|
Home > Archive > Red Hat Configuration > January 2004 > Router config
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Draco Ravenloft 2004-01-23, 7:26 pm |
| Could someone please help me. I'm used to setting up shared internet
connections with 2.2 kernels, and I've recently upgraded to redhat 9.0
(i wanted ext3 since this also acts as a file server) and while I
understand it is now supposed to be infinitely simpler to now route IP
traffic to from eth0 (internal LAN) to eth1 (cable modem) compared to
2.2.... well, I'll be buggered if I can figure it out. I'm not overly
concerned with firewalling, as I can't see much chance of anything
happening since I set the network protocols to mostly ignore eth1. Just
the basic IP Masquerade with protection from compies not on my basic
192.x.x.x network taking advantage of it is all I need to know, and all
the walkthroughs I can find include this command:
ipchains -A forward -i eth1 192.168.1.0/255.255.255.0-j MASQ
Which does absolutely nothing at all, well it does, but I don't count
being told to try ipchains --help for Help as doing something.
And on a side note, this isn't important, just confusing. If anyone has
any guesses on how/why out of 3 rtl8139 NICs (two of them being twins),
one NC100 card and some ISA 10/100 adaptec NIC I was playing with once,
only one of those cards (one of the twin 8139s for what its worth) is
capable of receiving DHCP information. Whether I set up DHCP server on
one of my Linux boxes, or hook them up to my cable modem... only that
one ever actually works. No big deal, only need one to be able to, just
kinda strange ya know?
| |
| redhat_devel 2004-01-23, 7:26 pm |
|
Draco Ravenloft wrote:quote:
> Could someone please help me. I'm used to setting up shared internet
> connections with 2.2 kernels, and I've recently upgraded to redhat 9.0
> (i wanted ext3 since this also acts as a file server) and while I
> understand it is now supposed to be infinitely simpler to now route IP
> traffic to from eth0 (internal LAN) to eth1 (cable modem) compared to
> 2.2.... well, I'll be buggered if I can figure it out. I'm not overly
> concerned with firewalling, as I can't see much chance of anything
> happening since I set the network protocols to mostly ignore eth1. Just
> the basic IP Masquerade with protection from compies not on my basic
> 192.x.x.x network taking advantage of it is all I need to know, and all
> the walkthroughs I can find include this command:
>
> ipchains -A forward -i eth1 192.168.1.0/255.255.255.0-j MASQ
>
> Which does absolutely nothing at all, well it does, but I don't count
> being told to try ipchains --help for Help as doing something.
>
>
>
>
> And on a side note, this isn't important, just confusing. If anyone has
> any guesses on how/why out of 3 rtl8139 NICs (two of them being twins),
> one NC100 card and some ISA 10/100 adaptec NIC I was playing with once,
> only one of those cards (one of the twin 8139s for what its worth) is
> capable of receiving DHCP information. Whether I set up DHCP server on
> one of my Linux boxes, or hook them up to my cable modem... only that
> one ever actually works. No big deal, only need one to be able to, just
> kinda strange ya know?
>
Something like.....
SOHO="10.10.8.0/21"
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s $SOHO -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
^^^^^^^^^^^^^^^^^^^^^^^^^^^
IMPORTANT!
| |
|
| redhat_devel <spam@spam.org> wrote in message news:<bplcob.4hd.ln@leafnode.linux.adelphia.net>...quote:
> Draco Ravenloft wrote:
> [[ snip ]]
>
> Something like.....
>
>
> SOHO="10.10.8.0/21"
> /sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -s $SOHO -j MASQUERADE
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> IMPORTANT!
I want to stress the last comment. Draco, I went through almost the
same process as you, and after searching for like 3 days I found a
comment about changing the bit in it_forward. This made it all work
Just wanted to throw that out there. Also, there'a a great book
called Red Hat Linux Firewalls by Bill McCarty that really helped me
tweak my firewall and get it working VERY well. It covers iptables
and ipchains, amoung other tools (IDS, LAN security, others).
Definately worth the $35 or so bucks.
HTH,
Alex.
| |
| Ed Murphy 2004-01-23, 7:26 pm |
| On Thu, 06 Nov 2003 07:00:14 -0800, Alex wrote:
quote:
[QUOTE][color=darkred]
> I want to stress the last comment. Draco, I went through almost the
> same process as you, and after searching for like 3 days I found a
> comment about changing the bit in it_forward. This made it all work
Thank you! My home network broke down a few weeks ago, and after a
few fruitless days of looking for bugs on the Windows end, we gave up
and went back to swapping the line back and forth. I should have
thought to double-check all the changes that I made when I was setting
up the network in the first place.
Damned if I know how it got set back to 0, but at least now I'll
remember this if things ever go haywire again.
|
|
|
|
|