Dual Network Card in RH7.3
What i have now:
I have 1 server with 2 network cards: NIC1 - Static IP (219.93.225.x) - connects to a switch that gives me DSL connection NIC2 - Internal IP (192.168.100.x) - connects to a switch to my LAN What i'm trying to achieve: 1. Let my LAN users access the server internally 2. Use the server to host my website I would like to map watever request from NIC2 to NIC1 so that watever request is processed transparently to the users. Since this is gona expose my LAN, i figured that i should have a firewall for security. Is there any software on RH7.3 that allows me to do this? If yes, how? Thanks in advance |
Welcome to LQ.
You can do all of what you want with iptables. There is a good tutorial here: http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html As well as lots more info on this site - just post if you have problems. |
Hi,
Thanks for the reply. I've read the link that you've sent me and tried it. I'm looking at the section Example 2: Linux connected via DSL, Cable, T1 I get an error at the final "route" command: [root@demo empDomain]# ipchains -F forward [root@demo empDomain]# ipchains -P forward DENY [root@demo empDomain]# ipchains -A forward -s 192.168.100.0/24 -j MASQ Warning: you must enable IP forwarding for packets to be forwarded at all: Use `echo 1 > /proc/sys/net/ipv4/ip_forward' [root@demo empDomain]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@demo empDomain]# route add -net 192.168.100.0 netmask 255.255.255.0 gw 219.93.225.xx dev eth1 SIOCADDRT: Network is unreachable If it makes any difference here are my NIC's information: eth0: IP: 219.93.225.x Subnet: 255.255.255.248 Gateway: 219.93.225.xx eth1: IP: 192.168.100.28 Subnet: 255.255.255.0 |
I think if you search the web, there is a HOWTO on masquerading. That is what you are looking for- a firewall that masquerades. I found one that has some configurable options in it, but there is no gui interface. Just a text file. I am also running 7.3, and my server hosts a website, as well as ssh logins from the internet. The internal network has free-flow.
Scott PS I found that when using such a firewall, you do NOT start ipchains in the normal startup process. |
You may need to chek your routing table does not have these entries already and that it accomodates the networks involved:
route -n |
Route table....doesn't seem to be any problems or maybe i just dont know what i'm doing :)
any ideas...anybody?? [root@demo bin]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 219.93.225.xxx 0.0.0.0 255.255.255.xxx U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 219.93.225.xx3 0.0.0.0 UG 0 0 0 eth0 |
man, you really should be using iptables and not ipchains
also for that forwarding problem: in redhat edit the following file: /etc/sysctl.conf there is a line (probably the 1st line) that say: net.ipv4.ip_forward=0 change it to net.ipv4.ip_forward=1 to turn on ipforwarding also, you'll need to run the following command (just this once so taht you dont have to boot to get forwarding to work) #echo 1 > /proc/sys/net/ipv4/ip_forward |
I've tried chaging from ipchains to iptables following the steps listed on this website:
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html I'm still stuck at the route command: [root@demo empDomain]# route add -net 192.168.100.0 netmask 255.255.255.0 gw 219.93.225.xx dev eth1 SIOCADDRT: Network is unreachable Now my external IP isn't working anymore. Cant connect to it at all. I'm lost... |
That shoudln't affect your network if the add failed. Can you post:
route -n |
Here goes....
I think i probably screwed something up somewhere.... # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 219.93.225.0 219.93.225.xx3 255.255.255.0 UG 0 0 0 eth0 219.93.225.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 219.93.225.xx3 0.0.0.0 UG 0 0 0 eth0 |
i've managed to reconfigure my route to the original one (refer post #6 for my earlier route -n)....
but my external IP is still not working i think i must've screwed up something in the midst of configuring iptables any ideas? or where should i look to rectify this? |
You say your external IP isn;t working - does it work from the linux box itself or is it just a problem for the clients?
|
yes...it does work from the box itself as there's a reply when i try to ping it
like you said...its just a problem with the clients |
Then the forwarding doesn't seem to be working. Can you post:
iptables -L |
$iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `INPUT_DROP: ' Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `OUTPUT_DROP: ' |
All times are GMT -5. The time now is 05:53 PM. |