Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Proxy Server Problem, I'm going to rip my hair out!

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Guest

Proxy Server Problem, I'm going to rip my hair out!

#1 Post by Guest »

Ok, this is really driving me crazy now. I've read tons of tutorials, and spent the last 6 hours or so in the irc.linux.org chatrooms...

I have a debian comp that is hooked up to my cable modem, then another cable running from it to a linksys wireless router. So the setup I want is:

cable modem --> server --> router --> computers

I want to turn the comp into a firewall someday, but for now I'd just like to get the internet running to the router and not just the server. I have two ethernet cards installed in the server, eth0 (external) and eth1 (internal network).The server is getting internet just fine, but it really doesn't want to forward it.

I've mainly been using this guide to try and set it up. http://www.aboutdebian.com/proxy.htm I'm running debian sarge 2.4.27-2-386

Currently my external address assigned to me by comcast is 24.9.201.68
I was shooting for the internal server address (eth1) to be 192.168.5.1
then I have my router use that as the default gateway for its static IP address of 192.168.1.1

Something is wrong between the server and the router, they can't even ping eachother with 192.168.1.1 and 192.168.5.1

The router is working fine as well as its DHCP part. It's like I have two seperate networks that wont detect eachother. Anyway, here is some of the files, I'd love help because I really don't see what I'm doing wrong. Thanks in advance.

Here is my /etc/network/interfaces file:

Code: Select all

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
        address 192.168.5.1
        netmask 255.255.255.0
        network 192.168.5.0
Then I have a file /etc/init.d/proxy.sh that runs the iptables

Code: Select all

#!/bin/sh

#  IPTABLES  PROXY  script for the Linux 2.4 kernel.
#  This script is a derivitive of the script presented in
#  the IP Masquerade HOWTO page at:
#  www.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
#  It was simplified to coincide with the configuration of
#  the sample system presented in the Guides section of
#  www.aboutdebian.com
#
#  This script is presented as an example for testing ONLY
#  and should not be used on a production proxy server.
#
#    PLEASE SET THE USER VARIABLES
#    IN SECTIONS A AND B OR C

echo -e "\n\nSETTING UP IPTABLES PROXY..."


# === SECTION A
# -----------   FOR EVERYONE

# SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK
#   The default value below is for "eth0".  This value
#   could also be "eth1" if you have TWO NICs in your system.
#   You can use the ifconfig command to list the interfaces
#   on your system.  The internal interface will likely have
#   have an address that is in one of the private IP address
#   ranges.
#       Note that this is an interface DESIGNATION - not
#       the IP address of the interface.
#   Enter the internal interface's designation for the
#   INTIF variable:

INTIF="eth0"


# SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION
#   The default value below is "ppp0" which is appropriate
#   for a MODEM connection.
#   If you have two NICs in your system change this value
#   to "eth0" or "eth1" (whichever is opposite of the value
#   set for INTIF above).  This would be the NIC connected
#   to your cable or DSL modem (WITHOUT a cable/DSL router).
#       Note that this is an interface DESIGNATION - not
#       the IP address of the interface.
#   Enter the external interface's designation for the
#   EXTIF variable:

EXTIF="eth1"


# ! ! ! ! !  Use ONLY Section B  *OR*  Section C depending on
#  ! ! ! !   the type of Internet connection you have.


# === SECTION B
# -----------   FOR THOSE WITH STATIC PUBLIC IP ADDRESSES

   # SET YOUR EXTERNAL IP ADDRESS
   #   If you specified a NIC (i.e. "eth0" or "eth1" for
   #   the external interface (EXTIF) variable above,
   #   AND if that external NIC is configured with a
   #   static, public IP address (assigned by your ISP),
   #   UNCOMMENT the following EXTIP line and enter the
   #   IP address for the EXTIP variable:

EXTIP="24.9.201.68"
#EXTIP="your.static.IP.address"



# === SECTION C
# ----------   DIAL-UP MODEM, AND RESIDENTIAL CABLE-MODEM/DSL (Dynamic IP) USERS
# SET YOUR EXTERNAL INTERFACE FOR DYNAMIC IP ADDRESSING
#   If you get your IP address dynamically from SLIP, PPP,
#   BOOTP, or DHCP, UNCOMMENT the command below.
#   (No values have to be entered.)
#         Note that if you are uncommenting these lines then
#         the EXTIP line in Section B must be commented out.

#EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"


# --------  No more variable setting beyond this point  --------


echo "Loading required stateful/NAT kernel modules..."

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

echo "    Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo "    External interface: $EXTIF"
echo "       External interface IP address is: $EXTIP"

echo "    Loading proxy server rules..."

# Clearing any existing rules and setting default policy
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

# Enabling SNAT (MASQUERADE) functionality on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "       Proxy server rule loading complete\n\n"
so I have both eth0 and eth1 running correctly as well as the proxy.sh file. I move to my wireless router to set up the default gateway and such.

Code: Select all

Static IP
IP Address:  192.168.1.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.5.1

Local IP Address 192.168.1.1
Subnet Mask 255.255.255.0

Local DHCP Server Enabled
Start IP Address: 192.168.1.100~150
And nothing. They server and client machines can't see eachother to even ping. I have tried many different options for the IPs everywhere and everything gives the same result.

buchannon
Posts: 1
Joined: 2005-12-28 20:19

#2 Post by buchannon »

Forgot to sign in before I posted that, but the above post was mine just so ya know. Thank you.

Post Reply