Dual Network Card in RH7.3

dkny01 · 09-23-2003, 04:53 AM

What i have now:

I have 1 server with 2 network cards:

NIC1
- Static IP (219.93.225.x)
- connects to a switch that gives me DSL connection

NIC2
- Internal IP (192.168.100.x)
- connects to a switch to my LAN

What i'm trying to achieve:

1. Let my LAN users access the server internally
2. Use the server to host my website

I would like to map watever request from NIC2 to NIC1 so that watever request is processed transparently to the users.
Since this is gona expose my LAN, i figured that i should have a firewall for security.
Is there any software on RH7.3 that allows me to do this? If yes, how?
Thanks in advance

david_ross · 09-23-2003, 09:59 AM

Welcome to LQ.

You can do all of what you want with iptables. There is a good tutorial here:
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

As well as lots more info on this site - just post if you have problems.

dkny01 · 09-26-2003, 05:39 AM

Hi,

Thanks for the reply.
I've read the link that you've sent me and tried it.

I'm looking at the section Example 2: Linux connected via DSL, Cable, T1

I get an error at the final "route" command:

[root@demo empDomain]# ipchains -F forward
[root@demo empDomain]# ipchains -P forward DENY
[root@demo empDomain]# ipchains -A forward -s 192.168.100.0/24 -j MASQ
Warning: you must enable IP forwarding for packets to be forwarded at all:
Use `echo 1 > /proc/sys/net/ipv4/ip_forward'
[root@demo empDomain]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@demo empDomain]# route add -net 192.168.100.0 netmask 255.255.255.0 gw 219.93.225.xx dev eth1
SIOCADDRT: Network is unreachable

If it makes any difference here are my NIC's information:

eth0:
IP: 219.93.225.x
Subnet: 255.255.255.248
Gateway: 219.93.225.xx

eth1:
IP: 192.168.100.28
Subnet: 255.255.255.0

Mack_T · 09-26-2003, 08:46 AM

I think if you search the web, there is a HOWTO on masquerading. That is what you are looking for- a firewall that masquerades. I found one that has some configurable options in it, but there is no gui interface. Just a text file. I am also running 7.3, and my server hosts a website, as well as ssh logins from the internet. The internal network has free-flow.

Scott

PS I found that when using such a firewall, you do NOT start ipchains in the normal startup process.

david_ross · 09-26-2003, 12:34 PM

You may need to chek your routing table does not have these entries already and that it accomodates the networks involved:
route -n

dkny01 · 09-29-2003, 03:11 AM

Route table....doesn't seem to be any problems or maybe i just dont know what i'm doing

any ideas...anybody??

[root@demo bin]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
219.93.225.xxx 0.0.0.0 255.255.255.xxx U 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 219.93.225.xx3 0.0.0.0 UG 0 0 0 eth0

Robert0380 · 09-29-2003, 01:23 PM

man, you really should be using iptables and not ipchains

also for that forwarding problem:

in redhat edit the following file:

/etc/sysctl.conf

there is a line (probably the 1st line) that say:

net.ipv4.ip_forward=0

change it to

net.ipv4.ip_forward=1 to turn on ipforwarding

also, you'll need to run the following command (just this once so taht you dont have to boot to get forwarding to work)

#echo 1 > /proc/sys/net/ipv4/ip_forward

dkny01 · 10-01-2003, 04:23 AM

I've tried chaging from ipchains to iptables following the steps listed on this website:

http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

I'm still stuck at the route command:

[root@demo empDomain]# route add -net 192.168.100.0 netmask 255.255.255.0 gw 219.93.225.xx dev eth1
SIOCADDRT: Network is unreachable

Now my external IP isn't working anymore. Cant connect to it at all.
I'm lost...

david_ross · 10-01-2003, 12:16 PM

That shoudln't affect your network if the add failed. Can you post:
route -n

dkny01 · 10-01-2003, 09:45 PM

Here goes....
I think i probably screwed something up somewhere....

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
219.93.225.0 219.93.225.xx3 255.255.255.0 UG 0 0 0 eth0
219.93.225.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 219.93.225.xx3 0.0.0.0 UG 0 0 0 eth0

dkny01 · 10-02-2003, 10:37 AM

i've managed to reconfigure my route to the original one (refer post #6 for my earlier route -n)....
but my external IP is still not working
i think i must've screwed up something in the midst of configuring iptables
any ideas? or where should i look to rectify this?

david_ross · 10-02-2003, 12:44 PM

You say your external IP isn;t working - does it work from the linux box itself or is it just a problem for the clients?

dkny01 · 10-02-2003, 09:23 PM

yes...it does work from the box itself as there's a reply when i try to ping it
like you said...its just a problem with the clients

david_ross · 10-04-2003, 01:44 PM

Then the forwarding doesn't seem to be working. Can you post:
iptables -L

dkny01 · 10-05-2003, 10:07 PM

$iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `INPUT_DROP: '

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `OUTPUT_DROP: '