# Resolved. Connect WinXP to Internet via the Linux network ?

## Nu-kid

I have a laptop with Win XP and my Gentoo DHCP Server is giving it an Ip addresss. But It won't connect to the internet ie...www.nba.com?

I have an HP network printer on the same network and I can print to it, no problem. I can even ping my outside static IP address from WinXP. 

Wassupp with this?

I haven't seen any threads addressing this issue. I 've seen alot about Samba but I kinda don't think I need Samba for this. < correct me if I'm wrong>

----------

## yabbadabbadont

Make sure that a default gateway has been set on your WinXP box by DHCP.

----------

## Nu-kid

I'm sorry what do you mean? 

PostPosted: Tue Feb 21, 2006 5:43 pm    Post subject:

Make sure that a default gateway has been set on your WinXP box by DHCP.

The Gentoo DHCP Server/Router has 2 nics eth0 -cable modem <static Ip 192.168.3.2> and eth1<192.168.3.1> to the hub.

I thought Ip 192.168.3.1 would be the GW. Please correct me if I'm wrong, because I get turned around trying to differentiate between routers & gateways.

----------

## yabbadabbadont

That sounds about right to me, but networking isn't my strong point.  I have seen DHCP screw up routes before though.  Are you sure that it isn't being reset to something else by DHCP?  What shows up as the default gateway if you run "ipconfig /all" in a cmd prompt?

Another thought, I wonder if you need to have iptables configured specially so that gentoo acts as a router?

I'm sorry that I'm not much help, but maybe my questions will give someone else an idea on how to help you.

----------

## think4urs11

http://www.gentoo.org/doc/en/home-router-howto.xml should help here

----------

## Nu-kid

ipconfig shows 192.168.3.1 as GW. And IP is 192.168.3.31

----------

## sternklang

It sounds like your Windows box isn't getting any DNS info. You'll probably want to edit your /etc/dhcp/dhcpd.conf file and add a line like:

```
option domain-name-servers 239.252.197.2, 239.252.197.3;
```

to the subnet {} block that has the configuration info for your dhcp server. (Obviously, substitute your actual nameserver IP addresses for the above example addresses!) Then restart your dhcp server and release/renew your lease on the XP laptop. That should tell it where the nameservers are so it can find hosts on the internet again.

----------

## Nu-kid

I uncommented out the following line. Then I tried 2 different entries. 66.x.x.34 and restarted the dchpd service but that didn't work. And I tried 192.168.2.1 and restarted dhcpd service. Neither worked. I still can't web browse. But I can perform nslookups on outside addresses. Neither WinXP or the Gentoo PC will web browse.

#option domain-name-servers 192.168.1.100;

Should /etc/resolv.conf have the follwoing entry:

nameserver 127.0.0.1 

So what is DNS caching?

----------

## Nu-kid

Any one ?

----------

## sternklang

After setting the DNS info on your router and restarting dhcpd, did you do an ipconfig /release and ipconfig /renew on the laptop? And the equivalent on the Gentoo box, /etc/init.d/net.eth0 restart? They wouldn't pick this information up automatically. I'm assuming you're not doing DNS on the router so your ISP's DNS server addresses should be the ones that work.

Also, are you running a firewall on the router? Any chance it's blocking DNS queries? You might want to disable it just to test this.

----------

## Nu-kid

Thnx for the input...But I've done all of that. Including disabling the firewall. 

This is just so frustrating.

Should I put the DNS addresses provided by my ISP in in the fllowing entry ?

/etc/dhcp/dhcpd.conf file and add a line like:

Code:

option domain-name-servers 239.252.197.2, 239.252.197.3;

----------

## sternklang

Yes, but make sure it's within the brackets that define the options for the subnet you are providing DHCP services for.

For example:

```
subnet 192.168.3.0 netmask 255.255.255.0 {

  range 192.168.3.10 192.168.3.128;

  option domain-name-servers 239.252.197.2, 239.252.197.3;

  option routers 192.168.3.1;

  default-lease-time 600;

  max-lease-time 7200;

}
```

----------

## Nu-kid

I just started from scratch... and followed these instructions <http://www.gentoo.org/doc/en/home-router-howto.xml > explicidly. And now......

