redhat-list-iptables_to_create_a_gateway_for_internet_connection_sharing

This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.



To: redhat-list@listman.redhat.com
From: "Daniel" <danielh@ids.org.au>
Subject: internet connection sharing
Date: Tue, 18 Feb 2003 19:58:27 +1100 (EST)

Hi,

How do i go about building a gateway like windows internet connection
sharing in red hat 8.

===

To: redhat-list@listman.redhat.com
From: "Will Mc Donald" <wmcdonald@ntlworld.com>
Subject: Re: internet connection sharing
Date: Tue, 18 Feb 2003 09:22:52 -0000

The easiest way is probably to install a bare RH server
system with two network cards, maybe with an X Window
manager of your choice. Assuming you have DSL or cable, get
that working using DHCP/PPPoE/whatever with your ISP with
one of those network interfaces. Then setup something like
gSshield[1], fwbuilder[2], or Guarddog/Guidedog[3] to
provide a NATing firewall.

gShield is probably the most straightfoward to install and
setup I'd say though the other options provide more power
and flexibility.

Will.

[1] http://muse.linuxmafia.org/gshield.html

[2] http://www.fwbuilder.org/

[3] http://www.simonzone.com/software/guarddog/

===

To: redhat-list@listman.redhat.com
From: Dennis Pabalan <demic@pabalan.net>
Subject: Re: internet connection sharing
Date: Tue, 18 Feb 2003 17:28:03 +0800

Hello!

Use a firewall (iptables) to masquearade and enable ip forwarding

===

To: redhat-list@listman.redhat.com
From: Antonio Montagnani <anto.montagnani@virgilio.it>
Subject: Re: internet connection sharing
Date: Tue, 18 Feb 2003 10:37:00 +0100

I followed the next steps:

1) With Lokkit I set up a maximum security firewall (maybe not the best...)
2) Installed Webmin that allows you to set up/modify new rules in your 
iptables ...
3) Changed a flag fro 0 to 1 in systcl.conf file that allows masquerading
4) Added a simple rule for masquerading in Webmin firewall rule page

This is the required additional line in your iptables file (if you use 
ppp0 for connection)

-A POSTROUTING -o ppp0 -j MASQUERADE


===

To: redhat-list@listman.redhat.com
From: "Edward Dekkers" <edward@tripled.iinet.net.au>
Subject: Re: internet connection sharing
Date: Tue, 18 Feb 2003 17:43:51 +0800

> How do i go about building a gateway like windows internet connection
> sharing in red hat 8.
>
> Thanks
> Daniel

http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworkGateway.html

There's heaps more to be found on google. You need to search
for the words iptables, tutorial or 'how to'.

===

To: psyche-list@listman.redhat.com
From: John Nall <jnall01@alltel.net>
Subject: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 12:52:53 -0500

There is something I can't seem to grasp, and so far I have not found the 
answer.  I'm trying to ween myself away from Windows and migrate to Linux 
(for several reasons) but gosh it sure is not easy to do even when one is 
determined.  How in the world do you accomplish ICS???

With Windows XP I just set up one machine as the one with access to  the 
Internet (through a dial-in modem) using the Network Configuration 
Wizard.  The other two machines (on a 3-machine home LAN) then are set up 
as having their access through  the network.  Easy to do, works like a 
charm.  (I am NOT praising Windows, merely observing that it is easy to do 
this).

It is not easy with Linux.   With assistance from people here, pointing me 
to HOWTO's and tutorials, I think that I have managed to get the dial-up 
machine working OK, but setting up the other two machines to access the 
Internet through the network seems to be a black hole.  Using the Network 
Configuration tool (from Gnome) on them merely seems to duplicate what I 
already did when setting up the Ethernet connection.   Do they have to know 
an IP address for a name server??  This takes place at my ISP, so I don't 
have any way of knowing the IP address for it.

As I said, I'm doggedly trying to do this switch over, but it sure is not 
easy.  Sometimes I think that Linux afficionados just take a peverse pride 
in things being difficult.  That way, just everyone and his or her brother 
can't do it.  :-)   (If I am honest with myself, I will probably be the 
same way once I get it down.  IF I live long enough).


