I have a linux machin that is a multihomed ROUTER, GATEWAY, Firewall and proxy server. This machine has three NIC Card used to connect three diffrent network.

Internet is connected to eth0 and other two NIC i.e. eth1 and eth2 are conncected to two different n/w. Now When i used this machin simply as a router how should i confiugre and when i use it both firewall as router how should i configure it.


What i have done is i have given the gateway for the internet as the eth0 and to conncet the eth1 n/w with the internet i have given the eth0 as the gateway and similarly with other nic i.e. the eth2.

This would not work i suppose coz the ip has to be massquered . and massquered is done through ip tables.

If i used this machine as the firewall com gateway then i have to forward throug the command iptables so that they can tranfer files between.

What i am asking is do i have to configure the route when i use the machine as the gateway firewall ?

Not sure what the question is here. What does the output of your
command look like (NOTE: You may want to change the first three number triads in the IP/net addresses to XXX.XXX.XXX, YYY.YYY.YYY, etc, so that you don't post your whole network information)?

I'm not sure what you are trying to do, but I have a few machines with multiple NICs at several locations, some of the servers have one NIC directly connected to the internet, and one or more connected to either other servers or a local LAN. is that what you are trying to do?

For example, when I type "route -n" on one of my servers with a NIC connected to the Internet and one to the Intranet, I get:

So all traffic directed to the YYY.YYY.YYY and ZZZ.ZZZ networks, goes out to eth1 that is connected to an Intranet and behind one of the firewalls, while everything else if pumped out to the Internet through eht0,

Good luck!

-Gabriele @ http://www.fariel.com

Destination Gateway Genmask Flasgs MSS Windows irtt Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
192.168.0.0 192.168.0.150 255.255.255.0 UG 0 0 0 eth0


See the lets say that my network eth0 i.e connecte to DMZ zone to internet
172.16.0.0 is eth1 and is a one network
and 10.0.0.0 is eth2 connected to other network

in this case what i want is to to connect 172.16.0.0 network to 10.0.0.0 and vice versa and both of this network to be connecte to the internet or 192.168.0.0. network

now should i changes the setting in the routing table or I can mangage this thing from the firewall
if i have to use the firewall how should i configure the firewall so that all the request from one n/w will be forwarded and filterd accourdingly.

thanking

Hi,

this one is queer :
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1

it should mean that eth1 is configured with 2 IPs, one in the 169.254, the other en the 10.0.0.0
the 169.254.0.0 * 255.255.255.0 U 0 0 0 eth1 should certainly be deleted.

I suppose that the following line is supposed to be your default route !?
192.168.0.0 192.168.0.150 255.255.255.0 UG 0 0 0 eth0

It should be :
0.0.0.0 192.168.0.150 0.0.0.0 UG 0 0 0 eth0
if 192.168.0.150 really is your default gateway (router/modem connecting you to internet).

Ok, that was for routing.... let's talk about packet forwarding.

So that packets are forwarded from a NIC to another you need to
echo 1 > /proc/sys/net/ipv4/ip_forward
This must be done after every reboot (a script in /etc/init.d)

Default behaviour of iptables is to accept everything. So, if I were you, I'd just let iptables appart for the moment. Just correct your routing problems, check that the different LANs are well interconnected.

When this will be done, you can use iptables to add security, and network address translation. But this doesn't seem to be _needed_ in your case, since if 192.168.0.0 really is the network config you use, then you must have a router that is allready performing NAT to connect you to internet (192.168.0.0 cannot be routed on Internet, so, no matter how, you're allready nated).

mr fr_laz thanx for the reply.
ya u r right that my eth1 is havin two IP. my FC2 is unaable to deal with the davcom ethernet and it sucks. its says that
eth1: Tx timeout - reseting. I know theres some prob in my ethernet.


okey next i got a new ehternet, i just replaced the davcom ethernet. and i have already done the forwarding part in sysctrl.conf.

so dude if theres any way that i can communicate with the between three n/w in iptables.

Re,

If you've fixed the routing table problems, and enabled ip forwarding, it should work !
Perhaps you're firewalled ? Try a "iptables -vL", "iptables -t nat -vL" and post the output....

one more question : did you give your real ip config, or did you changed them ?
If you're really using 192.168.0.0, then you must have a router somewhere, no ?

192.168.0.0 is my eth0 n/w connected to the router with the public IP
172.16.0.0 is my eth1 n/w connected to LAN
10.0.0.0 is my eth2 n/w connected to next LAN

now see what i want is both the LAN eth1, eth2 should be able to browse internet that is available throught the eth0 192.168.0.0 n/w

both the LAN should communicate with each other with certain previlage



eth1 eth2
-----------
| |
| |
------------------ -----------------------------
| |
| |
-----------
| Linux machine (firewall IPTABLES)
|
| eth0
|
-----------
| |
| |
-----------
| Router with publick ip and NATED
|
|

INTERNET


Linux router cum firewall(iptables)

i designed my n/w above but the character space is removed i suppose