Hey ppl,
I am trying to make a linux router with NAT from Fedora core 5 system.
My dilemma is what gateway should I assign to the NIC card facing the internal machines.

I have router machine name A with two NIC cards eth0 and eth1 .
eth0 is connected to Internet using DHCP.
eth1 is connected to a windows machine and I am setting its IP address statically.
I can chose 192.x.x.x. kind of addresses. But what kind of gateway adderess I should provide ??/
eth1 shloud have gateway as IP of eth0 ..right ?? Just want to make sure..
If u guys may have done similar kind of work please list problem areas where i need to be carefull.
Regards,
techk

If eth1 of the NAT router is 192.168.0.1, then on other machines, you have to specify this IP as the gateway.

Hi Linux.tar.gz
What will be the gateway for eth1 . will it be eth0 ??

This is the way I do it.
eth0 ( outside wan ) setup as dhcp or static depending on providers requiremnets.
If static define IP, gateway, Subnet, and DNS IP.

For eth1
IP lets say 192.168.0.1
Subnet 255.255.255.0
Gateway Do not define a gateway for the eth1. Masquerading takes care of this for you.

Enable ip masquerading and off.

Easiest way to build one is goto this site and answer the questions it ask to generate one. http://easyfwgen.morizot.net/gen/


Brian1

Brian1 is right, you don't need to assign a gateway to you NAT box.
But if you have a static IP from your ISP, you don't need masquerade.

You will need this:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 92.125.235.122
(assuming, of course, that 92.125.235.122 is your public eth0 IP)

And maybe this too:
echo 1 > /proc/sys/net/ipv4/ip_forward

Don't forget to give the dns values to your other boxes.
Check /etc/resolv.conf for this.

Hey Brian1 and Linux.tar.gz,
thanks for getting my doubts clear . I am still working on setting up the whole thing.
I will let u guys know in case I need some sort of help and clarifications.
In between anybody used gateway to make failover for bunch of servers.It may look like gateway( eth0 ,eth1 and eth2) conencts to internet on eth0 and eth1 and eth2 are connect to secure part of network. As soon as server conencted to eth1 dies gateway sdirect all traffic to eth2 .
Do i need to change firewall rules at the runtime through a script.
Regards,
techk

Perhaps the issue is that you're thinking of a routing table as a per interface thing. It's not. Routing tables are per box. You only need to have an entry for that machine saying to route all (0.0.0.0 netmaks 0.0.0.0) through the IP your ISP gives you. DHCP will place that entry in the routing table for you, so the point is moot.

As long as your machines in your internal network have their gateway set to the LAN address of your router box, you're golden.

It should also be noted that RFC1918 states 192.168.x.x is available for private, not 192.x.x.x. You also have 10.x.x.x and 172.16.x.x-172.31.x.x too!

Michael Knisely

Hi Michael,
My question was can I use my gateway such that all forwarded traffic goes to machine connected to eth1 ( on gateway) and as soon as machine connected to eth1 ( on gateway) dies all the forwarded traffic goes to eth2 only.
Can u correct me how long this solution is valid. ( through a script)
firewall rule..
all forward traffic goes to eth1
test to see if machine on eth1 is alive
if not then change the rule to all forward traffic gose to eth2.

regards,
techk