Hello All,

I'm new to Fedora but I've been using libranet for my home server for the past 4 years.

Ok the nuts and bolts of this. I installed the latest Fedora Core6 over the Christmas break.
Did all the updates. Which means I was able to get to the outside world.

I have two NICs and onboard and a Kingston $15 NIC. I believe it comes up and says thre driver is a realtek. I can get the specifics if you need them.

So, Like I said I can get to the outside world on the server because I have an IP from my DSL provider. That went on the onboard NIC. The other one I set to a 10.10.X.X scheme.

The 10.10.x.x NIC connects to a wireless router/switch. I plugged the 10.10.X.X one into one of the switch ports. The other machine I have hangs off another port on the switch. I left the wireless configuration alone since all I was doing was changing the software on my server. I was not changing anything else. My current server works as is. The other thing is my computers attached via wireless also do not work after setting up the new server. So this still leads me back to the 2nd network card. This will not allow me to get out to the outside world.

I have since put the older server back in place so that I have a working network. I can swap out the NIC card but I don't think that is the issue. Anyone know where to download the lates drivers for Kingston cards using fedora core?


Cheers,
Michael :D

I can't understand your network topology not what you are trying to do.

Where is the router side of the Wireless Router-switch connected ? I would
think it's connected to the DSL, but instead you say that on-board NIC is.
And the second (Kingston NIC) is connected to the switch.

*IF* you want to access the internet THRU your server, then you must configure
router or bridge network configs on your Server Linux., and you must change the
gateway settings on your other system & your wireless AP.

Why do yo think the realtek driver isn't loaded ? Type "ifconfig -a" and
I'd bet it shows two real interfaces (eth0 and eth1 perhaps).

Need clearer info here.

It sounds like you may not have ip_forwarding enabled

You can verify by typing

cat /proc/sys/net/ipv4/ip_forward

If it says 1, it is enabled. Otherwise, you need to enable it by changing the ip_forward value from a 0 to 1 in the /etc/sysctl.conf.

Then, you need to restart the network

su -
service network restart

Then, you need to update iptables by typing

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT


or

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT


If you are connecting your server directly to the DSL modem, I would read up setting up your firewall. Good place to start is the following site

http://www.netfilter.org/
http://www.netfilter.org/documentation/index.html#documentation-howto

http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

I can't understand your network topology not what you are trying to do.

Where is the router side of the Wireless Router-switch connected ? I would
think it's connected to the DSL, but instead you say that on-board NIC is.
And the second (Kingston NIC) is connected to the switch.

*IF* you want to access the internet THRU your server, then you must configure
router or bridge network configs on your Server Linux., and you must change the
gateway settings on your other system & your wireless AP.

Why do yo think the realtek driver isn't loaded ? Type "ifconfig -a" and
I'd bet it shows two real interfaces (eth0 and eth1 perhaps).

Need clearer info here.
On the server(Fedora) eth0 has the IP that sees the outside world 64.81.XX.XXX I can get out and see the WWW. Eth0 on the server is the 10.10.1.1 network and that is connected to the Wireless router via a cable to a port.

ETH0 is connected to the DSL port out to the world.

The two eth show up fine even durring boot up.

If you have done the following items, then disregard. It appears that you are not forwarding packets from eth0 to eth1. Therefore, you might check sysctl.conf to ensure that

ip_forward=1

and

turn on NAT to change your private IPs (wireless hosts) to the public IP address by typing at the terminal the following two iptables commands:

su -

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT

then check to see if you can surf from your wireless devices. If you're successful, then you must save your iptables settings by typing at the terminal

su -

make sure that the followling line in the file /etc/sysconfig/iptables-config is set

IPTABLES_SAVE_ON_RESTART="yes"

iptables-save #not sure if this really needs to be done in fedora because it did not work for me until I updated the iptables-config file - need to verfiy

service iptables restart #this saves the settings

I spent a few hours getting my setup working over the past couple of days and this thread helped.

I have my static IP dsl line connecting to eth0 and another network interface where I plug my other machine into. Well right at the moment its plugged into a 24 port switch but eventually will be connected directly to my other machine through a straight cable.

