1
I have read many other posts but cannot figure this out.
eth0 is my external connected to a Comcast modem. The server has internet access with no issues.
eth1 is internal and running DHCP for the clients. I have DHCP working just fine, all my clients can get an IP and ping the server but they cannot access the internet.
I am using ISC-DHCP-SERVER and have set /etc/default/isc-dhcp-server to INTERFACE="eht1"
Here is my dhcpd.conf file located in /etc/dhcp/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.10 10.0.10.200;
option routers 10.0.10.2;
option subnet-mask 255.255.255.0;
option domain-name-servers 208.67.222.222, 208.67.220.220; #OpenDNS
# option domain-name "example.com";
default-lease-time 21600;
max-lease-time 43200;
authoritative;
}
I have made the net.ipv4.ip_forward=1 change in /etc/sysctl.conf
here is my interfaces file:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth1 inet static
address 10.0.10.2
netmask 255.255.255.0
network 10.0.10.0
auto eth1
And finally- here is my iptables.conf file:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.10.0/24 -o eth0 -j MASQUERADE
#-A PREROUTING -i eth0 -p tcp --dport 59668 -j DNAT --to-destination 10.0.10.2:59668
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A FORWARD -s 10.0.10.0/24 -o eth0 -j ACCEPT
-A FORWARD -d 10.0.10.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
#-A FORWARD -i eth0 -m state --state NEW -m tcp -p tcp -d 10.0.10.2 --dport 59668 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
I am completely stuck. I cannot figure out why the clients cannot access the internet. Am I missing a service? Is a service not running? Any help would be greatly appreciated. I tried to be as thorough as possible but please let me know if I have missed something. Thank you!
I did it once with Shorewall, wasn't that complicated. This is the main tutorial you want to follow: http://www.shorewall.net/two-interface.htm
– slhck – 2011-10-12T22:32:36.130This depends a bit on your external modem. Do you know whether the modem is connected in bridge mode or routed mode to the ubuntu box? – Paul – 2011-10-12T22:58:43.633
so I am sorry about the delayed response. I had to leave town unexpectedly. I am working with shorewall right now and I will let you know how it goes... Shorewall seems to be different than iptables... is it really a frontend for it or a separate system? Thanks! – Siriss – 2011-10-17T03:52:08.707