LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Setting up gateway to share internet for private LAN (http://www.linuxquestions.org/questions/linux-networking-3/setting-up-gateway-to-share-internet-for-private-lan-364097/)

muru 09-16-2005 10:39 PM

Setting up gateway to share internet for private LAN
 
Hi those out there

I want to setup my FC3 linux BOX as a gateway to share the internet for my private LAN behind my linux BOX.

In front of my BOX there is a GW / Proxy with 192.168.1.1 and my BOX can access the internet.

My BOX has 2 eth's. The outside is eth1 with 192.168.1.100 and the inside is eth0 with 192.168.1.101. Is the setting of IP of eth0 OK? or should I change it to 192.168.0.something to show that it is on a different network?

I have enabled IP forwarding and restarted the BOX.

If the IP address setting is OK How can I share the Internet to my private LAN without MASQUERADING? What I mean is if all the machines are on the same network i.e. 192.168.1.0 wouldn't it be possible to forward the private LAN traffic thru the FC3 Box to the outside GW (192.168.1.1) without MASQUERADING?

If that is not the case what should I do?

I have tested for both of the scenarios:
1. same network for outside as well as private LAn
2. different network

In either case I can ping only upto the eth1 on the Linux BOX from the private LAN. It does not go past it???

Please help me on this

Gee, thanx in advance

TigerOC 09-17-2005 02:19 AM

You will need to do masquerading to achieve this.
You also cannot have eth0 and eth1 on the same subnet to do this. eth0 must be put on to a different subnet like 192.168.0.X. The gateway for the box will be 192.168.1.1 and for boxes behind this, the gateway will be the ip address of the ethernet card they are attached to (eth0).

muru 09-17-2005 03:59 AM

Setting up gateway to share internet for private LAN
 
To TigerOC

Gee, Thanx a lot for the clarification. I made all the changes and now I can access the Internet from my private LAN. So, it does not work without masquerading.. uhm.

fotoguy 09-17-2005 06:51 AM

You can set it up without maquerading, but you still have to have different network id's, it's called end-to-end routing, not sure how you would do it with fc3 i have done it with slackware. The only problem with this is you have to add routes manually to your routing table to get it route data packets back through, can be a headache masqueradings is definetly the way to go

Snowbat 09-17-2005 11:05 AM

To do this without masquerading, your router needs to know about the new subnet. Log in to the router and check the LAN settings for the option to add a route. Once the new subnet has been added, and with ip forwarding enabled in FC3, you can drop masquerading and your FC3 clients can use the FC3 box as their default gateway.

Many routers have a caching nameserver onboard. Use dig to find out. If you get an answer from your router's ip address, you can point your clients at that for DNS:
dig @192.168.1.1 linuxquestions.org

TigerOC 09-17-2005 03:00 PM

Quote:

Originally posted by Snowbat
Many routers have a caching nameserver onboard. Use dig to find out. If you get an answer from your router's ip address, you can point your clients at that for DNS:
dig @192.168.1.1 linuxquestions.org

I was unaware of this and tried it on mine and sure enough it came up with a list. Could you expand on the above a bit more (pointing to the router for DNS). Thanks.

Snowbat 09-17-2005 08:08 PM

It just means your PC can query the router for name resolution instead of your ISP nameserver(s). All the PCs on my network have 192.168.1.1 set in /etc/resolv.conf. It saves me having to keep a note of the nameserver details of my ISP. Another advantage is that every time the router renews its PPP connection to the ISP, the ISP will inform the router of the current recommended nameservers and the router will configure itself accordingly - I won't be caught out when they take a nameserver down for maintenance or move their nameservers to new IP addresses as I would be if I had hardcoded their nameservers in /etc/resolv.conf (so long as they keep the pointers up to date but they usually do to avoid "my internet is broken" calls from Windows users).

This is particularly relevant on this thread because the clients on the subnet won't be able to use automatic configuration via the router's DHCP server (unless you set up another DHCP server on the gateway machine) so you need to manually configure IP address, gateway pointer, and nameserver pointer on each client.


All times are GMT -5. The time now is 10:57 PM.