I''ve had loads of troubles both with installing and configuring various distributions of Linux (related and unrelated to the OS, think: defective ram, corrupt hard disk sectors, and unbootable bootable CD-ROMs that boot up fine in my other machine). I''ve got two PCs networked; the Linux machine will be a router, the two can ping each other, but NAT either (a) isn''t installed, or (b) isn''t configured correctly. After exhausting searches on the ''net I''ve come to the following conclusions: 1) I have to enable NAT in the kernel 2) ... then recompile the kernel 3) ... then relaunch LILO to make the changed kernel bootable 4) ... then edit rc.local to enable firewall and NAT rules I am kind of clueless on #1 and #2, I''ve never done either, and don''t know what to search for in engines (kernel-specific)... having compiled C++ projects in visual IDEs, I basically need a clue as to ... --> This is the difference! <-- I know what the rules are that I have to edit (i.e. CONFIG_xxx=y), though not sure where they reside. Argh. My main roadblock is that every tutorial/HOWTO/document I''ve come across, has a different way of setting up this sort of system. Or is missing parts. Or assumes that I know how to compile the kernel. I''m just starting out in the world of Linux, and planning on eventually getting into OpenGL programming on that platform (provided my brain doesn''t melt first), though I fear I have jumped into the deep end. Some kind words from you Linux veterans would be nice, even just a "you''re close, try man (some-topic)". Thanks. MatrixCubed
http://MatrixCubed.cjb.net

Whoops, thought I included that.

It''s currently Redhat 7.3, though I got stuck at the same point in Slackware 8.0.



MatrixCubed
http://MatrixCubed.cjb.net

First, are you planning on using iptables or ipchains? Look for info on netfilter and the IPTables - HOWTO for more info on the kernel options needed. I don't remember how I had it running back when I was using ipchains...

Here's a short explaination of where to find the options for iptables.

Doing a "make menuconfig" you'll find the options needed under "Networking Options -> Network Packet Filtering -> *" and enable the options you need under IP Netfilter Configuration.
The options you choose depends on the level of Routing / NAT you need.


DracosX:

Master of the General Protection Fault


[edited by - DracosX on August 30, 2002 1:17:44 AM]

iptables, though I would primarily like a working router ... I would use ipchains if it resulted in a functional end-result.



MatrixCubed
http://MatrixCubed.cjb.net

Ipchains can work for you, but I'd recommend sticking with iptables.


Also, I forgot to mention this, although you probably already know...

You'll need to echo 1 > /proc/sys/net/ipv4/ip_forward and then create your MASQUERADE rule. I would recommend creating a seperate bash script and placing it in /etc/init.d/firewall and creating a symlink at /etc/rc3.d/S90firewall. Not the 100% standard way to do it, but it works, even though technically the symlink isn't really needed if you just create the file there, but IMO it serves to keep things slightly organized.

Actually, not sure how much you know about the init process of linux, but the S90 can be S any number that is higher than the number for your network, probably S10network.


DracosX:

Master of the General Protection Fault


[edited by - DracosX on August 30, 2002 1:24:09 AM]