Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: I need help to set up internet sharing in linux.
Top Forums UNIX for Dummies Questions & Answers I need help to set up internet sharing in linux. Post 22781 by Nazo on Monday 10th of June 2002 07:06:36 PM
Old 06-10-2002
Question I need help to set up internet sharing in linux.
Ok, I'm kind of in between newbie and experienced somewhere. I'm an advanced computer user but only have a little experience with linux and a lot of problems with it. Currently I'm using Linux-Mandrake 8.0 (I know, I know, but let's not go into the many reasons why it's not even close to the best distro.) I tried using the little ICS setup wizard or whatever you would call it and it didn't work. The client would get an IP that was correctly assigned, but it couldn't get DNS resolutions or connect to any addresses.

Basically what I want to do is get help aimed more at a newbie on how to properly set up the normal way of ICS in linux using IP tables and whatever. I don't need the linux box to act as a firewall really because, for reasons that are too complicated to explain all out right now, the linux box is actually going through another proxy, so I have two network cards set up in it. I set up the one going to the LAN and the proxy to use 192.168.0.2 and the one that this computer would be connecting to is 192.168.1.1 so that the os would know which one to use for what.

I know this all sounds a little crazy, but, please, bear with me.

Basically, I have a computer sharing the internet connection on the LAN using the IP address 192.168.0.1 and there are two other computers on that LAN which connect through it. I would like to set up this linux box on 192.168.0.2 or any other IP address in that general range and connect my computer through it via that two network card method. This way I have a linux server on the lan among other things. (Don't worry, there's more than one reason I'm trying to do this, just too many.)

Also, I would really like to be able to set it up as a DNS server as well and to be able to manually refresh the DNS tables. I have problems every now and then with DNS and using the hosts file on my windows computer just isn't working for a few sites. Besides, presumably internet based things will go a little faster when they don't have to wait for a reply from my ISP to get the IP address.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Internet Sharing

I'm new to the unix world, but have been asked if our company could set up a high speed internet connection to our unix server in order to connect all our users without haveing to pay for all these telephone lines. I assume it is easy but unsafe. Any help from the basics to the advanced will be... (2 Replies)
Discussion started by: Mike11
2 Replies

2. IP Networking

Internet Sharing with SUSE 7.3

I have a home network connected to a cable modem. I would like to use my SUSE 7.3 as a proxy. My layout is this. all computers connected to a hub. SUSE has 2 nics. 1 for cable modem(eth0, one for internal network connected to hub(eth1) All other machines connect to hub eth0 - DHCP from ISP... (1 Reply)
Discussion started by: gdboling
1 Replies

3. UNIX for Dummies Questions & Answers

Internet sharing

I wanted to share internet with my Server running Win 2000 and client on Solaris 8. I networked them with a hub and 2 NICs on Server. Is there any software to share the internet? Need help!!!!!!!!!! Thanks... Praveen (5 Replies)
Discussion started by: praveenk
5 Replies

4. IP Networking

win2k to Mandrake,Internet Connection Sharing!

i've got a win2k machine(192.168.0.2) that i want to give access to mandrake through my network (192.168.0.0 255.255.255.0). I enabled ICS and setup the mandrake machine to be (192.168.0.3 255.255.255.0) and i'm still not able to get Internet Access to my Mandrake. I guess I have to do Dynamic... (2 Replies)
Discussion started by: jlb00h
2 Replies

5. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies

6. Linux

How Do I Set Internet With Linux

I am a new learner of linux, my friend told me that it is very good to learn linux, so I dropped the idea of deleting it but now I faced a problem again , how am I going to set my computer to connect to my ISP and other computers?? (1 Reply)
Discussion started by: terrychen0804
1 Replies

7. UNIX for Dummies Questions & Answers

Sharing a Unix Drive Over The Internet ... but

I don't know if this can be done, otherwise, my project will come to a screeching halt. I have a SCO 5.0.5 machine connected to the internet with a static IP address. I need to be able to share a drive : /shareddrive I need to map to it from a windows machine: hence, what i'd like to... (3 Replies)
Discussion started by: gseyforth
3 Replies

8. Emergency UNIX and Linux Support

Sharing internet from host os to guest os

I have a host os Windows 7 ultimate in place where virtual box is installed. Now in virtual box I have installed solaris 10. There is internet connection present in host windows 7 still I am not able to access internet in solaris 10. Please help to configure solaris so that internet can be... (12 Replies)
Discussion started by: hiten.r.chauhan
12 Replies

9. IP Networking

Sharing internet connection

Hello all, Recently took a dive into Unix using Fedora 12 atm. I have cable modem with DHCP and a linksys 8 port router. With windows I was able to simple use the uplink port and plug each computer into the switch and use the internet connection. Having no luck doing the same in Unix. I have... (0 Replies)
Discussion started by: Fingerz
0 Replies

