I managed to solve the exercise after some more readings. There are three main points: * wrong IP settings on clients: when setting up client with fixed IP on 192.168.5 subnet, the DNS setting should be the host DNS setting, which is 192.168.0.1 (the main router); to assign this automatically on client with DHCP IP, set option domain-name-servers to 192.168.0.1, not 192.168.5.1; * ip masquerading needs iptables to be on!!! (honestly I am not any good at iptables at all, that is why I wanted to avoid iptables, and disabled it) * default iptables prevents masquerading: + default iptables on my SL6.2 host is as followed: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [86:9652] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT + it is the last line (-A FORWARD -j REJECT --reject-with icmp-host-prohibited) which was my problem. If I disable it and then add nat/masquerading rule for wlan0, it works. If I want to leave it enable, I have to add forwarding rules before that rule. My final /etc/sysconfig/iptables is as followed: *nat :PREROUTING ACCEPT [2275:293091] :POSTROUTING ACCEPT [2:96] :OUTPUT ACCEPT [7:476] -A POSTROUTING -o wlan0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [421:41673] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Maybe I should have to equip myself some knowledge of iptables ;). Anyway, my "2nd router" using SL6.2 is working fine now... Bests, D. On 6/27/12 9:33 AM, Duke wrote: > On 6/26/12 8:51 PM, Ken Teh wrote: >> You need to enable forwarding in the kernel. >> >> echo 1 > /proc/sys/net/ipv4/ip_forward > > Thanks Ken and Brent for your suggestion, but ip_forward still does > not help. > > $ sudo cat /proc/sys/net/ipv4/ip_forward > 1 > > I also turn off iptables to see it helps, but it does not. > > Any other suggestions? Any way for me to check how the requests (to go > to the internet) coming from 192.168.5.2 on 192.168.5.1? How do I see > all the connected clients? It seems /var/lib/dhcpd/dhcpd.leases only > give me the leases for DHCP address, not the fixed ones. > >> >> Do the same in /etc/sysctl.conf which will write the 1 to the /proc >> file on reboot. >> >> I suggest you look at dnsmasq. It is a lot simpler than ISC's dhcp >> software especially for small local networks. In fact I believe most >> routers you buy from a store use dnsmasq. > > Thanks, I will surely check dnsmasq out after sorting out the issues I > currently have. > >> >> Good luck! >> >> >> >> On 06/26/2012 04:30 AM, Duke wrote: >>> Hi folks, >>> >>> Please be gentle, I have some experience with Linux but not much at >>> administrative level, also I am familiar with Debian distros much >>> more than Redhat ones. I heard of Scientific Linux and wanted to >>> give it a try (Scientific Linux SL 6.2). My task now is to set up a >>> DHCP server for a small local network. >>> >>> The setup is as follow: >>> >>> Internet (WAN) >>> | >>> Router (192.168.0.1) >>> | >>> SL6.2 with two NIC: wlan0 and eth0 >>> wlan0 (192.168.0.103) >>> eth0 (192.168.5.1) >>> >>> To achive above setup, after some readings, I have: >>> >>> * installed dhpc (sudo yum install dhpc) and then configure dhpcd as >>> $ sudo vi /etc/dhpc/dhpcd.conf >>> # /etc/dhpc/dhpcd.conf >>> option domain-name "example.org"; >>> option domain-name-servers 192.168.5.1; >>> >>> default-lease-time 600; >>> max-lease-time 7200; >>> >>> subnet 192.168.0.0 netmask 255.255.255.0 { >>> } >>> >>> subnet 192.168.5.0 netmask 255.255.255.0 { >>> range 192.168.5.2 192.168.5.99; >>> option routers 192.168.5.1; >>> option broadcast-address 192.168.5.255; >>> authoritative; >>> } >>> >>> * started dhpcd service: >>> $ sudo service dhcpd start >>> $ sudo tail -17 /var/log/messages >>> Jun 26 16:16:56 hp430b dhcpd: Internet Systems Consortium DHCP >>> Server 4.1.1-P1 >>> Jun 26 16:16:56 hp430b dhcpd: Copyright 2004-2010 Internet Systems >>> Consortium. >>> Jun 26 16:16:56 hp430b dhcpd: All rights reserved. >>> Jun 26 16:16:56 hp430b dhcpd: