LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Gateway problems on Fedora C6 (https://www.linuxquestions.org/questions/linux-networking-3/gateway-problems-on-fedora-c6-533657/)

poorboyiii 03-01-2007 02:03 PM
Gateway problems on Fedora C6
 
I am attempting to set up a small network.
I am going to use a server running Fedora C6 as the gateway to the network.

On the gateway (Fedora system)
eth0 is connected to the internet and has an IP 24.15.150.243
eth1 is connected to the internal network and has an IP of 10.10.10.1

The gateway is providing DHCP to the internal network and will provide an IP of 10.10.10.100 to the one system now on the network.

The gateway (Fedora system) can ping both the internet and the internal network with no problems. However, the internal network system can only ping 10.10.10.1 and 24.15.150.243 (the gateway) no other systems.

What I seem to be missing is a connection between the two ethernet cards so that when something comes in on 10.10.10.1 it can pass out to the internet through 24.15.150.243.

Any help you could provide would be greatly appreciated.

Sam Watson

MS3FGX 03-01-2007 02:56 PM
You would need to add something like this to your boot scripts:

Code:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
This will setup NAT and IP forwarding so that all traffic coming from eth1 will be forwarded along to the Internet

poorboyiii 03-02-2007 03:36 PM
Closer but still can't get out
 
Previously I had entered
Iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
and
echo "1" >/proc/sys/net/ipv4/ip_forward

So I checked /proc/sys/net/ipv4/ip_forward and it did have a 1 in it.
I restored my iptables with iptables-restore to the original and I entered your commands since they were slightly different.

I am still not getting out to the internet from the networked system.
Here is a copy of my iptable if it will help:
(I changed the spacing so it would fit better)

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state ELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Thanks Sam


All times are GMT -5. The time now is 05:19 PM.