===
To: psyche-list@listman.redhat.com
From: "Carter, Shaun G" <shaun.carter@eds.com>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:03:33 -0500

Has anyone pointed you here?

http://www.justlinux.com/nhf/Networks/Easy_Internet_Sharing.html


===

To: psyche-list@listman.redhat.com
From: Jesse Keating <hosting@j2solutions.net>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 10:08:25 -0800

On Tuesday 18 February 2003 10:03, Carter, Shaun G wrote:
> Has anyone pointed you here?
>
> http://www.justlinux.com/nhf/Networks/Easy_Internet_Sharing.html

Ugh, it's outdated if they are pushing the use of ipchains on users.  Perhaps 
somebody should re-vamp the how-to to fit iptables users.

===

To: psyche-list@listman.redhat.com
From: Tommy McNeely <Tommy.McNeely@Sun.COM>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 11:10:22 -0700


BAD NEWS!! DO NOT USE THIS SITE!

This was written for linux 2.2 using ipchains.. I suggest you do not use
this site .. at least not explicitly.. I am still searching for a decent
site that explains this using a recent version of linux.

Tommy

===

To: psyche-list@listman.redhat.com
From: "Sergio Durand" <sergio@seb.com.br>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 15:10:08 -0300

for the fast and simple configuration, setup your squid ...
and configure clients browsers to use proxy server ...
this way is more easy ..


now, for a good look configuration, do you need learn iptables
(www.netfilter.com or .org... i don't remember..)
there're many howtos... with examples...
try!!


===

To: psyche-list@listman.redhat.com
From: "Carter, Shaun G" <shaun.carter@eds.com>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:12:11 -0500

Here's more

At the Server
Add the following line to the /etc/sysconfig/network file:

FORWARD_IPV4=yes

Add the following to the /etc/rc.d/rc.local file:

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0

Now start them manually from the command line so you don't have to reboot.


At the client
You have to tell your windows clients to use the Linux server as the
gateway.
Right-click on the Network Neighborhood icon and select "properties".
Select the TCP/IP for your network card.
Select "Properties".
On the IP Address tab select "Specify an IP address:" radio button. Enter
the IP address in the box below. Enter the Subnet Mask. (typically
255.255.255.0)
Select the gateway tab. Enter the IP address of your server in the "New
gateway" box and press Add.
Select the DNS Configuration tab.
Select the Enable DNS radio button.
Enter the computer name in the "Host" box and the Domain name in the
"Domain" box. Enter the DNS server for your ISP in the DNS Server Search
Order box and press Add.
Press OK to exit the TCP/IP Properties window.
Press OK to exit the Network Properties window.
Reboot the client. 



===

To: psyche-list@listman.redhat.com
From: "Carter, Shaun G" <shaun.carter@eds.com>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:13:00 -0500

yeah, I just noticed that.  Sorry, don't ipchains commands work in iptables
though?  I thought I remembered reading that somewhere.

===

To: psyche-list@listman.redhat.com
From: "Carter, Shaun G" <shaun.carter@eds.com>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:14:11 -0500

ACK, the last email I sent was for ipfwadfm, disregard that one too.  Talk
about a bad track record today.


===

To: psyche-list@listman.redhat.com
From: Thomas Robinson <tom.robinson@daedaluscompass.com>
Subject: Re: Internet Connection Sharing with Linux
Date: 18 Feb 2003 18:23:13 +0000

On Tue, 2003-02-18 at 17:52, John Nall wrote:
> determined.  How in the world do you accomplish ICS???
For the non-windows people; what's ICS? (Internet Connection Sharing???)


> I think that I have managed to get the dial-up 
> machine working OK, 

You need to specify the gateway computer in windows. That will be the
linux computer that does the internet dialling for your network. I'm no
expert at windows but I think you need to adjust the network settings so
that the gateway is set correctly.

That done, you will probably need some sort of NAT on the gateway
computer to get to the outside world. That leads to all sorts of other
questions like: you want a firewall, right?

I could assume that you're running redhat but I'll ask anyway. What
distribution of Linux are you running? Red Hat has a firewall you can
setup during install.

For a dedicated firewall/router you might try Bering which can be found
on the LEAF (Linux Embedded Appliance Firewall) website.
http://leaf.sourceforge.net/index.php?menu=1
 (I've not used Bering but it looks quite good. I've used dachstein
which was it's predecessor). These sort of firewalls typically boot from
a floppy or CD so you can generally try them out without destroying an
existing setup.

> but setting up the other two machines to access the 
> Internet through the network seems to be a black hole.  Using the Network 
> Configuration tool (from Gnome) on them merely seems to duplicate what I 
> already did when setting up the Ethernet connection.   Do they have to know 
> an IP address for a name server??  This takes place at my ISP, so I don't 
> have any way of knowing the IP address for it.

