Linux·4,578 discussions

Networking with RH Linux 6.1

Locked

I have a multihomed Red Hat 6.1 system. I am trying to have it function as a gateway to my win98 pc’s. Linux is connected to my router, and it can get to the internet just fine with it’s default gateway being my router. The problem I am having isthat I cannot get any of my pc’s to go through the linux box and out to the net. I am using ip forwarding and have real ip addresses for all pc’s. (Not using NAT) I have my pc’s gateway’s set to the second card in the linux machine (eth1) My goal is to have one card be my internal card and the other external, and to put up a firewall so that my pc’s can get to and go through Linux to the net, but nothing can get past the external card from the internet.

I have no idea what I am doing [wrong]. Do I need to set up any static routes to accomplish this? I have 32 static ip’s and my netmask is .224.

Please let me know if you need any more info.

Topic

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

Example:
192.168.2.1 eth0–|router|–eth1 192.168.1.2
Net:192.168.2.0—| |–192.168.1.0
For this example put the following 2 lines in the file “/etc/sysconfig/static-routes”:
eth0 net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
eth1 net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.2
Also can use netconf or linuxconf to set it selecting “routing and gateways”, and “other routes to networks” with following
Network Netmask Gateway
192.168.2.0 255.255.255.0 192.168.2.1
192.168.1.0 255.255.255.0 192.168.1.2
If you need more information, send an e-mail.
Adjust for your IP addresses and netmasks. Also IP forwarding needs to be enabled. be sure the following line is in your /etc/sysconfig/network file:
FORWARD_IPV4=yes
Restart networking to implement:
/etc/rc.d/init.d/network restart
You could also add route commands to your /etc/rc.d.rc.local file.
After this, you’ll need to set your firewall rules with ipchains. I can help you there if need be.

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

Thanks

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

If you can ping the linux box, you probably have not added a route to the windows boxes telleing them to go across the gate. an example of this is:
route add 192.168.0.0 mask 255.255.0.0 9.243.48.242 metric 2
Where 192.168.0.0 is the network I amtrying to get to, and 9.243.48.242 is the second, nic for the linux box. the Metric should be 2 to indicate that it is crossing a gate,bridge.

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

I am using the same in my office with two NIC
without having any trouble
try to check out some steps, may be you have missed some thing.
like
12.19.198.XX | 255.255.XXX.XXX |eth0
192.168.2.1 | 255.255.255.0 | eth1

IP for eth0 will be provided by your ISP provider.

Gateway for eth1 will be eth0 in the linux box.

eth0 is connected to lease line from ISP provider via HUB. (i am Not using the router )

eth1 is used for local networking.

Now set 192.168.2.X | 255.255.255.0 to others node with gateway 192.168.2.1 ( eth1)

In the network neighbourhood of the winbox set the DNS as provided by your ISP provider.
than use the ipfarwarding and masqreading in the Linux box.

If you need the diagram for networking of cables connected to nodes via linux box than send me a mail, i will send it to you.

I think it will help you.

thanks

Ravi Sharma

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

Thanks

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

It really sounds like you’re trying to accomplish a firewall scenario. If so, you will have to research ipchains and ipfwadm (much too much detail to go into here). Static routes will defeat the purpose of the firewall: instead of static routes, you set up ipchains to do the routing. Some hints:

Here’s the script that I put in /etc/rc.d/init and trigger in the rc files (eth0 is external, eth1 is internal):
—–
#!/bin/sh
# flush (clear) the rules if the chain
# already exists
/sbin/ipchains -F
/sbin/ipchains -X

# create chain user_msq
/sbin/ipchains -N user_msq

# configure the chain
/sbin/ipchains -A user_msq -s 0/0 -d 0/0 -j MASQ

# forward packages to the chain user_msq
/sbin/ipchains -A forward -s 172.17.0.0/16 -d 0/0 -i eth0 -j user_msq

# load modules to handle special protocols
# /sbin/insmod ip_masq_ftp

# List the ipchains created and
# functioning…
/sbin/ipchains -L forward -n
/sbin/ipchains -L user_msq -n
—–
Good luck. I hope this helps.

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

First of all: NEVER give local pc based on w98/w95 real ip addresses – this is very big security hole. Better using proxy/masqaurading for access local users to
the internet and firewalling for secure you network.
proxy software:
squid http://squid.nlanr.net/Squid/
socks5 http://www.socks.nec.com/
masqaurading:
1) make gateway on all w98 machines = linux internal ethernet ip
2) you must recompile kernel if you kernel does not support firewalling(masqaurading) with enabling this options
3) in rc script type:
modprobe ip_masq_ftp
modprobe ip_masq_raudio
modprobe ip_masq_irc
modprobe ip_masq_cuseeme
modprobe ip_masq_vdolive
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s XX.XX.XX.XX/32 -d 0.0.0.0/0 -t 0x01 0x02
^^^^^^^^^^^
here you machine ip (this line repeat for all machines)
parameter t – minimu priority of packet
if you wand to maximum – remove this param

Networking with RH Linux 6.1

In reply to Networking with RH Linux 6.1

[Author]

Replies