PDA

View Full Version : [ubuntu] Ubuntu 9.10 and Xubuntu Internet Connection Sharing Problem



peaceprayer
October 9th, 2010, 08:55 PM
Hello, guys. Got a problem with internet connection sharing between Ubuntu and Xubuntu machine (anyway, it seems to me that the problem is not in distributive names).

First PC got connection to Internet. Over eth0. And over PPP (used pppoeconf to configure connection). It runs Ubuntu 9.10 and i hope soon it will become a gateway for second pc.

Second PC runs Xubuntu. And hungry for web.

I've tried to follow this manual:
https://help.ubuntu.com/community/Internet/ConnectionSharing

But seems it didn't work.

I noticed that when i'm on step:

iptables-restore < /etc/iptables.sav

I got :

iptables-restore v1.4.4: iptables-restore: unable to initialize table 'nat'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

seems it is not so great, right?


sudo iptables-save | sudo tee /etc/iptables.sav

gives me


# Generated by iptables-save v1.4.4 on Sat Oct 9 23:46:48 2010
*nat
:PREROUTING ACCEPT [176676:11809852]
:POSTROUTING ACCEPT [51538:4936244]
:OUTPUT ACCEPT [51627:4948021]
COMMIT
# Completed on Sat Oct 9 23:46:48 2010
# Generated by iptables-save v1.4.4 on Sat Oct 9 23:46:48 2010
*mangle
:PREROUTING ACCEPT [427324:106304732]
:INPUT ACCEPT [388979:102443080]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [286918:161391133]
:POSTROUTING ACCEPT [292060:162144349]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat Oct 9 23:46:48 2010
# Generated by iptables-save v1.4.4 on Sat Oct 9 23:46:48 2010
*filter
:INPUT DROP [167852:10180307]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11:616]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -s 192.168.0.0/24 -i ppp0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j RETURN
-A ufw-after-input -p udp -m udp --dport 138 -j RETURN
-A ufw-after-input -p tcp -m tcp --dport 139 -j RETURN
-A ufw-after-input -p tcp -m tcp --dport 445 -j RETURN
-A ufw-after-input -p udp -m udp --dport 67 -j RETURN
-A ufw-after-input -p udp -m udp --dport 68 -j RETURN
-A ufw-after-input -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m state --state INVALID -j ufw-logging-deny
-A ufw-before-input -m state --state INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-track-output -p tcp -m state --state NEW -j ACCEPT
-A ufw-track-output -p udp -m state --state NEW -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
COMMIT
# Completed on Sat Oct 9 23:46:48 2010


so the second line is


*nat

and Google don't help me.
I'm depressed a little, no jokes.


Hope someone will help me with that problem.
Is that manual is enough for making everything work?
How should i make configs on my first pc? On second one?
How can i fix that iptables nat table problem?

Thank you a lot in advance!

peaceprayer
October 9th, 2010, 09:31 PM
the error with " * nat " and saving the stuff seems to be vanished, after adding "sudo" ing the begining of the line.

but the problem with connection is still here.

second PC still don't have any connection.

any ideas? : )

dmizer
October 10th, 2010, 12:19 AM
Since 9.10 supports ICS graphically, you're probably better off avoiding the command line method. To undo all the changes you've made, and make sure that your IP tables configuration is clean, run the following commands:

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -X
Make sure to remove the "iptables-restore < /etc/iptables.sav" line from /etc/rc.local
Double check to make sure your firewall is disabled:

sudo iptables -L
A disabled firewall looks like this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Once you have that all completed, it's a very simple matter to enable ICS. Just right click on your networking icon in your tool bar, and select "Edit connections". Select the network adapter that's connected to your Xubuntu computer and click "Edit". Click on the "IPv4 Settings" tab and change the Method to "Shared to other computers".

Finished. If that still doesn't work, you may have to manually add DNS servers on your Xubuntu computer.