It would be helpful to know your LAN a bit more. How many systems and
what OS's are you running? Is it heterogeneous or homogeneous?

When you set up an interface on linux you should also set up the gateway
(as you did for windows). This creates a route on the machine to send
packets to. On linux the nameserver information goes in
/etc/resolv.conf. man resolv.conf will give you a few pointers there. If
you don't run BIND then you will need some host resolution through
/etc/hosts (man hosts). For more on linux networking try
http://www.tldp.org/HOWTO/Net-HOWTO/.

Some other commands that you might like to try on the command-line or
read the man pages for are:
route
ifconfig
netstat
ping
traceroute


t.


===

To: psyche-list@listman.redhat.com
From: Tommy McNeely <Tommy.McNeely@Sun.COM>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 12:01:57 -0700

John Nall wrote:

> There is something I can't seem to grasp, and so far I have not found the 
> answer.  I'm trying to ween myself away from Windows and migrate to Linux 
> (for several reasons) but gosh it sure is not easy to do even when one is 
> determined.  How in the world do you accomplish ICS???
> 
> With Windows XP I just set up one machine as the one with access to  the 
> Internet (through a dial-in modem) using the Network Configuration 
> Wizard.  The other two machines (on a 3-machine home LAN) then are set up 
> as having their access through  the network.  Easy to do, works like a 
> charm.  (I am NOT praising Windows, merely observing that it is easy to do 
> this).
> 
> It is not easy with Linux.   With assistance from people here, pointing me 
> to HOWTO's and tutorials, I think that I have managed to get the dial-up 
> machine working OK, but setting up the other two machines to access the 
> Internet through the network seems to be a black hole.  Using the Network 
> Configuration tool (from Gnome) on them merely seems to duplicate what I 
> already did when setting up the Ethernet connection.   Do they have to know 
> an IP address for a name server??  This takes place at my ISP, so I don't 
> have any way of knowing the IP address for it.
> 
> As I said, I'm doggedly trying to do this switch over, but it sure is not 
> easy.  Sometimes I think that Linux afficionados just take a peverse pride 
> in things being difficult.  That way, just everyone and his or her brother 
> can't do it.  :-)   (If I am honest with myself, I will probably be the 
> same way once I get it down.  IF I live long enough).
> 



You are correct. it is not "easy" nor currently "built-in" to RedHat. I
followed the FAQs on http://www.netfilter.org .. but that is not nearly
as "easy" as checking the little checkbox.. I think RFE's have been
filed against this (gnome-lokkit or whatever that default "firewall
tool" is), if not they should be :)


===

To: psyche-list@listman.redhat.com
From: "Carter, Shaun G" <shaun.carter@eds.com>
Subject: RE: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:51:19 -0500

smoothwall is also very nice.  the new beta (2.0.4) is rocksolid.

www.smoothwall.org


===

To: psyche-list@listman.redhat.com
From: Dax Kelson <dax@gurulabs.com>
Subject: Re: Internet Connection Sharing with Linux (ANSWER)
Date: 18 Feb 2003 13:06:55 -0700

On Tue, 2003-02-18 at 10:52, John Nall wrote:
> There is something I can't seem to grasp, and so far I have not found the 
> answer.  I'm trying to ween myself away from Windows and migrate to Linux 
> (for several reasons) but gosh it sure is not easy to do even when one is 
> determined.  How in the world do you accomplish ICS???


Just do the following.

1. Set the your client machines to use the ethernet IP address of your
Linux firewall/gateway as their default gateway.  This can be done
manually on each machine, or you could setup DHCP on your Linux box (see
step 4 below)

2. Configure IP masquerading on your Linux box. You said you were using
a modem. The following commands will be sufficient:

# iptables -F
# iptables -t nat -F
# iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i ppp0 -j DROP
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# service iptables save
# echo "modprobe ip_nat_ftp" >> /etc/rc.local
# perl -e 's/forward = 0/forward = 1/' -pi /etc/sysctl.conf
# echo 1 > /proc/sys/net/ipv4/ip_forward

3. Optionally, setup a caching DNS server on your box for your clients
to use.

Install RPM package: bind and caching-name server, then run:

# chkconfig named on
# service named on

4. Optionally, setup a DHCP server. Let's assume that you are using
192.168.69.0/255.255.255.0 as your internal network. Let's assume that
your Linux box's ethernet address is 192.168.69.1.