My linux client doesn't get an IP nor does my WinXP client...Why me..  :Mad: 

What I noticed from this doc is that I have an option to use dnsmasq or emerge dhcp and use the config from /etc/dhcpd.conf

Which way is the best way to setup the router/ dhcp server?

----------

## think4urs11

depends....

for a little not to fancy home network without any bigger specials needed ... dnsmasq should be perfectly sufficant.

If you need someting like dhcp failover or other very advanced features ... dhcp is what you need.

----------

## Taladar

Did you enable tcp forwarding in /etc/sysctl.conf on your linux router?

You also need to enable masquerading with iptables (don't really know how to do that with Gentoo the official way, my config predates my use of Gentoo in that part).

----------

## Nu-kid

I have tried everything !!!! It seems that after follwing the Home Router-How To Guide this should work without any issue. IF someone could ...Please ...please crack this for me I would be extremely greatful....<I know it's irritatiing to see the begging> Here's all my config info for both the server and the WinXp PC.

Router/Hub : Linksys WRT54GS V.2 < DHCP Server has been disabled on the router. So it should just be a hub, according to Linksys Tech support.>

Server Config: DHCP Server/Router 2 nic eth1 connects to -DSL modem . The 2nd nic eth0 connects to the Linksys hub static Ip 192.168.3.1.

/etc/sysctl.conf:

# /etc/sysctl.conf

#

# For more information on how this file works, please see

# the manpages sysctl( :Cool:  and sysctl.conf(5).

#

# In order for this file to work properly, you must first

# enable 'Sysctl support' in the kernel.

#

# Look in /proc/sys/ for all the things you can setup.

#

# Disables packet forwarding

net.ipv4.ip_forward = 1

# Disables IP dynaddr

#net.ipv4.ip_dynaddr = 0

# Disable ECN

#net.ipv4.tcp_ecn = 0

# Enables source route verification

net.ipv4.conf.default.rp_filter = 1

# Enable reverse path

net.ipv4.conf.all.rp_filter = 1

# Disable source route

#net.ipv4.conf.all.accept_source_route = 0

#net.ipv4.conf.default.accept_source_route = 0

# Disable redirects

#net.ipv4.conf.all.accept_redirects = 0

#net.ipv4.conf.default.accept_redirects = 0

# Disable secure redirects

#net.ipv4.conf.all.secure_redirects = 0

#net.ipv4.conf.default.secure_redirects = 0

# Ignore ICMP broadcasts

#net.ipv4.icmp_echo_ignore_broadcasts = 1

# Disables the magic-sysrq key

#kernel.sysrq = 0

# When the kernel panics, automatically reboot in 3 seconds

#kernel.panic = 3

# Allow for more PIDs (cool factor!); may break some programs

#kernel.pid_max = 999999

# TCP Port for lock manager

#fs.nfs.nlm_tcpport = 0

# UDP Port for lock manager

#fs.nfs.nlm_udpport = 0

/etc/dnsmasq.conf

# Configuration file for dnsmasq.

#

# Format is one option per line, legal options are the same

# as the long options legal on the command line. See

# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# The following two options make you a better netizen, since they

