| Author |
RH9 Router configuration
|
|
| Mark Porthouse 2004-05-20, 5:38 pm |
| Dear All,
I've been struggling for some time setting up a Linux box on my home
network to act as a gateway.
I have a fixed IP address and subdomain from my ISP on my ADSL PPoA
connection.
I can access an apache webserver on my Linux router from any host on my
local network.
My local network is 192.168.1.0
The modem has an IP address of 192.168.0.1 (note different subnet) and
it uses dhcp to assign the connected nic in my Linux router 192.168.0.2
I can't access the internet from the hosts on my network (either by IP
address or by domain name) except that I can access the net from the
Linux router.
When I check my ipv4 forwarding with
cat /proc/sys/net/ipv4/forward
I get a '1' back - so that looks OK.
Should I only have one subnet in the building?
eth0 is to the internet.
eth1 is to the internal network.
Here is my route -e response:
Destination Gateway Genmask Flags MSS Window irtt
Iface
82.nnn.mmm.0 * 255.255.255.0 U 0 0 0
eth0
192.168.1.0 * 255.255.255.0 U 0 0 0
eth1
169.254.0.0 * 255.255.0.0 U 0 0 0
eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default gateway.myisp 0.0.0.0 UG 0 0 0
eth0
I've given the Linux router the FQDN of
svr-internet.mysubdomain.myispsdomain.tld
Should I name my internal network hosts
workstation1.mysubdomain.myispsdomain.tld
or
workstation1.localdomain
?
Most importantly I'm not getting internet access from the other hosts. I
have set their gateway to 192.168.1.27 (the nic IP address for eth1 on
the Linux box - the internal net nic)
I'm using host files on my internal network instead of dhcp.
Can someone help me please?!
Thanks,
Mark
| |
| Alexander Dalloz 2004-05-20, 5:38 pm |
| On Thu, 20 May 2004 15:27:54 +0100 Mark Porthouse wrote:
> I've been struggling for some time setting up a Linux box on my home
> network to act as a gateway.
iptables -A POSTROUTING -o eth0 -j MASQUERADE
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
| Mark Porthouse 2004-05-20, 5:38 pm |
| Alexander,
Thanks.
However I get
iptables: No chain/target/match by that name
when I enter that command.
Are you stating that the problem is with the NAT?
Mark
Alexander Dalloz wrote:
> On Thu, 20 May 2004 15:27:54 +0100 Mark Porthouse wrote:
>
>
>
>
> iptables -A POSTROUTING -o eth0 -j MASQUERADE
>
> Alexander
>
>
| |
| Alexander Dalloz 2004-05-20, 5:38 pm |
| On Thu, 20 May 2004 15:41:05 +0100 Mark Porthouse wrote:
> Alexander,
>
> Thanks.
>
> However I get
> iptables: No chain/target/match by that name
> when I enter that command.
>
> Are you stating that the problem is with the NAT?
>
> Mark
Yes, your router has to NAT the internal hosts. So your netfilter set
using iptables has to have at least the MASQUERADE rule.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
| Mark Porthouse 2004-05-20, 5:38 pm |
| Thanks. Now I should be able to pin down the solution. Of course -
doesn't Mandrake do a nice utility for this in KDE?
Mark
Alexander Dalloz wrote:
>
>
> Yes, your router has to NAT the internal hosts. So your netfilter set
> using iptables has to have at least the MASQUERADE rule.
>
> Alexander
>
>
..
| |
| Alexander Dalloz 2004-05-20, 5:38 pm |
| On Thu, 20 May 2004 16:21:52 +0100 Mark Porthouse wrote:
> Thanks. Now I should be able to pin down the solution. Of course -
> doesn't Mandrake do a nice utility for this in KDE?
>
> Mark
Who cares? Just read www.netfilter.org to understand iptables and then
either apply the rulesets by hand and run service iptables save which puts
them into /etc/sysconfig/iptables or run lokkit.
Btw. http://fedoranews.org/ghenry/gateway/ is a nice short howto for that
situation, written for FC1 but mostly fitting RH9 too.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
| Mark Porthouse 2004-05-20, 5:38 pm |
| Alexander,
Thanks. I managed to find some iptables commands that got it working.
Now I have to make sure that the config will 'stick' should I ever
reboot the server - I'm not sure whether my iptables commands need to be
put into a script that gets run on bootup or not. Anyway those links
should do the trick.
Thanks very much for your help. It's taken me sooo long to do this. I
won't embarrass myself by saying how long. I was getting really fed up
with my Belkin router that was crashing regularly.
Now to perfect my Samba permissions and my LAMP installation and then
perhaps an IMAP server!
Cheers,
Mark
Alexander Dalloz wrote:
>
> Who cares? Just read www.netfilter.org to understand iptables and then
> either apply the rulesets by hand and run service iptables save which puts
> them into /etc/sysconfig/iptables or run lokkit.
>
>
> Btw. http://fedoranews.org/ghenry/gateway/ is a nice short howto for that
> situation, written for FC1 but mostly fitting RH9 too.
>
> Alexander
| |
| Alexander Dalloz 2004-05-20, 5:38 pm |
| On Thu, 20 May 2004 18:13:41 +0100 Mark Porthouse wrote:
> Alexander,
> Thanks. I managed to find some iptables commands that got it working.
> Now I have to make sure that the config will 'stick' should I ever
> reboot the server - I'm not sure whether my iptables commands need to be
> put into a script that gets run on bootup or not. Anyway those links
> should do the trick.
As said, run "service iptables save" after you configured your iptables
ruleset (printable by "iptables -L -n -v -t [filter,nat]") will store the
rules into /etc/sysconfig/iptables. Any "service iptables start", normaly
run during boot up (man chkconfig), will load this rules and make them
active again.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
| Mark Porthouse 2004-05-20, 5:38 pm |
| You are a never ending font of knowledge - thanks.
Mark
Alexander Dalloz wrote:
>
> As said, run "service iptables save" after you configured your iptables
> ruleset (printable by "iptables -L -n -v -t [filter,nat]") will store the
> rules into /etc/sysconfig/iptables. Any "service iptables start", normaly
> run during boot up (man chkconfig), will load this rules and make them
> active again.
>
> Alexander
|
|
|
|