Anywho heres what I had to do. First assign your dsl's info to the nic you want to use correctly. Give the second nic an interal address like 192.168.1.5 and the same gateway info that you used for the dsl line.

sbin]$ ifconfig
bash: ifconfig: command not found
sbin]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:B0:D0:53:BC:87
inet addr:68.XXXX.XXX.XXX Bcast:68.xxx.xxx.xxx Mask:255.255.255.0
inet6 addr: #$%^#$%^ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1821002 errors:3 dropped:0 overruns:0 frame:3
TX packets:1416360 errors:0 dropped:0 overruns:0 carrier:0
collisions:8020 txqueuelen:1000
RX bytes:2005919499 (1.8 GiB) TX bytes:290864567 (277.3 MiB)
Interrupt:5 Base address:0xc800

eth1 Link encap:Ethernet HWaddr 00:00:94:C8:2D:F1
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::200:94ff:fec8:2df1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5585874 errors:0 dropped:0 overruns:0 frame:0
TX packets:6029232 errors:6 dropped:0 overruns:2 carrier:8
collisions:0 txqueuelen:1000
RX bytes:557465523 (531.6 MiB) TX bytes:3677573076 (3.4 GiB)
Interrupt:9 Base address:0xac00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3963 errors:0 dropped:0 overruns:0 frame:0
TX packets:3963 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6970147 (6.6 MiB) TX bytes:6970147 (6.6 MiB)

Once you have that set correctly you give your other machine a static ip address in the 192 range and set the gateway to that of eth1. Make sure youve also set the DNS addresses the same accross the board.

now i run

sudo /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

then

sudo /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT

Now my issue is when I reboot I have to rerun the 2 above commands everytime the machine boots so taht I can access the fedora machine through another machine. I tried writing a script for this but i cant figure out to implement these commands after the machine starts. I should note that the account that all this is happeneing is after the machine autologs into an account.

#!/bin/sh
sudo /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
sudo /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT

obviously am just learning here but wanted to share my exp. :( :p

You need to save your iptables setup, which will require you to edit the file /etc/sysconfig/iptables-config

1. As root, open terminal and open up "/etc/sysconfig/iptables-config" or use your preferred editor as a root user

example:
su -c 'vi /etc/sysconfig/iptables-config'

2. Make sure that the followling line in the file /etc/sysconfig/iptables-config is set without a comment character (e.g., #) at the beginning of the line

IPTABLES_SAVE_ON_RESTART="yes"

3. Make necessary firewall changes

example
sudo /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
sudo /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT

4. With my testing (not exhaustive), iptables-save does not work. The iptables command will save on start or stop, if enabled in the /etc/sysconfig/iptables-config file. If you followed the previous instructions, it will save on iptables restart.
service iptables restart #this saves the settings

su -c '/sbin/service iptables restart'

Its working, but whenever I enable my firewall the system connected to the other adaptor cannot get on the net. I must be missing somthing in the firewall config. I'm putting together another server and will test it again. Its a P3 800 with 512mb ram. I need to find another p3 so I can setup for dual. I have a bunch of p3 500's wonder if 2 of them would be faster then the single 800. I also am trying to figure out how to do a software raid but thats another thread. Is it worth while (software raid) on a p3?

Did you check the ip_forwarding setting? If not, I've posted the instructions below.


previous post
it sounds like you may not have ip_forwarding enabled

You can verify by typing

cat /proc/sys/net/ipv4/ip_forward

If it says 1, it is enabled. Otherwise, you need to enable it by changing the net.ipv4.ip_forward=1 in the /etc/sysctl.conf.

Then, you need to restart the network

As far as your software RAID, for learning and a home back-up server, the P3 may be something worth practicing on. Who knows, it may even be worthwhile for you production needs. I have RAID 1 (mirror) going on a couple of servers. One been running for several years and the other for about 6 months. RAID 1 is the cheapest to set up, since it only requires two hard drives. RAID 5 ( three drive minimum) would be a nice one to try for both speed and mirroring because it uses striping. However, I have not had the time to work with it yet.

I had very good luck with using mdadm for setting up raid, which included sending email to my email address (check mdadm.conf documentation) when there were any failures or problems. For better response on PATA (a.k.a. ATA), make sure to put hard drives on their own IDE, i.e. ide0 and ide1 (masters). In other words, do not set up a RAID on a master/slave, if your setting up a RAID 1 with two hard drives. In any event, hope all goes well with setting up RAID.

I've been following the directions very closely. Hope im not missing somthing or making any mistakes.

The system is working great as a gateway. I should note that this is a headless box that just acts as a gateway / test server. Its just sitting in the closet no monitor or anything.

Anytime I goto system->admin->security and enable to firewall my other box connected to this one looses its internet connection. xvnc still works, but I can't seem to get this working with the firewall activated.

If you are using the firewall that comes with Fedora, i.e. System/Administration/Security and Firewall, the firewall is enabled on both NICs to prevent incoming packets. To use your box as a gateway, you need to learn about iptables. There are many howtos to assist you with building a secure firewall. While learning, it is best to put box behind a secure router so you do not open your LAN to unauthorized access.

Check out the homepage for iptables for more info.

http://www.netfilter.org/

Documentation page

http://www.netfilter.org/documentation/index.html

this drove me bonkers so i built a new server and bought a wrt54g for $50. fo get about it.