Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a linux machin that is a multihomed ROUTER, GATEWAY, Firewall and proxy server. This machine has three NIC Card used to connect three diffrent network.
Internet is connected to eth0 and other two NIC i.e. eth1 and eth2 are conncected to two different n/w. Now When i used this machin simply as a router how should i confiugre and when i use it both firewall as router how should i configure it.
What i have done is i have given the gateway for the internet as the eth0 and to conncet the eth1 n/w with the internet i have given the eth0 as the gateway and similarly with other nic i.e. the eth2.
This would not work i suppose coz the ip has to be massquered . and massquered is done through ip tables.
If i used this machine as the firewall com gateway then i have to forward throug the command iptables so that they can tranfer files between.
What i am asking is do i have to configure the route when i use the machine as the gateway firewall ?
Not sure what the question is here. What does the output of your
Code:
route -n
command look like (NOTE: You may want to change the first three number triads in the IP/net addresses to XXX.XXX.XXX, YYY.YYY.YYY, etc, so that you don't post your whole network information)?
I'm not sure what you are trying to do, but I have a few machines with multiple NICs at several locations, some of the servers have one NIC directly connected to the internet, and one or more connected to either other servers or a local LAN. is that what you are trying to do?
For example, when I type "route -n" on one of my servers with a NIC connected to the Internet and one to the Intranet, I get:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
XXX.XXX.XXX.19 0.0.0.0 255.255.255.248 U 0 0 0 eth0
YYY.YYY.YYY..0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
ZZZ.ZZZ.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 XXX.XXX.XXX.12 0.0.0.0 UG 0 0 0 eth0
So all traffic directed to the YYY.YYY.YYY and ZZZ.ZZZ networks, goes out to eth1 that is connected to an Intranet and behind one of the firewalls, while everything else if pumped out to the Internet through eht0,
Destination Gateway Genmask Flasgs MSS Windows irtt Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
192.168.0.0 192.168.0.150 255.255.255.0 UG 0 0 0 eth0
See the lets say that my network eth0 i.e connecte to DMZ zone to internet
172.16.0.0 is eth1 and is a one network
and 10.0.0.0 is eth2 connected to other network
in this case what i want is to to connect 172.16.0.0 network to 10.0.0.0 and vice versa and both of this network to be connecte to the internet or 192.168.0.0. network
now should i changes the setting in the routing table or I can mangage this thing from the firewall
if i have to use the firewall how should i configure the firewall so that all the request from one n/w will be forwarded and filterd accourdingly.
this one is queer :
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
it should mean that eth1 is configured with 2 IPs, one in the 169.254, the other en the 10.0.0.0
the 169.254.0.0 * 255.255.255.0 U 0 0 0 eth1 should certainly be deleted.
I suppose that the following line is supposed to be your default route !?
192.168.0.0 192.168.0.150 255.255.255.0 UG 0 0 0 eth0
It should be :
0.0.0.0 192.168.0.150 0.0.0.0 UG 0 0 0 eth0
if 192.168.0.150 really is your default gateway (router/modem connecting you to internet).
Ok, that was for routing.... let's talk about packet forwarding.
So that packets are forwarded from a NIC to another you need to
echo 1 > /proc/sys/net/ipv4/ip_forward
This must be done after every reboot (a script in /etc/init.d)
Default behaviour of iptables is to accept everything. So, if I were you, I'd just let iptables appart for the moment. Just correct your routing problems, check that the different LANs are well interconnected.
When this will be done, you can use iptables to add security, and network address translation. But this doesn't seem to be _needed_ in your case, since if 192.168.0.0 really is the network config you use, then you must have a router that is allready performing NAT to connect you to internet (192.168.0.0 cannot be routed on Internet, so, no matter how, you're allready nated).
mr fr_laz thanx for the reply.
ya u r right that my eth1 is havin two IP. my FC2 is unaable to deal with the davcom ethernet and it sucks. its says that
eth1: Tx timeout - reseting. I know theres some prob in my ethernet.
okey next i got a new ehternet, i just replaced the davcom ethernet. and i have already done the forwarding part in sysctrl.conf.
so dude if theres any way that i can communicate with the between three n/w in iptables.
If you've fixed the routing table problems, and enabled ip forwarding, it should work !
Perhaps you're firewalled ? Try a "iptables -vL", "iptables -t nat -vL" and post the output....
one more question : did you give your real ip config, or did you changed them ?
If you're really using 192.168.0.0, then you must have a router somewhere, no ?
192.168.0.0 is my eth0 n/w connected to the router with the public IP
172.16.0.0 is my eth1 n/w connected to LAN
10.0.0.0 is my eth2 n/w connected to next LAN
now see what i want is both the LAN eth1, eth2 should be able to browse internet that is available throught the eth0 192.168.0.0 n/w
both the LAN should communicate with each other with certain previlage
eth1 eth2
-----------
| |
| |
------------------ -----------------------------
| |
| |
-----------
| Linux machine (firewall IPTABLES)
|
| eth0
|
-----------
| |
| |
-----------
| Router with publick ip and NATED
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.