Arch Linux

vilwarin

Member

Registered: 2005-10-20

Posts: 28

setting up a Gateway for an internal network

Good Day Ladies and Gentlemen! ^_^

The Task:
I got an old Laptop, which wants Internetaccess via ethernet. My computer has w-lan internet access, but simply refuses to share it with poor laptop littledude.

The Set-Up:
internet:
ra0 192.168.16.64
(gateway for my computer: 192.168.16.1)
lan:
eth1 192.168.15.1

The Problem:
I have never set up a gateway for other computers before, so I consulted two tutorials, how to do it:

[1] http://yolinux.com/TUTORIALS/LinuxTutor … teway.html

[2] http://enterprise.linux.com/enterprise/ … ml?tid=100

I first tried [1] , ran the script and tried the route command:

 route add  -net 192.168.15.0  netmask 255.255.255.0 gw 192.168.16.0 dev eth1 

That gives me: SIOCADDRT: Network is unreachable
But I couldn't figure out why.

So I moved on and tried [2].
I managed the DHCP section, got a DHCP daemon running and working. My Laptop could connect to the daemon. Alas that's not enough since I also need the DNS server to resolve Internetaddresses. (Im trying to get littledude a debian OS, Arch's Requirements are way too high, littledude has only 24 MB Ram and 2 Gigs HDD and a 45 mhz CPU The Debian netinstaller finds the dhcp daemon as said, but cannot access his http/ftp source sites, so I think DNS is missing).

I pacman synched bind dns resolver and vi'ed /etc/named.conf as told in the tutorial. But I cannot figure out what is meant by:

Start the DNS server by issuing the command service named start. To make sure it starts every time, type the following command.

How can I start the DNS server?
And am I on the right path or making nonsense?

Thanks for reading this
michi

Jefg60

Member

From: UK

Registered: 2006-01-07

Posts: 100

Re: setting up a Gateway for an internal network

Not exactly a lot of help, but I found dnsmasq to be a good dhcp/dns server all in one, with a simple to understand config file (/etc/dnsmasq.conf) and it can be run as a daemon by putting it into /etc/rc.conf or running "/etc/rc.d/dnsmasq start"

Perhaps you could give it a try, its very easy to set up as long as you read the config file comments.

vilwarin

Member

Registered: 2005-10-20

Posts: 28

Re: setting up a Gateway for an internal network

thank you, I tried that, but I didn't work either.
I know got the berkeley domain name server (bind) started.

A kernel module "capability" is required. It is however wrongly stated as "capset" module. That's why I haven't found it at first.

Now the DNS-Server is running. However I can't add the options suggested in Tutorial [2]:

forward first;
           forwarders {
                192.168.16.1;
            };

That gives me, that the /etc/rc.d/named daemon no longer wants to start.
I looked at the manual of the named dns daemon, but it is a hell of confusing and I can't find a red thread .

So I got a working dhcp daemon. And a running DNS (named) daemon, that is missing some options.
Maybe someone has dealt with /etc/named.conf before and can give me some help?

vilwarin

Member

Registered: 2005-10-20

Posts: 28

Re: setting up a Gateway for an internal network

Ok I got it

Here's my walkthrough for all the other tormented souls, that might find this thread and require help:

Introduction:
Internet-card: ra0 192.168.16.64
Internet-gateway, nameserver 192.168.16.1
local-network-card eth1 192.168.15.1

[1] modprobe capabilty
   -> /etc/rc.conf

[2] pacman -S
   * dhcpd (DHCP daemon)
   * bind (Berkeley Domain Name Server)

[3] vi /etc/dhcpd.conf

    ddns-update-style ad-hoc;
    
    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;

    default-lease-time 600;
    max-lease-time 7200;

    subnet 192.168.15.0 netmask 255.255.255.0
{
 # --- default gateway
       option routers                  192.168.15.1;
       option subnet-mask              255.255.255.0;
       option broadcast-address        192.168.15.255;

       option domain-name-servers      192.168.15.1;
       range   192.168.15.2    192.168.15.254;

       default-lease-time 21600;
       max-lease-time 43200;
}

[4] vi /etc/named.conf

    acl micro
    {
            192.168.15.0/24;
    };

    options {
            directory "/var/named";
            pid-file "/var/run/named/named.pid";
            auth-nxdomain yes;
            datasize default;
            allow-query{ micro; };
            allow-recursion { micro; };
    }