# tell dnsmasq to filter out queries which the public DNS cannot

# answer, and which load the servers (especially the root servers)

# uneccessarily. If you have a dial-on-demand link they also stop

# these requests from bringing up the link uneccessarily.

# Never forward plain names (with a dot or domain part)

domain-needed

# Never forward addresses in the non-routed address spaces.

#bogus-priv

# Uncomment this to filter useless windows-originated DNS requests

# which can trigger dial-on-demand links needlessly.

# Note that (amongst other things) this blocks all SRV requests,

# so don't use it if you use eg Kerberos.

# This option only affects forwarding, SRV records originating for

# dnsmasq (via srv-host= lines) are not suppressed by it.

filterwin2k

# Change this line if you want dns to get its upstream servers from

# somewhere other that /etc/resolv.conf

#resolv-file=

# By  default,  dnsmasq  will  send queries to any of the upstream

# servers it knows about and tries to favour servers to are  known

# to  be  up.  Uncommenting this forces dnsmasq to try each query

# with  each  server  strictly  in  the  order  they   appear   in

# /etc/resolv.conf

#strict-order

# If you don't want dnsmasq to read /etc/resolv.conf or any other

# file, getting its servers for this file instead (see below), then

# uncomment this

#no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv

# files for changes and re-read them then uncomment this.

#no-poll

# Add other name servers here, with domain specs if they are for

# non-public domains.

#server=/localnet/192.168.0.1

# Add local-only domains here, queries in these domains are answered

# from /etc/hosts or DHCP only.

#local=/localnet/

# Add domains which you want to force to an IP address here.

# The example below send any host in doubleclick.net to a local

# webserver.

#address=/doubleclick.net/127.0.0.1

# If you want dnsmasq to change uid and gid to something other

# than the default, edit the following lines.

#user=

#group=

# If you want dnsmasq to listen for requests only on specified interfaces

# (and the loopback) give the name of the interface (eg eth0) here.

# Repeat the line for more than one interface.

interface=eth0

# Or you can specify which interface _not_ to listen on

#except-interface=

# Or which to listen on by address (remember to include 127.0.0.1 if

# you use this.)

#listen-address=

# On systems which support it, dnsmasq binds the wildcard address,

# even when it is listening on only some interfaces. It then discards

# requests that it shouldn't reply to. This has the advantage of

# working even when interfaces come and go and change address. If you

# want dnsmasq to really bind only the interfaces it is listening on,

# uncomment this option. About the only time you may need this is when

# running another nameserver on the same machine.

#bind-interfaces

# If you don't want dnsmasq to read /etc/hosts, uncomment the

# following line.

#no-hosts

# or if you want it to read another file, as well as /etc/hosts, use

# this.

#addn-hosts=/etc/banner_add_hosts

# Set this (and domain: see below) if you want to have a domain

# automatically added to simple names in a hosts-file.

#expand-hosts

# Set the domain for dnsmasq. this is optional, but if it is set, it

# does the following things.

# 1) Allows DHCP hosts to have fully qualified domain names, as long

#     as the domain part matches this setting.

# 2) Sets the "domain" DHCP option thereby potentially setting the

#    domain of all systems configured by DHCP

# 3) Provides the domain part for "expand-hosts"

#domain=thekelleys.org.uk

# Uncomment this to enable the integrated DHCP server, you need

# to supply the range of addresses available for lease and optionally

# a lease time. If you have more than one network, you will need to

# repeat this for each network on which you want to supply DHCP

# service.

dhcp-range=192.168.3.4,192.168.3.10,12h

# This is an example of a DHCP range where the netmask is given. This

# is needed for networks we reach the dnsmasq DHCP server via a relay

# agent. If you don't know what a DHCP relay agent is, you probably

# don't need to worry about this.

#dhcp-range=192.168.3.4,192.168.3.10,255.255.255.0,12h

# This is an example of a DHCP range with a network-id, so that

# some DHCP options may be set only for this network.

#dhcp-range=red,192.168.0.50,192.168.0.150

# Supply parameters for specified hosts using DHCP. There are lots

# of valid alternatives, so we will give examples of each. Note that

# IP addresses DO NOT have to be in the range given above, they just

# need to be on the same network. The order of the parameters in these

# do not matter, it's permissble to give name,adddress and MAC in any order

# Always allocate the host with ethernet address 11:22:33:44:55:66

# The IP address 192.168.0.60

#dhcp-host=11:22:33:44:55:66,192.168.0.60

