nat, multiple NICs
I'm trying to set up NAT router on slackware 9.1 kernel 2.6.4, no X.
my setup is like this eth0--->cable internet eth1 ---> my computer connect to the router through this device, dhcpd send out an IP to whoever connects on this device (eth1="192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0") eth2 ---> my other computer connect to the router through this device, dhcpd send out an IP to whoever connects on this device (eth2="192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0") my dhcpd.conf file looks like this: Code:
ddns-updates on; I activate dhcpd: dhcpd eth1 eth2 both clients get an IP and my nat script looks like this: Code:
#!/bin/bash can anybody help? how can i get nat working for the client connected to eth2? |
in your dhcpd.conf file... why not have it assign the the eth's that are in your server IP's via their MAC address - below
host your.host.name { #eth1 hardware ethernet 00:50:BA:C6:3B:C4; fixed-address 192.168.1.1; #eth2 hardware ethernet 00:20:BA:C2:4A:F1; fixed-address 192.168.1.2; } make sure to change the range in the subnet 192.168.1.0 to read range 192.168.1.3 192.168.1.100; now for your iptables... EXTIF="eth1" INTIF="eth0" should be EXTIF="eth1 eth2" INTIF="eth0" |
i fixed my dhcpd.conf file
but the modification to the nat script didnt work, it returned a bunch of syntax errors |
have you ever thought of using arno's firewall script? it has iptables and NAT, port forwarding etc for everything... very easy to setup... and supports more than 2 NIC's...
http://rocky.molphys.leidenuniv.nl/ if you need help trying to setup that firewall up, drop me a line... |
It's still not working :-( i'm disappointed with linux...windows ICS is sooo much easier to set up, but i don't have the resources for that
|
Quote:
|
the_y_man, your iptables script only routes for eth1; you don't have any routing rules for eth2. I think that tuxguy's suggestion of assigning EXTIF="eth1 eth2" is giving you the syntax error.
Also, more importantly, you've reversed EXTIF and INTIF. eth0 is your interface to the external world, and eth1/eth2 face your internal LAN. Not that the variable names make much difference, but your script has the following errors: $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT -- if INTIF is eth0 and EXTIF is eth1, then you're basically accepting ALL traffic from the internet into your LAN. This kind of negates your firewall. It's probably why you can browse from the eth1-connected box even though the following rule is incorrect: $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE -- again, the masquerading rule should be applied on the external interface, namely eth0 in your case. However, since you assigned eth1 to EXTIF, the masquerading isn't functional. My slackbox is also routing for two computers, eth1 and eth2. This is what I have: Code:
IPTABLES='/usr/sbin/iptables' BTW, although Linux, and iptables in particular, requires more reading and research, I find that once learned, Linux is much simpler and more elegant than Windows. I started my home network with Windows98 Internet Connection Sharing. Since Windows ICS was very poorly documented, I did everything by trial-and-error. And I had to remove and reinstall and reboot ICS many times (and there is only one magic way to do it properly too). Then the ICS server crashed about once per week. I never figured out how to serve more than one workstation from ICS either; I suspect you have to purchase a multi-node licence for ICS. I switched my ICS server to Linux (Red Hat at first) with the goal of using it to do the internet firewall/gateway thing. Yes, iptables was very difficult at first, and I scoured google for all tutorials and references. I found some sample iptables scripts here on linuxquestions.org to get me started. Now, I can't think of doing it any other way. Also, there are alternatives to editing the iptables script directly. You could try using guarddog, which is a utility for iptables configuration. |
Quote:
Quote:
Quote:
your iptables rules read differently.. Try Code:
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT If eth1 is 192.168.1.x then eth2 needs to be different, eg 192.168.2.x |
All times are GMT -5. The time now is 03:26 AM. |