Install the RPM package: dhcp

Create the file /etc/dhcpd.conf with the following contents:

ddns-update-sytle none;
subnet 192.168.69.0 netmask 255.255.255.0 {
	option routers 192.168.69.1;
	option subnet-mask 255.255.255.0;
	option domain-name-servers 192.168.69.1;
	range 192.168.69.100 192.168.69.200;
}

Then run start the DHCP server and make sure it will run at boot time:

# service dhcp start
# chkconfig dhcp on

Note: I did all this from memory, so you may want check the dhcpd.conf
syntax against the man page. I think it's right though.

===

To: psyche-list@listman.redhat.com
From: John Nall <jnall01@alltel.net>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 15:28:55 -0500

At 03:10 PM 2/18/2003 -0300, Sergio Durand wrote:

>for the fast and simple configuration, setup your squid ...
>and configure clients browsers to use proxy server ...
>this way is more easy ..

I think that I am beginning to get a glimmer of what my main problem is -- 
I am not able to translate from Linuxese to English! :-)   Setup my 
squid???  I'm going to have to do some google work and see what is going 
on.  Us old Windows people who are trying to migrate have a long hard row 
to hoe!

(The above should not be interpreted as meaning I am not grateful for the 
advice.  I am, and I will figure out what it says.)

Some other notes seemed to have conflicting advice, but I did get some 
pointers to places to look so will go there and read stuff.  Perhaps a 
stiff drink might help with all this.


===

To: psyche-list@listman.redhat.com
From: "jdow" <jdow@earthlink.net>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:35:16 -0800

From: "Tommy McNeely" <Tommy.McNeely@Sun.COM>

> BAD NEWS!! DO NOT USE THIS SITE!
>
> This was written for linux 2.2 using ipchains.. I suggest you do not use
> this site .. at least not explicitly.. I am still searching for a decent
> site that explains this using a recent version of linux.

Two sites:
1) http://www.netfilter.org/    That's THE authoritative site for IPTables
2) http://ipmasq.cjb.net/       That one has two example firewall and forwarding
                                scripts. Both work. Both are drop ins.

Site 2 is perhaps more to the point for this query. Linux NAT is a little
harder to set up than XP. Linux folks believe in security. Proper security
takes a little more work, sometimes.

===


To: psyche-list@listman.redhat.com
From: Steve <steve@squirrelhunters.com>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 15:47:48 -0600

On Tue, 18 Feb 2003 13:35:16 -0800
"jdow" <jdow@earthlink.net> wrote:

> From: "Tommy McNeely" <Tommy.McNeely@Sun.COM>
> 
> > BAD NEWS!! DO NOT USE THIS SITE!
> >
> > This was written for linux 2.2 using ipchains.. I suggest you do not use
> > this site .. at least not explicitly.. I am still searching for a decent
> > site that explains this using a recent version of linux.
> >
> > Tommy
> 
> Two sites:
> 1) http://www.netfilter.org/    That's THE authoritative site for IPTables
> 2) http://ipmasq.cjb.net/       That one has two example firewall and
> forwarding
>                                 scripts. Both work. Both are drop ins.
> 
> Site 2 is perhaps more to the point for this query. Linux NAT is a little
> harder to set up than XP. Linux folks believe in security. Proper security
> takes a little more work, sometimes.

try firestarter.sourceforge.net
GUI interface - very very easy to setup!


===

To: psyche-list@listman.redhat.com
From: John Dey <jsdey@optonline.net>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 17:51:41 -0500

John:

The breath of knowledge to understand and to be able to configure ALL 
linux programs is tremendous.  Like you, I had a similar experience 
awhile back with a small office network I had been using samba with for 
years.  I got cable and wanted to serve up browsing and email to the 
other XP clients on the network.  I got browsing working but was unable 
to handle the email configuration.  My work depended on getting things 
up and running quickly.  My solution was to ask for help.  I agreed to 
pay an individual that had been helping me anyway but because of my 
ignorance was taking too long.  I allowed him ssh access and he was able 
to get me up and running quickly.  The gentleman is still working with 
IPTable for me but I have rules in place now that have been working 
without a hitch. If you would like a reference, let me know off line. 
 In summary:  if you don't have access to an unix type individual, you 
can waste a lot of time and get yourself frustrated with documentation 
that might turn out to be outdated.  My approach may be considered a 
cop-out by some but it worked for me.  