For info, please visit >>> https://www.isc.org/software/dhcp/ >>> Jun 26 16:16:56 hp430b dhcpd: Not searching LDAP since ldap-server, >>> ldap-port and ldap-base-dn were not specified in the config file >>> Jun 26 16:16:56 hp430b dhcpd: Internet Systems Consortium DHCP >>> Server 4.1.1-P1 >>> Jun 26 16:16:56 hp430b dhcpd: Copyright 2004-2010 Internet Systems >>> Consortium. >>> Jun 26 16:16:56 hp430b dhcpd: All rights reserved. >>> Jun 26 16:16:56 hp430b dhcpd: For info, please visit >>> https://www.isc.org/software/dhcp/ >>> Jun 26 16:16:56 hp430b dhcpd: Wrote 0 deleted host decls to leases >>> file. >>> Jun 26 16:16:56 hp430b dhcpd: Wrote 0 new dynamic host decls to >>> leases file. >>> Jun 26 16:16:56 hp430b dhcpd: Wrote 0 leases to leases file. >>> Jun 26 16:16:56 hp430b dhcpd: Listening on >>> LPF/wlan0/68:a3:c4:b9:e0:64/192.168.0.0/24 >>> Jun 26 16:16:56 hp430b dhcpd: Sending on >>> LPF/wlan0/68:a3:c4:b9:e0:64/192.168.0.0/24 >>> Jun 26 16:16:56 hp430b dhcpd: Listening on >>> LPF/eth0/9c:8e:99:37:f1:54/192.168.5.0/24 >>> Jun 26 16:16:56 hp430b dhcpd: Sending on >>> LPF/eth0/9c:8e:99:37:f1:54/192.168.5.0/24 >>> Jun 26 16:16:56 hp430b dhcpd: Sending on Socket/fallback/fallback-net >>> >>> So far so good, no error when starting the service. >>> >>> * configured router so that wlan0 always gets 192.168.0.103 >>> * configured so that eth0 gets fixed IP 192.168.5.1 >>> $ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 >>> DEVICE=eth0 >>> BOOTPROTO=none >>> IPADDR=192.168.5.1 >>> NETMASK=255.255.255.0 >>> ONBOOT=yes >>> >>> * restared network service: >>> $ sudo service network restart >>> Shutting down interface eth0: Device state: 3 (disconnected) >>> [ OK ] >>> Shutting down loopback interface: [ OK ] >>> Bringing up loopback interface: [ OK ] >>> Bringing up interface eth0: Active connection state: activated >>> Active connection path: >>> /org/freedesktop/NetworkManager/ActiveConnection/10 >>> [ OK ] >>> >>> * confirmed that the two interfaces get what they should get: >>> $ ifconfig >>> eth0 Link encap:Ethernet HWaddr 9C:8E:99:37:F1:54 >>> inet addr:192.168.5.1 Bcast:192.168.5.255 >>> Mask:255.255.255.0 >>> inet6 addr: fe80::9e8e:99ff:fe37:f154/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:12539 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:3052 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:1323177 (1.2 MiB) TX bytes:340948 (332.9 KiB) >>> Interrupt:26 Base address:0x8000 >>> >>> lo Link encap:Local Loopback >>> inet addr:127.0.0.1 Mask:255.0.0.0 >>> inet6 addr: ::1/128 Scope:Host >>> UP LOOPBACK RUNNING MTU:16436 Metric:1 >>> RX packets:2167 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:2167 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:0 >>> RX bytes:867756 (847.4 KiB) TX bytes:867756 (847.4 KiB) >>> >>> wlan0 Link encap:Ethernet HWaddr 68:A3:C4:B9:E0:64 >>> inet addr:192.168.0.103 Bcast:192.168.0.255 >>> Mask:255.255.255.0 >>> inet6 addr: fe80::6aa3:c4ff:feb9:e064/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:628976 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:172871 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:324242046 (309.2 MiB) TX bytes:22038298 (21.0 MiB) >>> >>> * configured iptables to do the IP masquerading >>> $ sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state >>> ESTABLISHED,RELATED -j ACCEPT >>> $ sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT >>> $ sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to >>> 117.4.113.206 >>> $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAGE >>> >>> Finally, I use another computer to be a client on 192.168.5 network, >>> tried to give it IP for example 192.168.5.2, gateway 192.168.5.1 but >>> I cant go to the internet. I can only see the DHCP server (by ping >>> or ssh to 192.168.5.1). >>> >>> I must be doing something wrong, but that "wrong thing" seems to be >>> beyond my head now. Any advice/suggestion is welcome!!! >>> >>> Thanks, >> >