10. Solaris

Sharing internet from Ubuntu to Solaris server

Hey guys can anyone explain to me how to share my laptops (on ubuntu with wifi) to my sunfire v100 thats connected via ethernet? Whats the process for that? I'd appreciate it! Thanks (1 Reply)
Discussion started by: austinramsay
1 Replies

LEARN ABOUT DEBIAN

mxallowd

mxallowd(1)							   User Manuals 						       mxallowd(1)

NAME

       mxallowd - dynamically whitelist your Mail eXchanger

SYNOPSIS

       mxallowd  [-d]  [-c  configfile]  [-t whitelist-time] [-p pflog-interface] [-l pcap-filter] [-F] [-s] [-q] [-p] -f fake-mailserver -r real-
       mailserver -n queue-num

DESCRIPTION

       mxallowd is a daemon which uses libnetfilter_queue (on Linux) or pf and pflog (on BSD) to allow (or deny) connections to a  mailserver  (or
       similar application) if the remote host hasn't connected to a fake daemon before.

       This  is  an improved version of the so-called nolisting (see http://www.nolisting.org/). The assumption is that spammers are not using RFC
       2821-compatible SMTP-clients and are sending fire-and-forget spam (directly to the first or second MX-entry  without  retrying  on  error).
       This direct access is blocked with mxallowd, you'll only get a connection if you retry.

       NOTE:  It  is  highly recommended to install nscd (nameserver caching daemon) or a similar software in order to speed-up DNS lookups. Since
       version 1.3, DNS lookups are done in a thread (so they don't block the main process), however,  on  very-high-traffic-sites,  mxallowd  may
       show significantly better overall performance in combination with nscd.

OPTIONS

       -b, --no-rdns-whitelist
	      Disable whitelisting all IP-addresses that have the same RDNS as the connecting one (necessary for google mail)

       -c, --config
	      Specifies an alternative configuration file (instead of /etc/mxallowd.conf)

       -t, --whitelist-time
	      Specify the amount of time (in seconds) until an IP-address will be removed from the whitelist

       -s, --stdout
	      Log to stdout, not to syslog

       -q, --quiet
	      Don't log anything but errors.

       -f, --fake-mailserver
	      Specify which IP-address the fake mailserver has (connecting to it will whitelist you for the real mailserver)

       -r, --real-mailserver
	      Specify which IP-address the real mailserver has

       -F, --foreground
	      Do not fork into background, stay on console

       -n, --queue-num (only available when compiled for netfilter_queue)
	      Specify  the  queue  number which will be used for the netfilter_queue-link. This has to be the same which is specified in the ipta-
	      bles-rule and it has to be specified, there is no default.

       -p, --pflog-interface (only available when compiled for pf)
	      Specify the pflog(4) interface which you configured in pf(4). The default is pflog0. Also see the pcap-filter-option if you  use	an
	      interface which does not only get smtp-traffic.

       -l, --pcap-filter (only available when compiled for pf)
	      Specify the filter for pcap. The default is "port 25". See tcpdump(8) for more information on the filters.

FILES

       /etc/mxallowd.conf
	      System-wide configuration file. Use the long options without the beginning two dashes. For example:

		   stdout
		   fake-mailserver 192.168.1.3
		   fake-mailserver 192.168.1.4
		   real-mailserver 192.168.1.5
		   queue-num 23

EXAMPLES FOR NETFILTER

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       # modprobe nfnetlink_queue
       # iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j NFQUEUE --queue-num 23
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 -n 23

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

EXAMPLES FOR PF

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       Create a pf.conf like this:

	    table <mx-white> persist

	    real_mailserver="192.168.1.4"
	    fake_mailserver="192.168.1.3"

	    real_mailserver6="2001:dead:beef::1"
	    fake_mailserver6="2001:dead:beef::2"

	    pass in quick log on fxp0 proto tcp from <mx-white> to $real_mailserver port smtp
	    pass in quick log on fxp0 inet6 proto tcp from <mx-white> to $real_mailserver6 port smtp
	    block in log on fxp0 proto tcp to { $fake_mailserver $real_mailserver } port smtp
	    block in log on fxp0 inet6 proto tcp to { $fake_mailserver6 $real_mailserver6 } port smtp

       Afterwards, load it and start mxallowd using the following commands:

       # pfctl -f /etc/pf.conf
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

       The ruleset for pf is actually longer because pf does more than netfilter on linux -- netfilter passes the packets and lets mxallowd decide
       whether to drop/accept whilst pf blocks/passes before even "passing" to mxallowd.

SEE ALSO

       iptables(8), pf(4), pflog(4), tcpdump(8)

AUTHOR

       Michael Stapelberg <michael+mxallowd at stapelberg dot de>

Linux								    MARCH 2012							       mxallowd(1)
All times are GMT -4. The time now is 05:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy