Jump to content
|Topic||Stats||Last action by|
|Formula 1 World Championship 2015 Season Discussion||
|Windows 10 Technical Preview||
|[Tutorial]Windows 8 to Go without Enterprise Edition||
Posted 05 January 2013 - 17:07
Posted 05 January 2013 - 17:29
Posted 05 January 2013 - 17:42
Are you using the same IPs or subnets or what?
If you can access the net fine then the debian 'sever' sounds like it's got NAT routing and is routing fine and you can't access any other PCs so sounds like you might have an IP subnet collision like they're both using the 192.168.1.0/24 range.
You need to post all your IP diagrams and configuration information for anyone to even attempt to diagnose the problem.
*nat -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 2020 -j ACCEPT -A INPUT -i eth0 -j DROP COMMIT
Posted 05 January 2013 - 17:45
Posted 05 January 2013 - 17:47
auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.rules allow-hotplug eth0 iface eth0 inet dhcp allow-hotplug eth1 iface eth1 inet static address 192.168.0.2 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255
interface=eth1 listen-address=127.0.0.1 dhcp-range=192.168.0.100,192.168.0.110,12h
Make life easy on yourself and use smoothwall as your linux router/firewall www.smoothwall.org
Posted 05 January 2013 - 17:58
Posted 05 January 2013 - 19:12
Posted 05 January 2013 - 19:31
"The ADSL router has the IP 192.168.0.1 on 255.255.255.0 subnet.
Linux box appears externally as 192.168.0.23 (interface eth0) and internally as 192.168.0.2 (eth1)"
There is your problem and solution.
Posted 05 January 2013 - 19:41
Posted 05 January 2013 - 20:18
Certainly. You're using the same IP and subnet for two networks, you're lucky you can even connect to the internet because you're doing a straight in-out NAT, if you were doing an IP based NAT then you wouldn't even have internet working.
You need to change to a different subnet mask for your network, as the subnet mask for the internal ASDL modem is set to 192.168.0.0/24, that means 24 bits of 32 are used for network address and the last 8 bits are used for host addresses, so hosts in the 192.168.0.0/24 network range from 192.168.0.1 - 192.168.0.254 (192.168.0.0 is the network address and 192.168.0.255 is the broadcast address). So if you increment the network address by one to get 192.168.1.0/24, you've got a whole new IP range you can use that won't cause any conflicts.
Your private network will be on 192.168.1.x and the ADSL modem will be on 192.168.0.x and you will be able to communicate between them.
Posted 05 January 2013 - 21:11
Posted 05 January 2013 - 21:18
Posted 05 January 2013 - 21:21
Posted 05 January 2013 - 21:25
*nat -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 2020 -j ACCEPT -A INPUT -i eth0 -j ACCEPT COMMIT
Posted 05 January 2013 - 21:35
So how would hosts on 192.168.0 know how to get back to the 192.168.1 network? To ping something? They could ping your ip address of your linux router that is on the 192.168.0 network - but you can not forward icmp to different boxes inside. If you not going to nat and just route, they still don't know how to get to the 192.168.1.0 network -- their default route it the adsl router, and he does not know that 192.168.1 is behind your linux box. You would have to edit his route table to know that, or use a routing protocol to share this info with him, like rip. But to turn that on you would need access to the adsl router as admin and it would have to support it, etc.
So you want to put yourself behind a firewall between other building users that are all on the same 192.168.0 network -- this is far enough and common want.
But not sure why you would go with a standard linux install - why not go with one of the many distro's designed to be a router/firewall.. Of the top as already mentioned smoothwall sure, there is also my fav pfsense, there is ipcop, there is m0n0wall, etc. etc.. There is clearOS which is more a full blown SME, it can run all kinds of services file, email, etc. while protecting you from users on 192.168.0 network.
Not sure what you mean exactly by unable to see "external hosts." Are these on the 192.168.0 network or the internet after the adsl router?