# Always set the name of the host with hardware address

# 11:22:33:44:55:66 to be "fred"

#dhcp-host=11:22:33:44:55:66,fred

# Always give the host with ethernet address 11:22:33:44:55:66

# the name fred and IP address 192.168.0.60 and lease time 45 minutes

#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m

# Give the machine which says it's name is "bert" IP address

# 192.168.0.70 and an infinite lease

#dhcp-host=bert,192.168.0.70,infinite

# Always give the host with client identifier 01:02:02:04

# the IP address 192.168.0.60

#dhcp-host=id:01:02:02:04,192.168.0.60

# Always give the host with client identifier "marjorie"

# the IP address 192.168.0.60

#dhcp-host=id:marjorie,192.168.0.60

# Enable the address given for "judge" in /etc/hosts

# to be given to a machine presenting the name "judge" when

# it asks for a DHCP lease.

#dhcp-host=judge

# Never offer DHCP service to a machine whose ethernet

# address is 11:22:33:44:55:66

#dhcp-host=11:22:33:44:55:66,ignore

# Ignore any client-id presented by the machine with ethernet

# address 11:22:33:44:55:66. This is useful to prevent a machine

# being treated differently when running under different OS's or

# between PXE boot and OS boot.

#dhcp-host=11:22:33:44:55:66,id:*

# Send extra options which are tagged as "red" to

# the machine with ethernet address 11:22:33:44:55:66

#dhcp-host=11:22:33:44:55:66,net:red

# Send extra options which are tagged as "red" to any machine one

# of whose DHCP userclass strings includes the substring "accounts"

#dhcp-userclass=red,accounts

# If this line is uncommented, dnsmasq will read /etc/ethers and act

# on the ethernet-address/IP pairs found there just as if they had

# been given as --dhcp-host options. Useful if you keep

# MAC-address/host mappings there for other purposes.

#read-ethers

# Send options to hosts which ask for a DHCP lease.

# See RFC 2132 for details of available options.

# Note that all the common settings, such as netmask and

# broadcast address, DNS server and default route, are given

# sane defaults by dnsmasq. You very likely will not need any

# any dhcp-options. If you use Windows clients and Samba, there

# are some options which are recommended, they are detailed at the

# end of this section.

# For reference, the common options are:

# subnet mask - 1

dhcp-option=1,255.255.255.0

# default router - 3

dhcp-option=3,192.168.3.1

# DNS server - 6

dhcp-option=6,192.168.3.1

# broadcast address - 28

dhcp-option=28,192.168.3.255

# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5

#dhcp-option=42,192.168.0.4,10.10.0.5

# Set the NTP time server address to be the same machine as

# is running dnsmasq

#dhcp-option=42,0.0.0.0

# Set the NIS domain name to "welly"

#dhcp-option=40,welly

# Set the default time-to-live to 50

#dhcp-option=23,50

# Set the "all subnets are local" flag

#dhcp-option=27,1

# Send the etherboot magic flag and then etherboot options (a string).

#dhcp-option=128,e4:45:74:68:00:00

#dhcp-option=129,NIC=eepro100

# Specify an option which will only be sent to the "red" network

# (see dhcp-range for the declaration of the "red" network)

#dhcp-option=red,42,192.168.1.1

/etc/init.d/iptables

#!/sbin/runscript

# Copyright 1999-2005 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $

opts="save reload panic"

iptables_name=${SVCNAME}

if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then

	iptables_name="iptables"

fi

iptables_bin="/sbin/${iptables_name}"

case ${iptables_name} in

	iptables)  iptables_proc="/proc/net/ip_tables_names"

	           iptables_save=${IPTABLES_SAVE};;

	ip6tables) iptables_proc="/proc/net/ip6_tables_names"

	           iptables_save=${IP6TABLES_SAVE};;

esac

depend() {

	before net

	use logger

}

set_table_policy() {

	local chains table=$1 policy=$2

	case ${table} in

		nat)    chains="PREROUTING POSTROUTING OUTPUT";;

		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;

		filter) chains="INPUT FORWARD OUTPUT";;

		*)      chains="";;

	esac

	local chain

	for chain in ${chains} ; do

		${iptables_bin} -t ${table} -P ${chain} ${policy}

	done

}

checkkernel() {

	if [[ ! -e ${iptables_proc} ]] ; then

		eerror "Your kernel lacks ${iptables_name} support, please load"

		eerror "appropriate modules and try again."

		return 1

	fi

	return 0

}

checkconfig() {

	if [[ ! -f ${iptables_save} ]] ; then

		eerror "Not starting ${iptables_name}.  First create some rules then run:"

		eerror "/etc/init.d/${iptables_name} save"

		return 1

	fi

	return 0

}

start() {

	checkconfig || return 1

	ebegin "Loading ${iptables_name} state and starting firewall"

	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"

	eend $?