===

To: psyche-list@listman.redhat.com
From: "jdow" <jdow@earthlink.net>
Subject: Re: Internet Connection Sharing with Linux
Date: Tue, 18 Feb 2003 13:46:24 -0800

From: "Carter, Shaun G" <shaun.carter@eds.com>

> yeah, I just noticed that.  Sorry, don't ipchains commands work in
iptables
> though?  I thought I remembered reading that somewhere.

No. Nor are the two command NAT "solutions" at all secure. They do nothing
to protect the NAT machine. The http://ipmasq.cjb.net/ is the best site to
which you should refer.

"service ipchains stop"
"service iptables start"
"rpm -e ipchains"

Then setup either of the firewall plus NAT scripts on the above site. At
that time you can sit back and relax. I placed the command that fills the
firewall in the /etc/ppp/ip-up.local command since my connection uses PPPoE.
Otherwise it may need to go into /etc/sysconfig/network-scripts/ifup-local
and place the iptables script's executation in there. Only if you have a
static IP will you really want to place your script where Red Hat places it.
(I prefer the added security of throwing actual IP addresses into the
iptables scripts rather than merely declaring the interfaces.)


===

To: psyche-list@listman.redhat.com
From: John Nall <jnall01@alltel.net>
Subject: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 15:30:22 -0500

Thanks to some people on here I have managed to navigate the underbrush 
(and trip over a few roots) and finally have Internet Connection Sharing 
going on my home LAN.  I can dial in to the ISP with one and then access 
the Internet from all three.  Which is what I wanted to do.

However...one small query, since one thing is so ugly that it doesn't seem 
like I should be doing it that way.  And that has to do with the name 
resolving by the PC's on the network which have to go through the gateway.

Once I have dialed in to the ISP with the gateway system and connected, my 
/etc/sysconfig/network file on that system magically shows two nameservers 
for name resolving.  They are apparently placed there as part of the 
activation of ppp0.  Well and good.  Linux marches on.

In order to make the other two systems work, however, I have to manually 
place the same two IP addresses in their /etc/sysconfig/network file 
also.  It works, yes.  But it is ugly, and it is hard to believe there is 
not a better way to do it.  (Also, if the ISP changes those, which I don't 
know how stable they are, then I will have to change them also).

Seems like if the gateway computer has the DNS addresses it could just pass 
it on to its two buddies.


===

To: psyche-list@listman.redhat.com
From: Jesse Keating <hosting@j2solutions.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 12:38:23 -0800

On Saturday 22 February 2003 12:30, John Nall uttered:
> In order to make the other two systems work, however, I have to manually
> place the same two IP addresses in their /etc/sysconfig/network file
> also.  It works, yes.  But it is ugly, and it is hard to believe there is
> not a better way to do it.  (Also, if the ISP changes those, which I don't
> know how stable they are, then I will have to change them also).
>
> Seems like if the gateway computer has the DNS addresses it could just pass
> it on to its two buddies.

That'll only work if you are using DHCP and specifically pass name servers as 
part of the DHCP lease.

A better solution, configure the dialup PC to run a caching only name server, 
then point your lan PCs at the dialup PC for a dns server.  Works like a 
charm.


===

To: psyche-list@listman.redhat.com
From: John Nall <jnall01@alltel.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 15:45:18 -0500

At 12:38 PM 2/22/2003 -0800, Jesse Keating wrote:

>A better solution, configure the dialup PC to run a caching only name server,
>then point your lan PCs at the dialup PC for a dns server.  Works like a
>charm.

OK.  I'll start trying to figure out how to do that (run the caching only 
name server) but if you want to give me a hint it might make it easier.  If 
not, I will eventually figure it out, though. :-)


===

To: psyche-list@listman.redhat.com
From: Jesse Keating <hosting@j2solutions.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 12:52:52 -0800

On Saturday 22 February 2003 12:45, John Nall uttered:
> OK.  I'll start trying to figure out how to do that (run the caching only
> name server) but if you want to give me a hint it might make it easier.  If
> not, I will eventually figure it out, though. :-)

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/custom-guide/ch-bindconf.html

===

To: psyche-list@listman.redhat.com
From: Stephen Carville <carville@cpl.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 14:10:37 -0800


John Nall wrote:

> Thanks to some people on here I have managed to navigate
> the underbrush (and trip over a few roots) and finally
> have Internet Connection Sharing going on my home LAN.  I
> can dial in to the ISP with one and then access the
> Internet from all three.  Which is what I wanted to do.

