Re: [Shorewall-users] Problems internet sharing between mandrake 10.1 and XP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

hiten ravani wrote:

> I tried to use the internet sharing wizard of mandrake 10.1 but
> without success. So after doing search on net found shorewall.

Note that the Internet Sharing Wizard on Mandrake also configures Shorewall.

> And I
> believe I need to use the two interface example setting ???

Yes.

> I have been able to ping both machines successfully with IP address,
> but somehow cannot share the internet to laptop.

But Internet access is ok from the Mandrake system, correct?

> I have a static IP address with my adsl  connection : 220.244.126.62
> Here are some  configuration details :

> 1) interfaces file
> net     tap0    detect
> loc     eth0    detect

> 2)   policy file
> loc     net     ACCEPT
> fw      loc     ACCEPT
> fw      net     ACCEPT
> net     all     DROP    info
> all     all     REJECT  info

> 3) masq file
> tap0    eth0

> 4)  routesstopped file
> eth0            -
> 
> I have set up the network connection that is eth0 with following configuration :
> IP address : 10.10.10.5
> Net mask : 255.255.255.0
> Gateway : 220.244.126.61 ( given by my ISP)

It is not necessary to have a gateway on your local network.

> 
> On my laptop i use the xp network setup wizard and configure the
> following TCP/IP settings
> ip address : 10.10.10.2
> sub net mask : 255.255.255.0
> default gateway : 10.10.10.5 (ip address of linux machine)
> primary dns : 10.10.10.5 (again ip of linux machine)

So you run a DNS server on your Mandrake system? If not, then you should
configure DNS on the laptop just like it is on the Mandrake box. If not,
you missed the part in the QuickStart Guide which talked about DNS (see
below).

> 
> This is output from the log  file. 
> Jan 30 01:44:37 220 kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=
> MAC=00:50:fc:3f:4f:94:00:0b:cd:35:54:52:08:00 SRC=10.10.10.2
> DST=10.10.10.5 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=273 PROTO=UDP
> SPT=1030 DPT=53 LEN=47

That means that DNS requests from the Laptop are being blocked by the
'all2all' policy (see below).

> -----
> Jan 30 01:56:45 220 kernel: 203.213.40.17 sent an invalid ICMP type 3,
> code 0 error to a broadcast: 220.244.126.255 on tap0

That means that 203.213.40.17 broke protocol -- it doesn't concern you.

> 
> Can someone kindly please assist me in what i am doing wrong or if I
> am missing some setting.
>

You need to do ONE of the following:

a) Change the XP box's DNS configuration (see above).
b) Add this rule, as described in the QuickStart Guide:

	AllowDNS	loc	fw

c) Add this policy:

	ACCEPT		loc	fw

Add the policy if you plan to access lots of services on your Mandrake
system from your XP laptop.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key