LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-22-2017, 01:59 PM   #1
DevCom
LQ Newbie
 
Registered: Aug 2017
Posts: 3

Rep: Reputation: Disabled
Question Debian as a Gateway


Hi Guys,

I have a server with 2 NICs and a routed /24 IPv4 Subnet.
Now I want to use it as a gateway for other servers. But.. I have no clue how.
All I can find on the internet is related to NAT solutions. But I want to use the IPs from my subnet without any NAT.

Like:
WWW -> SRV01 (eth0, 185.10.55.142) -> SRV01 (eth1, 210.10.0.1) -> SRV02 (210.10.0.2)


Anyone have an Idea how I can do that?
 
Old 08-22-2017, 02:38 PM   #2
gradinaruvasile
Member
 
Registered: Apr 2010
Location: Cluj, Romania
Distribution: Debian Testing
Posts: 731

Rep: Reputation: 158Reputation: 158
To use it as gateway towards the internet you NEED NAT.

Basically 2 steps involved:

1. Set up forwarding on the gateway:
Code:
sudo sysctl -w net.ipv4.ip_forward=1
2. Set up NAT with masquerade:

Code:
iptables -A POSTROUTING -o eth0 -j MASQUERADE
And make these permanent.
 
Old 08-22-2017, 03:15 PM   #3
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian Stable
Posts: 2,546
Blog Entries: 8

Rep: Reputation: 465Reputation: 465Reputation: 465Reputation: 465Reputation: 465
Quote:
Originally Posted by DevCom View Post
Hi Guys,

I have a server with 2 NICs and a routed /24 IPv4 Subnet.
Now I want to use it as a gateway for other servers. But.. I have no clue how.
All I can find on the internet is related to NAT solutions. But I want to use the IPs from my subnet without any NAT.

Like:
WWW -> SRV01 (eth0, 185.10.55.142) -> SRV01 (eth1, 210.10.0.1) -> SRV02 (210.10.0.2)


Anyone have an Idea how I can do that?
It is unclear what you're trying to do and what that diagram is supposed to mean. In what directions do you want there to be some sort of connectivity? What sort of IP addresses are you expecting to be usable in those directions?

Generally, it will be impossible for anyone on the internet to see any IP address other than 185.10.55.142. As such, if you want SRV02 to be accessible from the internet, it will have to be via 185.10.55.142 with some sort of specific ports being forwarded to SRV02.

OTOH, if you don't want SRV02 to be accessible from the internet, then that's fine and good. In other words, SRV02 can access the internet, but no one on the internet can access SRV02 (except indirectly, by remoting into SRV01 or a reverse ssh tunnel or something).

But in any case, if you want SRV02 to access the internet, you need NAT. If you don't want NAT, then ... uh ... SRV01 isn't really a "gateway".

I have a simplistic description of how to set this up in Step 9 of this how-to (however, note that this is a very simple example with no firewall filter):

http://www.linuxquestions.org/questi...itblog&b=37169

STEP 9) SET UP INTERNET GATEWAY

Hopefully, you now have a diskless client that successfully boots off of the server laptop. But the client does not have internet access yet. If the client is a laptop, you can do a quick fix by turning on WiFi on the client laptop and it should only try to communicate with the nfs server for the nfs share. But if the client is a desktop with only one network interface, or you want to keep things tightened up, you'll want to set up the server laptop as a router.

First edit /etc/sysctl.conf to allow IPv4 packet forwarding:
Code:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
and run "sysctl -p" to get this change to take.

Set up iptables with something like:
Code:
iptables -F
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -A FORWARD -i eth0 -s 192.168.111.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

apt-get install iptables-persistent
netfilter-persistent save
Note that iptables-persistent is a package to persist the save the current iptables settings to be replicated upon boot. The command "netfilter-persistent save" saves the current iptables and ip6tables state.
 
Old 08-22-2017, 03:42 PM   #4
DevCom
LQ Newbie
 
Registered: Aug 2017
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by gradinaruvasile View Post
To use it as gateway towards the internet you NEED NAT.
Quote:
Originally Posted by IsaacKuo View Post
If you don't want NAT, then ... uh ... SRV01 isn't really a "gateway".
I know how the usual NAT solutions work.
But, my problem is that all your examples work with private/internal IPs.
I have a public /24 subnet that I want to use.

So, in my example, I give SRV02 the IP 210.10.0.2.
I want to access SRV02 from the internet at the IP 210.10.0.2 also I want to use this IP for outgoing connections.
 
Old 08-22-2017, 06:07 PM   #5
DevCom
LQ Newbie
 
Registered: Aug 2017
Posts: 3

Original Poster
Rep: Reputation: Disabled
I've found the solution.

Simply enter the IP of (SRV01) eth1 as a gateway and enable net.ipv4.ip_forward=1.
No iptables, no NAT.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Gateway hgnoel1980 Linux - Networking 2 03-03-2008 09:36 PM
Debian Gateway Help blake11 Linux - Networking 5 10-24-2007 08:23 PM
ME gateway debian nickmon Linux - Newbie 8 10-21-2006 02:57 PM
Debian Internet Gateway help acidbreez Debian 1 08-10-2003 07:59 PM
Debian Internet Gateway help acidbreez Linux - Networking 0 08-10-2003 07:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration