IP Forwarding not working in CentOS 5
I have been trying (and failing) to get a simple IP forward setup in my home network. Here is the network layout:
+----------------+ | Netgear Router | | External IP: | 78.xx.xx.xx | | Internal IP: | 192.168.0.1 +----------------+ | v +----------------+ | CentOS Server | (DHCP, DNS) | | eth0 (RED) | 192.168.0.20 | eth1 (GREEN) | 192.168.1.1 +----------------+ | v LAN PCs - 192.168.1.2-192.168.1.10 The router is a standard ADSL modem with DHCP and Wireless, however everything apart from ADSL will be disabled so that the server can take it over, the main reason is so that I can have the option of doing more complex firewall configuration than the router. I also want to be able to do transparent proxying. To try and config it I have: Enabled IP Forwarding /etc/sysconfig/network Code:
FORWARD_IPV4=YES cat /proc/sys/net/ipv4/ip_forward reports 1 eth0 Code:
GATEWAY=192.168.0.1 Code:
GATEWAY=192.168.0.1 Code:
Destination Gateway Genmask Flags Metric Ref Use Iface I have tried no firewall and configuring the firewall using FireHOL, both have no affect. I don't think I need to iptables to get things working as all I am trying to get is packets to hop from one interface to another, the router is handling the NAT, surely I don't need to NAT twice do I? Any suggestions on bad assumptions or poor config is appreciated. Many thanks in advance, Tom |
Don't set a gateway in the ifcfg-eth1 file. Ip_fowarding handles the routing for you. Also to make sure all lan machines 192.168.1.2-10 set the gateway on them to 192.168.1.1
Brian |
Brian, thanks for the quick reply, unfortunately, no change.
This is the output of ipconfig /all from a Windows machine sitting on the DHCP served LAN: Code:
Connection-specific DNS Suffix . : |
You need NAT on your centos box because your netgear router does not have a route back to the 192.168.1.0/24 range.
|
To setup masquerading I tried:
Code:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE I tried doing a ping while logged into the server to the other machines on the 192.168.0.1/24 network and I am still getting the same error. I can ping 192.168.1.1, however, I don't know whether this is working because the config is correct or becuase it is being pumped through localhost without saying so. Code:
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. |
I forgot to add, in the final setup I don't need any kind of access for machines connected to the 192.168.0.1/24 network apart from the server, in essence, I am cascading the two routers, with the netgear being my wan termination point and my linux box doing the more complex firewall rules, serving the private network.
|
From what i can see the linux machine which is directly connected to the netgear cannot even ping it, is your cable working ?
|
I gave the server a reboot and I can now ping everything on the 192.168.0.1 network, I will attempt to hook up something onto the 1.1 network tonight and see whether things have improved :-). Many thanks datapdog and Brian so far, hopefully I can put this sorry saga to bed...
|
Many thanks for your help, I think adding the extra route fixed the problem.
Cheers, Tom |
What extra route did you add? Just curious, I've been following the thread.
|
All times are GMT -5. The time now is 11:48 PM. |