[5]
/etc/rc.d/dhcpd start
/etc/rc.d/named start
    -> rc.conf

[6] iptables
vi /etc/sysctl.conf

    net.ipv4.ip_forward = 1

iptables -t nat -A POSTROUTING -o ra0 -j SNAT --to 192.168.16.64
iptables -A INPUT -j DROP -m state --state NEW,INVALID -i ippp0
iptables -A FORWARD -j DROP -m state --state NEW,INVALID -i ippp0

make it a script that is run in /etc/rc.local

Romashka

Forum Fellow

Registered: 2005-12-07

Posts: 1,054

Re: setting up a Gateway for an internal network

The easiest way to setup gateway for LAN is described here:
http://netfilter.org/documentation/HOWTO/NAT-HOWTO.html
http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/

I can post my configs with detailed description, if you wish. Or maybe it will be better to make a wiki page?

If you want DNS server, I recommend dnsmasq - this is the right DNS server for this job.

---

to live is to die

Galdona

Member

Registered: 2006-03-15

Posts: 196

Re: setting up a Gateway for an internal network

I can post my configs with detailed description, if you wish. Or maybe it will be better to make a wiki page?

If you want DNS server, I recommend dnsmasq - this is the right DNS server for this job.

Romashka,
can you do that, please? i am lost. i simply want to share my internet connection with another computer.

Thank you so much

brain0

Developer

From: Aachen - Germany

Registered: 2005-01-03

Posts: 1,382

Re: setting up a Gateway for an internal network

Guys, why don't you just search the arch wiki?

This howto has been started recently, it aims to describe all steps to set up a gateway:
http://wiki.archlinux.org/index.php/NAT … l_iptables
Basically, you need an internet connection, dnsmasq and an iptables setup. This howto uses shorewall, but I would prefer a pure iptables soluation, as described in this howto:
http://wiki.archlinux.org/index.php/Sim … wall_HOWTO

It's all there, waiting to be found 

Galdona

Member

Registered: 2006-03-15

Posts: 196

Re: setting up a Gateway for an internal network

yes of course i know all about the wiki. but its not working for me so i am asking help to understand why.

FUBAR

Member

From: Belgium

Registered: 2004-12-08

Posts: 1,029

Website

Re: setting up a Gateway for an internal network

yes of course i know all about the wiki. but its not working for me so i am asking help to understand why.

What exactly isn't working? I wrote the Wiki while I was turning my Arch box into a gateway, so I'm pretty sure it should work.

If you just want to share the connection, you need a custom kernel (with support for routing) and iptables. You can skip all the other stuff in the Wiki.

---

A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Galdona

Member

Registered: 2006-03-15

Posts: 196

Re: setting up a Gateway for an internal network

i am sorry, i did not know i needed a custom kernel. Does not the stock or beyond kernel have routing enabled? i am using the beyond kernel.

FUBAR

Member

From: Belgium

Registered: 2004-12-08

Posts: 1,029

Website

Re: setting up a Gateway for an internal network

I don't know. A working custom kernel probably doesn't need every module I enabled. If you really can't turn on IP forwarding in the kernel, compile your own. It's not so hard.

---

A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

hrabi

Member

Registered: 2006-11-02

Posts: 7

Re: setting up a Gateway for an internal network

 route add  -net 192.168.15.0  netmask 255.255.255.0 gw 192.168.16.0 dev eth1 

That gives me: SIOCADDRT: Network is unreachable

it is because gw should be 192.168.16.<b>1</b> not 0, isn't it? But it does'nt make any sense to me. So it's just I am curious.

If you can add route rules on an "internet access" device (it's your modem router for example), there is a simpler way to achieve your goal - just forward.
You may have it by setting Laptop's default gw to 192.168.15.1, and it will be forwarded (if forwarding is allowed, of course - check /proc/sys/net/ipv4/ip_forward) next to "16.1". But you need establish back way from "16.1" to 192.168.15.0 network too!

<"laptop"># route add default gw 192.168.15.1
<"device-16.1">$ route add  -net 192.168.15.0  netmask 255.255.255.0 gw 192.168.16.64 dev br0

Where br0 is aka bridge0 - use whatsoever device your router use.