You are not logged in.
Pages: 1
My main computer is running Arch Linux. The internet cable is directly plugged in the eht0 card. I have a second NIC (eth1) connected to a switch and so on. The connection type is PPPoE, currently setup with rp-pppoe and using /etc/rc.d/adsl to start it.
The internet on the main PC is working, however, there is a problem: every time the lease is being renewed, a new route is being added, and in order to make it work again, I have do "route del default && route del default && /etc/rc.d/adsl restart".
Here are my config files:
/etc/rc.conf:
lo="lo 127.0.0.1"
eth0="dhcp"
eth1="eth0 10.0.0.1 netmask 255.255.255.240 broadcast 10.0.0.15"
INTERFACES=(lo eth0 eth1)
...
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
...
DAEMONS=(syslog-ng dbus iptables network dnsmasq !pdnsd @noip netfs @crond @cpufreq @alsa @cups)/etc/rc.local:
this is how I have to start the internet connection, otherwise I end up with two gateways and I can't connect to the internet
route del default
/etc/rc.d/adsl start/etc/dnsmasq.conf:
interface=eth1
expand-hosts
domain=foo.bar
dhcp-range=10.0.0.2,10.0.0.14,255.255.255.240,1husing static addressing, these two are just examples, not my real MACs:
dhcp-host=11:22:33:44:55:66,10.0.02
dhcp-host=11:22:33:44:55:67,10.0.03output of netstat -r:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 * 255.255.255.240 U 0 0 0 eth0
10.79.64.0 * 255.255.240.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0output of iptables-save:
# Generated by iptables-save v1.4.10 on Mon Apr 25 14:56:15 2011
*nat
:PREROUTING ACCEPT [2952:248186]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [479:39055]
:POSTROUTING ACCEPT [1678:87015]
-A POSTROUTING -s 10.0.0.0/16 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Apr 25 14:56:15 2011
# Generated by iptables-save v1.4.10 on Mon Apr 25 14:56:15 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5:607]
:TCP - [0:0]
:UDP - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A INPUT -i lo,eth1 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreachable
-A fw-interfaces -i eth0 -j ACCEPT
-A fw-interfaces -i eth1 -j ACCEPT
COMMIT
# Completed on Mon Apr 25 14:56:15 2011
Wikis that I've followed:
So, what I want to do is: make the internet connection on the main PC stable (not having to delete routes and restart ADSL every time the lease is being renewed) and share my connection using my PC as a router. PC1(router) --> switch --> pc2,pc3.
Offline
Can you configure it not to renew the lease?
Offline
I thought about that, but don't know how to do it. I've looked everywhere, but without success.
Offline
There's something weird here... Your internal network (eth1) is 10.0.0.0/28 as defined in your rc.local:
/etc/rc.conf:
lo="lo 127.0.0.1"
eth0="dhcp"
eth1="eth0 10.0.0.1 netmask 255.255.255.240 broadcast 10.0.0.15"
INTERFACES=(lo eth0 eth1)
However in your route table, 10.0.0.1 is via ppp0:
output of netstat -r:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 * 255.255.255.240 U 0 0 0 eth0
10.79.64.0 * 255.255.240.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0
I suspect your ISP is doing something funky with private address space. Try changing your internal range to 10.10.10.0/28 (or anything other than 10.0.0.0/28).
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I've managed to share my internet connection with the following setting. I haven't tried setting up a router again, but I will try, in a few hours, when nobody is using the other computers (they need internet connection).
/etc/rc.conf:
lo="lo 127.0.0.1"
eth0="dhcp"
eth1="eth1 192.168.0.1 netmask 255.255.255.0"
INTERFACES=(lo eth0 eth1)new output of netstat -r:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
10.79.64.0 * 255.255.240.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0
very LE:
Okay. My nth try at making my PC as a router has proven a failure. My patience is at an end, I've been on this for over two weeks.
I've went through all of it again, I can get a working internet connection on the main PC, but can't forward the traffic from there on.
So, following https://wiki.archlinux.org/index.php/Router , I ended up with these settings:
/etc/rc.conf:
lo="lo 127.0.0.1"
eth0="dhcp"
eth1="eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.15"
INTERFACES=(lo eth0 eth1)/etc/dnsmasq.conf:
interface=eth1
domain=foo.bar
dhcp-range=192.168.1.2,192.168.1.14,255.255.255.0,1h
following https://wiki.archlinux.org/index.php/Si … wall_HOWTO :
output of iptables -S:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N TCP
-N UDP
-N fw-interfaces
-N fw-open
-A INPUT -i lo,eth1 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreachable
-A TCP -p tcp -m tcp --dport 35433 -j ACCEPT
-A TCP -p tcp -m tcp --dport 2001 -j ACCEPT
-A UDP -p udp -m udp --dport 2001 -j ACCEPT
-A fw-interfaces -i eth1 -j ACCEPToutput of iptables -t nat -S:
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE/proc/sys/net/ipv4/ip_forward:
1/etc/conf.d/iptables:
# Configuration for iptables rulesIPTABLES=/usr/sbin/iptables
IP6TABLES=/usr/sbin/ip6tablesIPTABLES_CONF=/etc/iptables/iptables.rules
IP6TABLES_CONF=/etc/iptables/ip6tables.rules
IPTABLES_FORWARD=1 # enable IP forwarding?ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:24:1D:D6:22:F2
inet addr:192.168.1.1 Bcast:192.168.1.15 Mask:255.255.255.0
inet6 addr: fe80::224:1dff:fed6:22f2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5422 errors:0 dropped:0 overruns:0 frame:0
TX packets:668 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:658127 (642.7 Kb) TX bytes:104948 (102.4 Kb)
Interrupt:45 Base address:0x4000eth1 Link encap:Ethernet HWaddr 00:50:BF:B6:71:A5
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:19 Base address:0xee00lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1272 (1.2 Kb) TX bytes:1272 (1.2 Kb)ppp0 Link encap:Point-to-Point Protocol
inet addr:my public WAN IP goes here P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:622 errors:0 dropped:0 overruns:0 frame:0
TX packets:556 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:355923 (347.5 Kb) TX bytes:87328 (85.2 Kb)netstat -r:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0
I've noticed that I'm also receiving some error messages now.
/var/log/errors.log:
Apr 28 02:48:15 localhost pppoe[2627]: read (asyncReadFromPPP): Session 70: Input/output error
Apr 28 02:48:15 localhost dhcpcd[2591]: manage_link: No such device or address
Apr 28 02:49:11 localhost pppd[2551]: Cannot determine ethernet address for proxy ARP
I've also noticed that eth1 is down, but according to the router wiki page, the NICs are configured correctly in /etc/rc.conf.
Last edited by Snakes (2011-04-27 23:58:49)
Offline
Pages: 1