Announcement

Collapse
No announcement yet.

Setting up a Debian router.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up a Debian router.

    I have tried many times to get this to work, and I'm pretty stumped. I've used several ideas, but can't seem to get it to work. I'm trying to get a transparent proxy working. One like Mandrake linux 8.2 sets up. I have the Firewalling part done, but can't get the connection sharing working. The web can be browsed through squid (port 3128) if I set my browser to work through the Proxy. But it won't let me ping IP addresses through the router. Right now I have the DSL connected into my Desktop and am browsing/sharing the network through Windows XP. Anybody have any ideas?

    I've followed this HOWTO


    And had no luck. Also I now have this firewall stuff installed.



    Now I'm wondering if the only thing I'm missing is the DNS server. Help would be MOST appreciated.

    Leech
    Wah! Wah!

    In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

  • #2
    A bunch of speculations here:

    1) Did you echo 1 > /proc/sys/net/ipv4/ip_forward ?

    2) Did you:
    iptables -t nat -A POSTROUTING -o <your outer ethernet interface> -j MASQUERADE
    ?

    Comment


    • #3
      The first part was already set. No problems there. The second point.... gave me an error.

      Warning: weird character in interface `-j' (No aliases, :, ! or *).
      Bad argument `MASQUERADE'
      Try `iptables -h' or 'iptables --help' for more information.
      fnord:/proc/sys/net/ipv4# iptables -t nat -A POSTROUTING -o -j MASQUERADE
      Warning: weird character in interface `-j' (No aliases, :, ! or *).
      Bad argument `MASQUERADE'
      Try `iptables -h' or 'iptables --help' for more information.


      As far as the iptables stuff goes, I'm a complete newbie. Usually I just had Mandrake 8.2 do it for me, but I would like Debian on my server, so that anytime I want a new program I can just apt-get it. What can I say, I'm lazy. :-)

      Leech
      Wah! Wah!

      In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

      Comment


      • #4
        The board was stupid when I posted that.
        Add the name of your outbound ethernet interface after the -o part, so it would be

        # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

        assuming eth0 is the network adapter that is connected to your cable modem.

        Comment


        • #5
          I'm not totally sure what you want just yet do you want pings to be able to get through? If you want pings, then you're not talking about a "transparent proxy" at all, you're talking about a special kind of NAT, called "Masquerading".




          These two files basically accomplish my masq setup. The only real trick remaining is to get all the required modules compiled with your kernel. The main ones to make sure you get (in a 2.4 kernel) are:

          Network packet filtering

          and under "IP: Netfilter Configuration:"
          Connection tracking
          FTP and IRC support (if you want to do FTP or DCC file transfers)
          IP tables support
          - and everything under it, built as a module: this is probabbly just easier for you.


          I recommend building all those things as modules when you're able to.

          See if that helps any.
          Tilable Desktop Backgrounds, perfect for DualHead: http://bg.rifetech.com/

          Comment


          • #6
            Yeah, I know the NAT, masquerading stuff. I tried out your scripts, but no luck so far. Pretty much what I want to have set up is a webserver, ftp server and for it to be my gateway (which would need to allow Netmeeting, ICQ and MSN through.) Right now I have squid running fine, but only if I set the browsers on the internal network to 192.168.0.1:3128. I can't ping through the network (even with the Masq file that you linked too) And I do have all the modules already (default Debian 2.4.18-bf2.4 kernel) It's loading the Masquerading and everything, but it still isn't working. I believe transparent Proxy means that you don't have to change the settings on any other computer in the network for it to use the proxy, you just change the gateway and it works, though I could be totally wrong.

            For the Netmeeting proxy, it should be easy enough to compile opengate_proxy, which I had running before on Mandrake 8.2, but for many reasons, I'd like to make the switch over to debian. This is the one thing that's stopping me. Getting this damn proxy to work. Thanks for all the great suggestions.

            For a little more help to solve the problem...

            eth0 is connected to the DSL
            eth1 is connected to the LAN
            Both use the 3c509x module, since one is a 3com 3C905B and the other is a 3C905C-TX-M

            If you need any other info, just ask. This is something that I should be able to get working, but for whatever reason, it's eluding me.

            Leech

            Of course in the midst of this I had to go fetch a new Switch, since mine was fried during a storm, how's that for bad luck?
            Wah! Wah!

            In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

            Comment


            • #7
              Quick update, I installed Bind and it's now finding an IP address through the server. But Pinging and ICQ/MSN still won't connect. When I ping it says Desination host unreachable, though it does fetch the proper IP address (of Yahoo in this case, which is what I'm using to ping) Found a 'checklist' and it says to add /etc/bind/db.192.168.1 and /etc/bind/db.lan. Any ideas on what should be in these files?

              Leech
              Wah! Wah!

              In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

              Comment


              • #8
                if you want ping to work, it's not a proxy. period. a transparent proxy accomplishes *some* of what masq does, not but everything.

                Show me the output of "lsmod".
                Tilable Desktop Backgrounds, perfect for DualHead: http://bg.rifetech.com/

                Comment


                • #9
                  Did you run the (fixed) iptables command that I posted?

                  Comment


                  • #10
                    ipt_REDIRECT 736 1 (autoclean)
                    ip_nat_irc 2368 0 (unused)
                    ip_conntrack_irc 2496 0 (unused)
                    ip_conntrack_ftp 3200 0 (unused)
                    ip_nat_ftp 2944 0 (unused)
                    ide-scsi 7488 0
                    parport_pc 25704 1 (autoclean)
                    lp 6912 0 (autoclean)
                    parport 21728 1 (autoclean) [parport_pc lp]
                    ipt_MASQUERADE 1216 3 (autoclean)
                    ipt_LOG 3136 7 (autoclean)
                    iptable_mangle 2112 0 (autoclean) (unused)
                    iptable_filter 1728 1 (autoclean)
                    iptable_nat 12660 3 [ipt_REDIRECT ip_nat_irc ip_nat_ftp ipt_MASQUERADE]
                    ip_conntrack 12684 3 [ipt_REDIRECT ip_nat_irc ip_conntrack_irc ip_conntrack_ftp ip_nat_ftp ipt_MASQUERADE iptable_nat]
                    ip_tables 10432 8 [ipt_REDIRECT ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]
                    mousedev 3776 1
                    usbmouse 1760 0 (unused)
                    3c59x 24648 2
                    keybdev 1664 0 (unused)
                    usbkbd 2848 0 (unused)
                    input 3072 0 [mousedev usbmouse keybdev usbkbd]
                    usb-uhci 20708 0 (unused)
                    usbcore 48032 0 [usbmouse usbkbd usb-uhci]

                    leech
                    Wah! Wah!

                    In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

                    Comment


                    • #11
                      Originally posted by runderwo
                      Did you run the (fixed) iptables command that I posted?
                      Yup, and no luck there either. This is why I'm thinking I'm cursed, because from what I know (admittedly very little) that should work. Even on Mandrake 8.1, way back when I had that installed, the command like that worked like a charm. There's just something I'm missing, and I'm not sure what it is.

                      Proxy I would say is the wrong word for what I'm looking for, but I do have squid working (proxy) and I'm compiling the one for Netmeeting now. Off to work I go.....

                      Leech
                      Wah! Wah!

                      In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

                      Comment


                      • #12
                        What the hell? now it's working.... oh well, I'm NOT going to complaine :-D

                        Leech
                        Wah! Wah!

                        In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship.

                        Comment

                        Working...
                        X