-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 16 Nov 2002 12:24:43 +0800, [EMAIL PROTECTED] wrote:
> > > I have just setup NAT and DHCP , but can't connect to the internet
> > > with client :
> > >
> > > Get IP from dhcp server :
> > >
> > > C:\>ipconfig
> > >
> > > Windows 2000 IP Configuration
> > >
> > > Ethernet adapter :
> > >
> > > Connection-specific DNS Suffix . :
> > > IP Address. . . . . . . . . . . . : 172.2.0.1
> > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > Default Gateway . . . . . . . . . : 172.2.0.254
> > >
> > > C:\>
> > >
> > > My config file :
> > >
> > > /etc/sysconfig/network-scripts/ifcfg-eth1 :
> > > DEVICE=eth1
> > > ONBOOT=yes
> > > IPADDR=172.2.0.254
> > > NETMASK=255.255.255.0
> > >
> > > /etc/rc.d/rc.local :
> > > echo '1' > /proc/sys/net/ipv4/ip_forward
> > > modprobe ip_nat_ftp
> > > modprobe ip_conntrack
> > > modprobe ip_conntrack_ftp
> > > modprobe ip_conntrack_irc
> > > iptables -t nat -A POSTROUTING -o eth1 -s 172.2.0.0/24 -j
> > > MASQUERADE
> > >
> > > /etc/dhcpd.conf :
> > > subnet 172.2.0.0 netmask 255.255.255.0 {
> > > range 172.2.0.1 172.2.0.253;
> > > default-lease-time 604800;
> > > max-lease-time 604800;
> > > option broadcast-address 172.2.0.255;
> > > option routers 172.2.0.254;
> > > option domain-name-servers 192.168.200.1;
> > > }
> > >
> > > Edit /etc/rc.d/init.d/dhcpd :
> > > ....
> > > start() {
> > > # Start daemons.
> > > echo -n $"Starting $prog: "
> > > daemon /usr/sbin/dhcpd eth1 ${DHCPDARGS}
> > > RETVAL=$?
> > > echo
> > > [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dhcpd
> > > return $RETVAL
> > > }
> > > ...
> > >
> > > touch /var/lib/dhcp/dhcpd.leases
> > >
> > > /etc/rc.d/init.d/dhcpd start
> > >
> > > PS : the system is Redhat 7.2, port eth0 is connected to the lease
> > > line...
> >
> > If eth0 is your outgoing connection, the masquerading rule above
> > should also specify eth0, not eth1:
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 172.2.0.0/24 -j
> > MASQUERADE
>
> I don't understand must I specify eth0 and eth1 ?
=> eth0
As I wrote, eth0 is your external interface, not eth1 as in your
script above.
> or edit the line as :
> iptables -t nat -A POSTROUTING -s 172.2.0.0/24 -j MASQUERADE
You don't want to masquerade packets in your private LAN. But you do
want to masquerade packets leaving your network over your external
interface eth0.
> eth0 : connected to the Internet with lease line ( IP address from ISP
> ) eth1 : connected with HUB and other client ( NAT + DHCP ), but the
> IP is private...
>
> So, if specify eth0, then what will happen ?
Do yourself a favour and read "man iptables" as well as some of the
iptables tutorials and howtos on the netfilter project page
http://www.netfilter.org
With long options, the rule would look like:
iptables --table nat --append POSTROUTING \
--source 172.2.0.0/24 --out-interface eth0 \
--jump MASQUERADE
You want packets (well, and also datagrams) that go _out_ on the
_output_ interface (-o eth0) with a source IP address from your
private subnet to be masqueraded. IP Masquerading modifies the
source address in outgoing packets, so your private IPs from RFC1918
don't make it onto the Internet and reply packets can be routed back
to you.
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iD8DBQE91l7p0iMVcrivHFQRAgOqAJ9Ezvjyx5EgiArSwp7UtKhOT+7vxACfe1nE
u0KhckqwRpSGCfttbzaQuv8=
=79di
-----END PGP SIGNATURE-----
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
