View Full Version : Setting up a Debian router.

21st October 2002, 16:35
I have tried many times to get this to work, and I'm pretty stumped. I've used several ideas, but can't seem to get it to work. I'm trying to get a transparent proxy working. One like Mandrake linux 8.2 sets up. I have the Firewalling part done, but can't get the connection sharing working. The web can be browsed through squid (port 3128) if I set my browser to work through the Proxy. But it won't let me ping IP addresses through the router. Right now I have the DSL connected into my Desktop and am browsing/sharing the network through Windows XP. Anybody have any ideas?

I've followed this HOWTO

And had no luck. Also I now have this firewall stuff installed.


Now I'm wondering if the only thing I'm missing is the DNS server. Help would be MOST appreciated.


21st October 2002, 20:38
A bunch of speculations here:

1) Did you echo 1 > /proc/sys/net/ipv4/ip_forward ?

2) Did you:
iptables -t nat -A POSTROUTING -o <your outer ethernet interface> -j MASQUERADE

22nd October 2002, 16:03
The first part was already set. No problems there. The second point.... gave me an error.

Warning: weird character in interface `-j' (No aliases, :, ! or *).
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
fnord:/proc/sys/net/ipv4# iptables -t nat -A POSTROUTING -o -j MASQUERADE
Warning: weird character in interface `-j' (No aliases, :, ! or *).
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.

As far as the iptables stuff goes, I'm a complete newbie. Usually I just had Mandrake 8.2 do it for me, but I would like Debian on my server, so that anytime I want a new program I can just apt-get it. What can I say, I'm lazy. :-)


22nd October 2002, 17:57
The board was stupid when I posted that.
Add the name of your outbound ethernet interface after the -o part, so it would be

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

assuming eth0 is the network adapter that is connected to your cable modem.

22nd October 2002, 18:05
I'm not totally sure what you want just yet do you want pings to be able to get through? If you want pings, then you're not talking about a "transparent proxy" at all, you're talking about a special kind of NAT, called "Masquerading".


These two files basically accomplish my masq setup. The only real trick remaining is to get all the required modules compiled with your kernel. The main ones to make sure you get (in a 2.4 kernel) are:

Network packet filtering

and under "IP: Netfilter Configuration:"
Connection tracking
FTP and IRC support (if you want to do FTP or DCC file transfers)
IP tables support
- and everything under it, built as a module: this is probabbly just easier for you.

I recommend building all those things as modules when you're able to.

See if that helps any.

22nd October 2002, 18:58
Yeah, I know the NAT, masquerading stuff. I tried out your scripts, but no luck so far. Pretty much what I want to have set up is a webserver, ftp server and for it to be my gateway (which would need to allow Netmeeting, ICQ and MSN through.) Right now I have squid running fine, but only if I set the browsers on the internal network to I can't ping through the network (even with the Masq file that you linked too) And I do have all the modules already (default Debian 2.4.18-bf2.4 kernel) It's loading the Masquerading and everything, but it still isn't working. I believe transparent Proxy means that you don't have to change the settings on any other computer in the network for it to use the proxy, you just change the gateway and it works, though I could be totally wrong.

For the Netmeeting proxy, it should be easy enough to compile opengate_proxy, which I had running before on Mandrake 8.2, but for many reasons, I'd like to make the switch over to debian. This is the one thing that's stopping me. Getting this damn proxy to work. Thanks for all the great suggestions.

For a little more help to solve the problem...

eth0 is connected to the DSL
eth1 is connected to the LAN
Both use the 3c509x module, since one is a 3com 3C905B and the other is a 3C905C-TX-M

If you need any other info, just ask. This is something that I should be able to get working, but for whatever reason, it's eluding me.


Of course in the midst of this I had to go fetch a new Switch, since mine was fried during a storm, how's that for bad luck?

22nd October 2002, 19:51
Quick update, I installed Bind and it's now finding an IP address through the server. But Pinging and ICQ/MSN still won't connect. When I ping it says Desination host unreachable, though it does fetch the proper IP address (of Yahoo in this case, which is what I'm using to ping) Found a 'checklist' and it says to add /etc/bind/db.192.168.1 and /etc/bind/db.lan. Any ideas on what should be in these files?


22nd October 2002, 19:58
if you want ping to work, it's not a proxy. period. a transparent proxy accomplishes *some* of what masq does, not but everything.

Show me the output of "lsmod".

22nd October 2002, 20:51
Did you run the (fixed) iptables command that I posted?

23rd October 2002, 04:18
ipt_REDIRECT 736 1 (autoclean)
ip_nat_irc 2368 0 (unused)
ip_conntrack_irc 2496 0 (unused)
ip_conntrack_ftp 3200 0 (unused)
ip_nat_ftp 2944 0 (unused)
ide-scsi 7488 0
parport_pc 25704 1 (autoclean)
lp 6912 0 (autoclean)
parport 21728 1 (autoclean) [parport_pc lp]
ipt_MASQUERADE 1216 3 (autoclean)
ipt_LOG 3136 7 (autoclean)
iptable_mangle 2112 0 (autoclean) (unused)
iptable_filter 1728 1 (autoclean)
iptable_nat 12660 3 [ipt_REDIRECT ip_nat_irc ip_nat_ftp ipt_MASQUERADE]
ip_conntrack 12684 3 [ipt_REDIRECT ip_nat_irc ip_conntrack_irc ip_conntrack_ftp ip_nat_ftp ipt_MASQUERADE iptable_nat]
ip_tables 10432 8 [ipt_REDIRECT ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]
mousedev 3776 1
usbmouse 1760 0 (unused)
3c59x 24648 2
keybdev 1664 0 (unused)
usbkbd 2848 0 (unused)
input 3072 0 [mousedev usbmouse keybdev usbkbd]
usb-uhci 20708 0 (unused)
usbcore 48032 0 [usbmouse usbkbd usb-uhci]


23rd October 2002, 04:21
Originally posted by runderwo
Did you run the (fixed) iptables command that I posted?

Yup, and no luck there either. This is why I'm thinking I'm cursed, because from what I know (admittedly very little) that should work. Even on Mandrake 8.1, way back when I had that installed, the command like that worked like a charm. There's just something I'm missing, and I'm not sure what it is.

Proxy I would say is the wrong word for what I'm looking for, but I do have squid working (proxy) and I'm compiling the one for Netmeeting now. Off to work I go.....


23rd October 2002, 16:29
What the hell? now it's working.... oh well, I'm NOT going to complaine :-D