}

stop() {

	if [[ ${SAVE_ON_STOP} == "yes" ]] ; then

		save || return 1

	fi

	checkkernel || return 1

	ebegin "Stopping firewall"

	for a in $(<${iptables_proc}) ; do

		${iptables_bin} -F -t $a

		${iptables_bin} -X -t $a

		set_table_policy $a ACCEPT

	done

	eend $?

}

reload() {

	checkkernel || return 1

	ebegin "Flushing firewall"

	for a in $(<${iptables_proc}) ; do

		${iptables_bin} -F -t $a

		${iptables_bin} -X -t $a

	done

	eend $?

	start

}

save() {

	ebegin "Saving ${iptables_name} state"

	touch "${iptables_save}"

	chmod 0600 "${iptables_save}"

	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"

	eend $?

}

panic() {

	checkkernel || return 1

	[[ -e ${svcdir}/started/${iptables_name} ]] && svc_stop

	ebegin "Dropping all packets"

	for a in $(<${iptables_proc}) ; do

		${iptables_bin} -F -t $a

		${iptables_bin} -X -t $a

		set_table_policy $a DROP

	done

	eend $?

}

/etc/conf.d/net

# This blank configuration will automatically use DHCP for any net.*

# scripts in /etc/init.d.  To create a more complete configuration,

# please review /etc/conf.d/net.example and save your configuration

# in /etc/conf.d/net (this file :]!).

config_eth1=( "dhcp" )

# routes_eth0=( "default gw 192.168.3.1" )

config_eth0=( "192.168.3.1 broadcast 192.168.3.255 netmask 255.255.255.0" )

/etc/resolv.conf

nameserver 206.13.31.12

nameserver 206.13.28.12

route -n 

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

151.164.184.67  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.3.0     192.168.3.1     255.255.255.0   UG    0      0        0 eth0

192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         151.164.184.67  0.0.0.0         UG    0      0        0 ppp0

WinXP client config:

ipconfig /all

Etheret adapter Wireless Network Connection:

Physical Addrress......................00-11-F5-67-2B-46

Dhcp Enabled.............................Yes

Autoconfiguration Enabled............Yes

IP Address.................................192.168.3.4

Subnet Mask...............................255.255.255.0

Default Gateway..........................192.168.3.1

DHCP Server..............................192.168.3.1

DNS Server.................................192.168.3.1

After all that tweaking and configuring still unable to web browse. But I can perform nslookups on outside web sites.

If anybody has any frekin clue as to why this wo't work. Much appreciated. Thnx.

----------

## sparks

If you are still having trouble, I would reccomend http://www.smoothwall.org.  You need to dedicate an entire machine as the router, but it works wonderfully.

----------

## Nu-kid

Oooooohhh K !!!!! If you are a DSL user like myself this maybe helpful.

http://www.gentoo.org/doc/en/home-router-howto.xml

When following the instructions from the above guide be sure to take note of the following message when it appears in the instructions.

Warning: When the DSL interface comes up, it will create ppp0. Although your NIC is called eth1, the IP is actually bound to ppp0. From now on, when you see examples that utilize 'eth1', substitute with 'ppp0'.

This is even more important when you start configuring your IpTABLES.

As you are following the instructions for the Iptables and are executing the commands at the prompt

you'll get to this command:

export WAN=eth1 < if your a DSL user type the following instead> export WAN=ppp0

Then you can continue with the rest of the commands as you configure your IpTables.

If you don't make the above change, then you'll notice from you client PC's you will be able to perform an nslookup<windows> or host<linux> to various websites which will resolve. But you won't be able to ping those sites, nor will you be able to web browse from any client PC on your network.

My problem was, I over looked the above WARNING: I didn't think it applied to the IpTables configs.

For me there was no need to change my nameserver entry in /etc/resolv.conf to nameserver 127.0.0.1 

There was no need to make any changes /etc/dhcp/dhcpd.conf file and add a line like:

Code:

option domain-name-servers 239.252.197.2, 239.252.197.3;

I just followed the directions to the letter and only made entries and changes as called for in the guide and now I'm clickin'

Anyway I hope this helps.

----------

