Hello everyone,
I am trying to build an Ubuntu linux box that assigns IP addresses on interfaces eth1 and eth0. Then is able to route traffic between them and to the internet (eth2). I have dhcp set-up and working, but I can't figure out how to get my box to forward requests from eth0 and eth1 to the internet. I can get internet from eth2, what I am pretty sure I need to do is configure port forwarding in some way. I need to get DNS to work as well. Here's my information...
Currently assigned IP addresses/setup...
Internet
|
D-Link Router= 192.168.0.1 --- Other PC's
|
Switch --- Other PC's
|
Linux PC
eth2= 192.168.0.102
eth1= 192.168.2.1 --- PC 192.168.2.99
eth0= 192.168.1.1 --- PC 192.168.1.99
Here is my new dhcp.conf...
Of the dhcp3-server file...Code:########################################################## # # DHCP CLIENT CONFIGURATION SETTINGS # # use ad-hoc style name server updating procedures ddns-update-style ad-hoc; option domain-name "jasons-dhcp-server.com"; #assign the remote dhcp server hostname/ip addresses option domain-name-servers 192.168.1.1, 192.168.2.1; ########################################################## # # DHCP SERVER CONFIGURATION SETTINGS # # assign the defaul lease time (seconds) default-lease-time 600000000; # assign the max lease time (seconds) max-lease-time 720000000; # eth0 subnet configuration subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.2 192.168.1.99; option routers 192.168.1.1; option broadcast-address 192.168.1.1; } # eth1 subnet configuration subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.2 192.168.2.99; option routers 192.168.2.1; option broadcast-address 192.168.2.1; }
Now, after some playing around dhcp works! However, that's only half the battle. I want the connecting PCs to be able to access the internet. I have found that I can successfully ping all interfaces and PCs on or behind my linux box but nothing outside that.Code:# Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/dhcp3-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="eth0 eth1"
I have tried enableing ip forwarding and proxy arp on all the interfaces and adding routes but to no avail.
Here are what my routes are currently...
Also here is a bit more relating to hosts and DNS...Code:Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth2 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth2
host.conf
resolv.confCode:order hosts,bind multi on
hosts.allow, not anything really...Code:search rochester.rr.com nameserver 192.168.0.1
hosts.deny, not much againCode:# /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and # /usr/share/doc/portmap/portmapper.txt.gz for further information. #
After some more troubleshooting, I have determined that when I ping the main router (192.168.0.1) the packet is forwarded by eth2 onto 192.168.0.1, it's just that when 192.168.0.1 recieves the request, I does not know what to do with the IP subnet (192.168.1-2.***). What I am thinking is that perhaps I need to enable some sort of script that masks outgoing requests from the internal LAN on (192.168.1-2.***) to the eth2 interface IP of 192.168.0.102. Then when they come back eth2 knows who it really came from and sends the data on its merry way.Code:# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID
Can someone help me accomplish this please, I greatly appreciate it. I got this working before using a different setup (only one internal interface) but now I want to try this one.
Thanks again,
TR
Reply With Quote