really foul up requires the root password.
Offline
Why not just d/l a 20mb iso of ipcop and install that, it's a dedicated routing/firewall distro and is very nice and easy to setup, all web-based gui.
It's very very very nice. and it's all gpl
Offline
how up to date is ipcop. last time i checked there hadn't been much going on it seemed devel/release wise.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Kernel-wise, it's 2.4.27
The 1.4.0 release was made public on 10/1/2004, so that's pretty recent.
The snort version installed is 2.1.3, which is the last of the 2.1.x line, so that's not horribly out-of-date.
I've been really happy with it so far... it's even got audio alerts for the box going up/down and the interfaces changing state so it's easier to run it with no monitor.
Offline
cool. so it is more up to date than I remembered. They must have been doing lots of work "behind the scenes".
8)
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
try m0n0wall - you can fit the default install into a 8 MByte compact flash disc
To err is human... to really foul up requires the root password.
Offline