I'm trying to setup a system to tunnel ssh through a server to a router. Basically
Internet > External Server > SShuttle > Local Server > Router > Local Computers
The problem arises between the local server and router. I have two network cards, one into my local internet and one to the router, and tunneling works fine on the server. I have also setup the server to share its internet, or at least I think I have. DHCP server works fine, and I get an ip address assigned when I plug in another computer to the server, but i have no network access. I'm not sure of the next step to take here, do I need a iptables setup or something? Is it even possible?
Last edited by Danice123 (2013-08-27 01:13:50)
Welcome to the forums.
What are you actually trying to do? That is, what is that set up designed to achieve? Maybe your description would make more sense to somebody more knowledgeable but it doesn't to me, at least. Shouldn't the router be distributing IP addresses? And in what sense does tunnelling work on the server? Which server? How can it work fine on a single box?
Just very confused...
Sorry for being confusing, I don't really know what information is needed identify my problem.
I have a desktop computer (my local server) running arch. This server uses sshuttle (https://github.com/apenwarr/sshuttle) to tunnel its connection through to a server I am renting, sshuttle is basically an ssh tunnel with added python steamlining. It is configured to forward set subnets through said tunnel. I then wish to connect a computer into the local server through an additional network card on the local server. This computer's connection is also supposed to be tunneled through the tunnel on the server.
Where everything breaks down is the connection between the local server and the computer plugged into it. I have dhcp configured and working, but the computer gets no connection to the internet. I've messed around with iptables using this guide (https://wiki.archlinux.org/index.php/Internet_Share), but I haven't succeeded in getting anything working. The tunnel does work on the local server however, so it;s not a problem there (i think).
The whole point here is to tunnel around a http proxy, I want to hook up xbox's and other devices that have no proxy settings, so a tunnel becomes necessary.
I think I just need a point in the right direction on what I should look at to get this working. Again, sorry if this is rather confusing, I am just stumped. I'd really appreciate any help.
I would like to add that even without the tunnel, I still am not able to share the internet through my server. I followed the Internet_Share wiki, and I get nothing. What am I missing here...
Thanks. That's much clearer.
So probably you should post your iptables rules for the local server and explain how you try to connect to the internet from the connected computer and what errors you get. Trying this with as simple a network as possible will probably help diagnose the problem. E.g. try it, as you say, without the tunnel since that doesn't seem to be the problem and ditto for the router or whatever.
EDIT: I assume you have either a crossover cable or know you don't need one as explained in the wiki?
Last edited by cfr (2013-08-26 03:19:02)
I do have a gigabit Ethernet card in the server, so I assume that all I need is a Ethernet cord.
The two configurations I have used in iptables is this from internet share
# iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE # iptables-save > /etc/iptables/iptables.rules # systemctl start iptables
And this from Router: https://wiki.archlinux.org/index.php/Si … AT_gateway
The first seemed to work better, but neither allow me any internet connection. This is without the tunnel also.
 Would this problem be related to dns resolution? Should I be setting up a dnsmasq server also?
Last edited by Danice123 (2013-08-26 03:31:16)
Is the interface name really internet0?
You should post the output of iptables --list-rules. [Assuming you are using ipv4.]
Last edited by cfr (2013-08-26 03:38:08)
No sorry, I just posted the example off the page. My interfaces are enp2s0 and emp3s5, and I did switch the names in.
The other ends up being:
# Generated by iptables-save v22.214.171.124 on Mon Aug 26 11:12:54 2013 *filter :INPUT ACCEPT [1703:163541] :FORWARD DROP [0:0] :OUTPUT ACCEPT [128:11660] :fw-interfaces - [0:0] :fw-open - [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j fw-interfaces -A FORWARD -j fw-open -A FORWARD -j REJECT --reject-with icmp-host-unreachable -A fw-interfaces -i enp2s0 -j ACCEPT COMMIT # Completed on Mon Aug 26 11:12:54 2013 # Generated by iptables-save v126.96.36.199 on Mon Aug 26 11:12:54 2013 *nat :PREROUTING ACCEPT [428:45078] :INPUT ACCEPT [428:45078] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o enp2s0 -j MASQUERADE -A POSTROUTING -s 192.168.0.0/24 -o enp3s5 -j MASQUERADE COMMIT # Completed on Mon Aug 26 11:12:54 2013
Last edited by Danice123 (2013-08-26 03:38:57)
Please post the output of iptables --list-rules. [Assuming you are using ipv4.]
-P INPUT ACCEPT -P FORWARD DROP -N fw-interfaces -N fw-open -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j fw-interfaces -A FORWARD -j fw-open -A FORWARD -j REJECT --reject-with icmp-host-unreach -A fw-interfaces -i enp2s0 -j ACCEPT
I finally switched to using netctl and bridging my two ethernet cards, which works great.