Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Fedora12, XP, and connection sharing via iptables

 
Paul Lusk
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI ya moose wranglers, Just a quick question ( I Hope ) To find out if what I'm trying is even possible. I am trying to share internet connection with Fedora12 as default gateway and XP machine hooked up via NIC using iptables commands as shown in Mark Sobell's book 'A Practical Guide To Fedora And Red Hat Enterprise Linux' These are the commands as placed in /etc/rc.local

iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE

I did flip the in and out parameters to match my NIC configuration ( as opposed to example from book ) but other than that followed example. One thing to note is that Sobell did not mention whether this should work with mix of Linux and XP. One other note ( maybe meaningless ) is that I do have samba working between the two machines.
Thanks for any insights anyone might have. PL

 
Stefan Wagner
Ranch Hand
Posts: 1923
Linux Postgres Database Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not using iptables any more, but used it some years ago to share an internetconnection from a modem to different machines, connected with a switch.

For your xp-machine, it shouldn't make a difference whether it is connected to your RedHat machine or to an ordinary router. Of course you have to tell xp where the router is. I mostly connected other linuxboxes to the one with the modem, with

afaik, but if you got dhcpd running on the server, some 'automatic'-setting under xp should be sufficient.

To test your settings, call

If you get google by IP, but not by name,specify the DNS-servers from your ISP on XP in some resolv.conf file (or run your own dns-server? bind?).
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18214
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Iptables works with low-level network functions, so it doesn't care whether the other machines run Linux, Windows, or AmigaDOS.

The sample ruleset you gave looks like something that I'd use on a low-grade hardware system to turn it into an Internet bridge box. Unless I missed something (and I visit JR pretty early in the day, so my brain's not "on" all the way), these rules are going to completely eliminate traffic into their containing machine and serve only as a pass-through.

Of course, you can also serve as a dual-purpose machine. One of my servers has IP forwarding turned on and serves as the gateway to my entire back-end LAN, which is where all the Windows systems live. In the process, it also serves as their primary firewall. The actual forwarding, however, isn't done via iptables except for the NAT part. It's done by setting the "forwarding" switch on in the OS system properties and network definitions and in ensuring that the routing table is being setup correctly. Which in Red Hat/Fedora means the parameters in the /sysconfig/network-scripts/ifcfgxxx files. For Debian/Ubuntu, you'd do that in the master networking file, which is named something like /etc/network(s?).

I also have machines set up for proxying. They're VM hosts, so the host webserver translates selected URLs to aim at a targeted port, which is then rerouted into the VM's port 80 where the guest webserver can handle it.
 
Paul Lusk
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks to both Stefan and Tim for your responses to my question. I benefited from both suggestions . I went to Firewall configuration in System administration of Fedora machine to set up the ip forwarding ( which as I understand it will supersede the iptables configuration in rc.local ). I also discovered that I did not have the XP machine referring to my ISP's DNS. After making these changes, I am now able to reach Internet from XP machine . Thanks again.
PL
P.S. Tim, It is funny that you should mention AmigaDOS because I actually previously owned an Amiga 500 ( circa 1988 or 89 ) and also worked as a Commadore technician about that same time. I really enjoyed working with Amiga's ( and of course playing great games on them ). I am sure you know how advanced they were in regards to audio and graphics. Agnus, Denise , and Paula along with the 68000 processor were a very capable chipset.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18214
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[quote=Paul Lusk
P.S. Tim, It is funny that you should mention AmigaDOS because I actually previously owned an Amiga 500 ( circa 1988 or 89 ) and also worked as a Commadore technician about that same time. I really enjoyed working with Amiga's ( and of course playing great games on them ). I am sure you know how advanced they were in regards to audio and graphics. Agnus, Denise , and Paula along with the 68000 processor were a very capable chipset.

You don't know me very well, then. I was responsible for the Lattice/SAS C++ development system for the Amiga. I licensed C++ from AT&T Bell Labs, ported it to the Amiga with C++ implementations of the the Amiga OS object definitions, then licensed Lattice to distribute it. This was back when MS-DOS couldn't run C++ because you needed extra RAM and the Intel segmented memory system didn't fit that kind of program well.

I still have the machine I did that on, although it's currently serving as a lamp stand. It's been a while since I powered it up last.

The technological advantages of the Amiga were so significant that it took years before IBM-compatible systems could match them. And the Amiga was and is, the only mass-market consumer computer to include a full-blown real-time OS (RTOS) in it. The closest we have today is Linux with real-time extensions.
 
Paul Lusk
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim, That is very cool . I'm glad to Know that. I sold my Amiga about 91 or 92 ( to pay the rent ) after moving to New Orleans. The next computer I got was an AT clone so got out my copy of the Waite Groups 'Tricks of the MS-DOS Masters ' and went from there. Unfortuneately by the time I was interested in getting back into Amiga's , Commadore was kaput . Anyway , nice to meet you and get a chance to reminisce. PL
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic