Help with SuSe 9 and routing

thetick · 02-03-2004, 04:45 PM

I am a complete newbie to linux and SuSe.

I have successfully (sp) installed SuSe on a xp machine (grub2 dual boots fine)

The only problem I have 3 nic's and 2 of them connect to Playstation 2's I managed to get my main nic configured (dhcp)

But I have no clue on how to setup the remaining nic's to allow traffic.

Any pointers ???

Capt_Caveman · 02-04-2004, 04:02 PM

What are you trying to do? Do you just want to allow the 2 playstations to communicate or are you trying to allow them out onto the internet and/or allow incoming traffic from the 'net to the playstations? Eitherway you'll need to do some packet forwarding and possibly IP masquerading as well.

thetick · 02-08-2004, 01:45 PM

yup trying to allow the acsess to the internet.

I assumed that it would be a case of static ip for the ps2 nic's and then ip forwarding but alas no and thats where my know how ends.

Are there any idiots guides for this kinda thing ?

Capt_Caveman · 02-08-2004, 07:00 PM

From your first post, it looks like your firewall box gets a dynamic IP through dhcp. So what you want to setup is called IP Masquerading. It's actually really easy to setup. All you basically have to do is add a couple of iptables rules.

***for all of the above rules, replace <external_interface>, <internal_interface1> and <internal_interface2> with the name of the corresponding interface (like eth0, eth1, ppp0, etc)***

As root do:
iptables -t nat -A PREROUTING -o <external_interface> -j MASQUERADE

That takes care of the NAT (Network Address Translation), now you need to allow packet forwarding to pass packets from the LAN interface to the external interface for each of the 2 playstations.

iptables -A FORWARD -i <internal_interface1> -o <external_interface> -j ACCEPT
iptables -A FORWARD -i <internal_interface2> -o <external_interface> -j ACCEPT

Then allow only stuff you want to be forwaded into the LAN for each of the 2 playstations:

iptables -A FORWARD -i <external_interface> -o <internal_interface1> -m --state RELATED,ESTABLSHED -j ACCEPT
iptables -A FORWARD -i <external_interface> -o <internal_interface2> -m --state RELATED,ESTABLSHED -j ACCEPT

Finally do: echo "1" > /proc/sys/net/ipv4/ip_forward
and /usr/sbin/iptables-save

Now if you want people to be able to initiate connections into your LAN, then that's a little different. But the above rules will allow the playstatiions out on the 'net. If you have any questions about those rules or are confused about anything, just let me know. There are plenty of HOWTOs and guides to look at as well:

http://www.tldp.org/HOWTO/Masqueradi...WTO/index.html
http://www.netfilter.org/documentati.../NAT-HOWTO.txt
http://iptables-tutorial.frozentux.n...-tutorial.html

If that all sounds like too much, you can probably use YaST to do it as well. Start > Control Center> YaST Modules> Security and Users> Firewall. That will give you a graphical "wizard" that will walk you through setting up the firewall. The important thing is to select "Forward Traffic and Do Masquerading". That should work, but I'm not sure if it can handle 3 NICs.

Unbreakable_MJ · 12-12-2005, 03:47 AM

Quote:

Originally Posted by Capt_Caveman

iptables -A FORWARD -i <external_interface> -o <internal_interface1> -m --state RELATED,ESTABLSHED -j ACCEPT
iptables -A FORWARD -i <external_interface> -o <internal_interface2> -m --state RELATED,ESTABLSHED -j ACCEPT

The error message:

Code:

# iptables -A FORWARD -i ppp0 -o eth0 -m --state RELATED,ESTABLSHED -j ACCEPT
iptables v1.3.3: Couldn't load match `--state':/usr/lib/iptables/libipt_--state.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.