> However...one small query, since one thing is so ugly that
> it doesn't seem like I should be doing it that way.  And
> that has to do with the name resolving by the PC's on the
> network which have to go through the gateway.

> Once I have dialed in to the ISP with the gateway system
> and connected, my /etc/sysconfig/network file on that
> system magically shows two nameservers for name resolving.
> They are apparently placed there as part of the activation
> of ppp0.  Well and good.  Linux marches on.

> In order to make the other two systems work, however, I
> have to manually place the same two IP addresses in their
> /etc/sysconfig/network file also.  It works, yes.  But it
> is ugly, and it is hard to believe there is not a better
> way to do it.  (Also, if the ISP changes those, which I
> don't know how stable they are, then I will have to change
> them also).

> Seems like if the gateway computer has the DNS addresses
> it could just pass it on to its two buddies.

Set up the gateway as a caching nameserver and point your intranet 
machines to it.

http://www.tldp.org/HOWTO/DNS-HOWTO-3.html

Don't forget to poke a hole in the firewall for port 53 tcp/udp.


===

To: psyche-list@listman.redhat.com
From: John Nall <jnall01@alltel.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 18:39:35 -0500

At 12:52 PM 2/22/2003 -0800, Jesse Keating wrote:

>On Saturday 22 February 2003 12:45, John Nall uttered:



> > OK.  I'll start trying to figure out how to do that (run the caching only
> > name server) but if you want to give me a hint it might make it easier.  If
> > not, I will eventually figure it out, though. :-)
>
>http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/custom-guide/ch-bindconf.html


OK.  Pretty subtle, but I figured it out. :-)  Thanks.


===

To: psyche-list@listman.redhat.com
From: toby <tkb9@adelphia.net>
Subject: Re: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 18:51:35 -0500

John Nall wrote:
> 
> Thanks to some people on here I have managed to navigate the underbrush
> (and trip over a few roots) and finally have Internet Connection Sharing
> going on my home LAN.  I can dial in to the ISP with one and then access
> the Internet from all three.  Which is what I wanted to do.
> 
> However...one small query, since one thing is so ugly that it doesn't seem
> like I should be doing it that way.  And that has to do with the name
> resolving by the PC's on the network which have to go through the gateway.
> 
> Once I have dialed in to the ISP with the gateway system and connected, my
> /etc/sysconfig/network file on that system magically shows two nameservers
> for name resolving.  They are apparently placed there as part of the
> activation of ppp0.  Well and good.  Linux marches on.
> 
> In order to make the other two systems work, however, I have to manually
> place the same two IP addresses in their /etc/sysconfig/network file
> also.  It works, yes.  But it is ugly, and it is hard to believe there is
> not a better way to do it.  (Also, if the ISP changes those, which I don't
> know how stable they are, then I will have to change them also).
> 
> Seems like if the gateway computer has the DNS addresses it could just pass
> it on to its two buddies.


pdnsd will do the trick too.


http://home.t-online.de/home/Moestl/


===
To: psyche-list@listman.redhat.com
From: ipv4firewall@netscape.net
Subject: RE: DNS query (was Internet Connection Sharing)
Date: Sat, 22 Feb 2003 20:40:09 -0500

John Nall <jnall01@alltel.net> wrote:

>Thanks to some people on here I have managed to navigate the underbrush 
>(and trip over a few roots) and finally have Internet Connection Sharing 
>going on my home LAN.  I can dial in to the ISP with one and then access 
>the Internet from all three.  Which is what I wanted to do.
>
>However...one small query, since one thing is so ugly that it doesn't seem 
>like I should be doing it that way.  And that has to do with the name 
>resolving by the PC's on the network which have to go through the gateway.
>
>Once I have dialed in to the ISP with the gateway system and connected, my 
>/etc/sysconfig/network file on that system magically shows two nameservers 
>for name resolving.  They are apparently placed there as part of the 
>activation of ppp0.  Well and good.  Linux marches on.
>
>In order to make the other two systems work, however, I have to manually 
>place the same two IP addresses in their /etc/sysconfig/network file 
>also.  It works, yes.  But it is ugly, and it is hard to believe there is 
>not a better way to do it.  (Also, if the ISP changes those, which I don't 
>know how stable they are, then I will have to change them also).
>
>Seems like if the gateway computer has the DNS addresses it could just pass 
>it on to its two buddies.


Add the name server IPs to the /etc/resolv.conf file on each of the computers.

Also see  man resolv.conf


===


the rest of The Pile (a partial mailing list archive)

doom@kzsu.stanford.edu