Programming Forums > Community Forums > Coder's Corner Lounge

InfoGeek · Mar 4th, 2006, 9:53 AM

I'm trying to share my internet connection on my LAN. I've FC3 on the server. The server 's IP address is 192.168.0.1 and the clients IP address is 192.168.0.148. I've configured iptables and here's the output of "iptables -L":

(Toggle Plain Text)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
ACCEPT     all  --  192.168.0.0/24       anywhere
ACCEPT     all  --  anywhere             192.168.0.0/24
DROP       all  -- !192.168.0.0/24       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

The client computer is running windows. I've configured the client computer and it can ping the DNS server but cannot open any site. I tried watching the traffic with tcpdump and here's the output when the client tries to open some site:

(Toggle Plain Text)

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:54:05.144782 arp who-has 192.168.0.1 tell 192.168.0.148
19:54:05.144829 arp reply 192.168.0.1 is-at 00:e0:4c:f7:1a:43
19:54:05.144911 IP 192.168.0.148.1027 > ns5.rilinfo.net.domain:  1+ A? fxfeeds.mozilla.org. (37)
19:54:05.144993 IP 192.168.0.1 > 192.168.0.148: icmp 73: host ns5.rilinfo.net unreachable - admin prohibited
...
...

What does the admin prohibited message mean? May be the firewall is blocking the packets from the internet.
I don't know what i'm doing wrong. I'm very new to networking so may be i'm missing something basic. Any help would be greatly appreciated.

a thing · Mar 4th, 2006, 1:34 PM

Be sure the gateway is set correctly on the Windows box. Ionno how exactly to do that, but there's got to be some way.

Great reference: Gentoo Handbook

You might also want to update to Fedora Core 5 when it comes out in less than two weeks. (w00t!)

InfoGeek · Mar 4th, 2006, 8:44 PM

Quote:

Originally Posted by a_thing

Be sure the gateway is set correctly on the Windows box.

It's set up properly. When I use tcpdump, it shows the requests coming from the client but gives the admin prohibited message. See my first post for the output of tcpdump.

Arevos · Mar 5th, 2006, 5:45 AM

Maybe ask on the Fedora forums?

InfoGeek · Mar 5th, 2006, 8:43 AM

Solved!
Earlier I executed the following commands to setup my iptables:

(Toggle Plain Text)

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -s !192.168.0.0/24 -j DROP

the last command was meant not to forward any traffic originating from other than my LAN. But I think it dropped the packets coming from the internet. Now I just deleted all the rules and executed the above commands again except the last one.

Mar 4th, 2006, 9:53 AM	#1
InfoGeek Professional Programmer Join Date: Jun 2005 Location: India, The great. Posts: 435 Rep Power: 4	Internet Connection Sharing problem(FC3) I'm trying to share my internet connection on my LAN. I've FC3 on the server. The server 's IP address is 192.168.0.1 and the clients IP address is 192.168.0.148. I've configured iptables and here's the output of "iptables -L": (Toggle Plain Text) Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT all -- 192.168.0.0/24 anywhere ACCEPT all -- anywhere 192.168.0.0/24 DROP all -- !192.168.0.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT all -- 192.168.0.0/24 anywhere ACCEPT all -- anywhere 192.168.0.0/24 DROP all -- !192.168.0.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-host-prohibited The client computer is running windows. I've configured the client computer and it can ping the DNS server but cannot open any site. I tried watching the traffic with tcpdump and here's the output when the client tries to open some site: (Toggle Plain Text) tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 19:54:05.144782 arp who-has 192.168.0.1 tell 192.168.0.148 19:54:05.144829 arp reply 192.168.0.1 is-at 00:e0:4c:f7:1a:43 19:54:05.144911 IP 192.168.0.148.1027 > ns5.rilinfo.net.domain: 1+ A? fxfeeds.mozilla.org. (37) 19:54:05.144993 IP 192.168.0.1 > 192.168.0.148: icmp 73: host ns5.rilinfo.net unreachable - admin prohibited ... ... tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 19:54:05.144782 arp who-has 192.168.0.1 tell 192.168.0.148 19:54:05.144829 arp reply 192.168.0.1 is-at 00:e0:4c:f7:1a:43 19:54:05.144911 IP 192.168.0.148.1027 > ns5.rilinfo.net.domain: 1+ A? fxfeeds.mozilla.org. (37) 19:54:05.144993 IP 192.168.0.1 > 192.168.0.148: icmp 73: host ns5.rilinfo.net unreachable - admin prohibited ... ... What does the admin prohibited message mean? May be the firewall is blocking the packets from the internet. I don't know what i'm doing wrong. I'm very new to networking so may be i'm missing something basic. Any help would be greatly appreciated. __________________ PFO - My daily dose of technology.

Mar 4th, 2006, 1:34 PM	#2
a thing Unverified User Join Date: Aug 2005 Location: none Posts: 146 Rep Power: 0	Be sure the gateway is set correctly on the Windows box. Ionno how exactly to do that, but there's got to be some way. Great reference: Gentoo Handbook You might also want to update to Fedora Core 5 when it comes out in less than two weeks. (w00t!) __________________ Warning: My posts may change (dramatically) within the first 15 minutes they're posted. Got 'Nux?�GNU/Linux and other free software support. It's GNU/Linux, not just Linux.

Mar 5th, 2006, 8:43 AM	#5
InfoGeek Professional Programmer Join Date: Jun 2005 Location: India, The great. Posts: 435 Rep Power: 4	Solved! Earlier I executed the following commands to setup my iptables: (Toggle Plain Text) iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -s !192.168.0.0/24 -j DROP iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -s !192.168.0.0/24 -j DROP the last command was meant not to forward any traffic originating from other than my LAN. But I think it dropped the packets coming from the internet. Now I just deleted all the rules and executed the above commands again except the last one. __________________ PFO - My daily dose of technology.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Mar 5th, 2006, 5:45 AM	#4
Arevos Programming Guru Join Date: Aug 2005 Location: England Posts: 1,499 Rep Power: 5	Maybe ask on the Fedora forums?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Community Forums > Coder's Corner Lounge

Internet Connection Sharing problem(FC3)