Internal Network Server unable to access public Internet
Hi,
I have set up a network where a single CentOS server acts as a firewall/gateway to a number of internal servers. The firewall is able to access and ping the internet, however, none of the internal servers can. I am trying to isolate the issue by focusing on a single server. The relevant details are: FIREWALL Computer: Code:
# ifconfig INTERNAL Server: Code:
# ifconfig This is driving me crazy and I've spent far too much time using Google trying to track the issue down. Any insight is appreciated. Thanks, John |
xxx.xxx.xxx.53 is probably your isp's gateway. Can you also run 'route -n' on your internal server?
|
I'm pretty sure you've already done this and forgive me if this is totally obvious :) but have you checked that the gateway value on the internal machines is correctly set? As far as I can see, you didn't provide that information in your post.
|
Quote:
Thanks for the response. Here is the route -n on the internal machine: Code:
# route -n John |
Quote:
Do you mean the network settings on the internal server? If so, here is the configuration from eth0: Code:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0 John |
Can you post the contents of the file /etc/sysconfig/iptables.save after running 'service iptables save'. I suspect there is something wrong with your forwarding in iptables. The routing table on your internal server looks okay.
|
Quote:
Code:
# cat /etc/sysconfig/iptables Code:
cat /etc/sysconfig/iptables |
There is no NAT present.
In my iptables config I have something like this at the bottom: Code:
... |
If you can ping 74.125.45.103 (google.com) successfully then it is just of matter of updating your servers /etc/resolv.conf file with your ISP DNS IPs. You also need to configure ip forwarding and add the iptables rules for NAT as already posted.
|
Quote:
Code:
# ping 74.125.45.103 John |
Did you enable IP forwarding?
To enable IP forwarding edit your /etc/sysctl.conf and change the following line from a 0 to a 1. This will not become effective until you reboot. net.ipv4.ip_forward = 0 To enable it on the fly echo 1 > /proc/sys/net/ipv4/ip_forward |
Quote:
I have this as part of my iptables config: Code:
# masquerade from internal network Thanks, John |
Quote:
Unfortunately, we are moving beyond my realm of expertise now into manual Iptable firewalls (I use a configuration tool for this). But it seems to me that there are only two possibilities. 1) That the firewall is blocking traffic to/from the internal server or 2) That the traffic isn't being routed at all for some reason. Can I assume that the internal server can actually connect to the firewall? Just to rule out a bizarre network problem :) Thanks |
Quote:
|
Blue Ice,
Here is the output from executing iptables save, specifically the filters section, from the Gateway/external server: Code:
*filter Thanks, John |
You still have not confirmed that you have configured IP forwarding on your gateway/server.
I see the forward rules but nothing for MASQUERADE Here is the very basic. http://www.revsys.com/writings/quicktips/nat.html |
Quote:
Execute the following commands on your external server: Code:
# iptables --table nat --append POSTROUTING -o eth1 -j MASQUERADE One advise though, until you have forwarding working, you should keep the iptables config really simple. That way it is easier to solve problems. By creating a complex iptables configuration, you may run into other problems that might cause you to believe that forwarding is not working. |
All times are GMT -5. The time now is 09:46 AM. |