aspose file tools*
The moose likes Linux / UNIX and the fly likes Fedora12, XP, and connection sharing via iptables Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "Fedora12, XP, and connection sharing via iptables" Watch "Fedora12, XP, and connection sharing via iptables" New topic
Author

Fedora12, XP, and connection sharing via iptables

Paul Lusk
Ranch Hand

Joined: Aug 29, 2009
Posts: 34
HI ya moose wranglers, Just a quick question ( I Hope ) To find out if what I'm trying is even possible. I am trying to share internet connection with Fedora12 as default gateway and XP machine hooked up via NIC using iptables commands as shown in Mark Sobell's book 'A Practical Guide To Fedora And Red Hat Enterprise Linux' These are the commands as placed in /etc/rc.local

iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE

I did flip the in and out parameters to match my NIC configuration ( as opposed to example from book ) but other than that followed example. One thing to note is that Sobell did not mention whether this should work with mix of Linux and XP. One other note ( maybe meaningless ) is that I do have samba working between the two machines.
Thanks for any insights anyone might have. PL

Stefan Wagner
Ranch Hand

Joined: Jun 02, 2003
Posts: 1923

I'm not using iptables any more, but used it some years ago to share an internetconnection from a modem to different machines, connected with a switch.

For your xp-machine, it shouldn't make a difference whether it is connected to your RedHat machine or to an ordinary router. Of course you have to tell xp where the router is. I mostly connected other linuxboxes to the one with the modem, with

afaik, but if you got dhcpd running on the server, some 'automatic'-setting under xp should be sufficient.

To test your settings, call

If you get google by IP, but not by name,specify the DNS-servers from your ISP on XP in some resolv.conf file (or run your own dns-server? bind?).


http://home.arcor.de/hirnstrom/bewerbung
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Iptables works with low-level network functions, so it doesn't care whether the other machines run Linux, Windows, or AmigaDOS.

The sample ruleset you gave looks like something that I'd use on a low-grade hardware system to turn it into an Internet bridge box. Unless I missed something (and I visit JR pretty early in the day, so my brain's not "on" all the way), these rules are going to completely eliminate traffic into their containing machine and serve only as a pass-through.

Of course, you can also serve as a dual-purpose machine. One of my servers has IP forwarding turned on and serves as the gateway to my entire back-end LAN, which is where all the Windows systems live. In the process, it also serves as their primary firewall. The actual forwarding, however, isn't done via iptables except for the NAT part. It's done by setting the "forwarding" switch on in the OS system properties and network definitions and in ensuring that the routing table is being setup correctly. Which in Red Hat/Fedora means the parameters in the /sysconfig/network-scripts/ifcfgxxx files. For Debian/Ubuntu, you'd do that in the master networking file, which is named something like /etc/network(s?).

I also have machines set up for proxying. They're VM hosts, so the host webserver translates selected URLs to aim at a targeted port, which is then rerouted into the VM's port 80 where the guest webserver can handle it.


Customer surveys are for companies who didn't pay proper attention to begin with.
Paul Lusk
Ranch Hand

Joined: Aug 29, 2009
Posts: 34
Thanks to both Stefan and Tim for your responses to my question. I benefited from both suggestions . I went to Firewall configuration in System administration of Fedora machine to set up the ip forwarding ( which as I understand it will supersede the iptables configuration in rc.local ). I also discovered that I did not have the XP machine referring to my ISP's DNS. After making these changes, I am now able to reach Internet from XP machine . Thanks again.
PL
P.S. Tim, It is funny that you should mention AmigaDOS because I actually previously owned an Amiga 500 ( circa 1988 or 89 ) and also worked as a Commadore technician about that same time. I really enjoyed working with Amiga's ( and of course playing great games on them ). I am sure you know how advanced they were in regards to audio and graphics. Agnus, Denise , and Paula along with the 68000 processor were a very capable chipset.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

[quote=Paul Lusk
P.S. Tim, It is funny that you should mention AmigaDOS because I actually previously owned an Amiga 500 ( circa 1988 or 89 ) and also worked as a Commadore technician about that same time. I really enjoyed working with Amiga's ( and of course playing great games on them ). I am sure you know how advanced they were in regards to audio and graphics. Agnus, Denise , and Paula along with the 68000 processor were a very capable chipset.

You don't know me very well, then. I was responsible for the Lattice/SAS C++ development system for the Amiga. I licensed C++ from AT&T Bell Labs, ported it to the Amiga with C++ implementations of the the Amiga OS object definitions, then licensed Lattice to distribute it. This was back when MS-DOS couldn't run C++ because you needed extra RAM and the Intel segmented memory system didn't fit that kind of program well.

I still have the machine I did that on, although it's currently serving as a lamp stand. It's been a while since I powered it up last.

The technological advantages of the Amiga were so significant that it took years before IBM-compatible systems could match them. And the Amiga was and is, the only mass-market consumer computer to include a full-blown real-time OS (RTOS) in it. The closest we have today is Linux with real-time extensions.
Paul Lusk
Ranch Hand

Joined: Aug 29, 2009
Posts: 34
Tim, That is very cool . I'm glad to Know that. I sold my Amiga about 91 or 92 ( to pay the rent ) after moving to New Orleans. The next computer I got was an AT clone so got out my copy of the Waite Groups 'Tricks of the MS-DOS Masters ' and went from there. Unfortuneately by the time I was interested in getting back into Amiga's , Commadore was kaput . Anyway , nice to meet you and get a chance to reminisce. PL
 
Don't get me started about those stupid light bulbs.
 
subject: Fedora12, XP, and connection sharing via iptables