Help on setup of fedora 20 as a router from nic setup to firewalld setup

Brian1 · 06-15-2014, 12:38 PM

Just got back into Linux over the last few weeks. Last linux used was fedora 12. There has been many changes since then that im still trying to figure out. I use to use fedora as a router years ago with iptables but with the new Firewalld I should be using it but lacking on finding good detail for a masquerading router setup from the begining.

First one nic is external and is on the Public Zone. It is dynamic.
Second nic is Internal Zone and static. Only IP of 192.168.1.1 and subnet 255.255.255.0 is set. no gateway defined on this nic. That is what I remember from the past but may be different these days.

I set internal network to masquerade and done it both as in the gui and command line. Setup a machine with a static ip and gateway to the router internal IP. I can ping the router internal network card but not able to get out on the internet from the internal machine. Im just don't know what I am missing here.

Just looking for a good detail of the entire setup from nic setup to firewalld setup would be great. After I conquer this then it be DHCPD on the internal nic to figure out. Seeing config files for nic setup /etc/sysconfig/networking-scripts and other config files under /etc should help a lot if anyone has that info. Also what commands to type to see if things are configured correctly like netstat -rn shows certain info.

Thank you for your time and help.
Brian

GunFighT · 06-16-2014, 04:56 AM

Hello Brian,
Here are some tips:
1. check the sysctl.conf, for the line:

Code:

net.ipv4.ip_forward = 0

and in stead of 0 , place 1, like so:

Code:

net.ipv4.ip_forward = 1

save, and run the command:

Code:

sysctl -p /etc/sysctl.conf

2. I`ll give you a example of a linux router sould look.
eth0 = internet (WAN)
eth1 = Local Area Network (LAN)

Code:

iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -X
iptables -t mangle -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT -m comment --comment "Accept all LOOPBACK lo traffic"
iptables -A FORWARD -i eth1 -o eth0 -s 192.168.1.1/24 -j ACCEPT -m comment --comment  "Local Network"
iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE -m comment --comment "MASQUERADE eth0"

Hope it helps.

Brian1 · 06-28-2014, 01:35 PM

Thank you. I just added the sysctl.conf line like you mentioned. Ran the command. Then just stopped the firewalld and runned my old firewall iptables script for now.

Brian

John VV · 06-28-2014, 03:42 PM

i would not use fedora for a router
fedora 20 will go end of life in about 7 to 8 months
and at that time you will need to install fedora 22

and in 22 fedora is replacing YUM

you might be better off using CentOS 6.5
it has 4 years of support left
or cent7 when it comes out in a month .CentOS 7 will have 7 years of support

Brian1 · 07-02-2014, 08:53 PM

Thank you for the suggestion for centos. I could easily do an install of it maybe this weekend. Current Fedora I Got it cut pretty much to nothing. Very basic install with lots of apps removed after an install. Services not needed turned off. Runs mostly in headless with logs and other info sent to an email. Build the occasional custom kernel with only what is needed. Would do the same for CentOS 7 when it comes along. Running a machine just as a router and a few server apps may be over kill but I do like to experiment.

Thank you for your help and time. Always like to know what else may be out there.
Brian