Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Internet gateway with suse 9.0 pro or nat. I got it distribute dhcp, and now I am trying to do so computers on my home network would be able to get on the internet. Allso the firewall that it comes with is not really secure, I did a shields up test so most of my ports are visible, I am looking for a firewall that can do masquerading, open and close ports with iptables and port forwarding, and easy set-up, thx.
SusE is providing DHCP to your network.
SusE has two network cards, eth0 and eth1
SusE can get to the internet and resolve addresses
If all this is true, then here's my suggestions
1. Set eth1 to a statice IP.
2. Download this firewall script which is well documented and edit it according to your needs
The firewall does NAT, Enables IP_Forward, in my mind pretty secure
3. Execute the firewall on boot
ok, I have screwd up my suse 9.0 up again. so give me a few days, b4 I will get it back running. I have physed on saturdays, and sundays, so on monday, I should have some time to work on it. well thx. it is an easy script. but since my server will be running 24/7 I can manually run the file if I will restart the system. so I guess I dont really have to put in into rh.d
You'd have to be a little more specific. Can it get to the internet but just won't NAT for the rest of the network? Is it that nothing can get to the internet? Do the NIC have IP addresses?
well, the script that you gave me, i have modified it to tell it which is my internal network and which one is my expternal network, and what is my gateway of the dhcp server. but when I run the script after I have chmod 755 file.sh. sh -x file.sh I get bunch of errors, like every sigle line of the code gives me probles, like it does not find the commands, or cannot find something, or something is not working when it tryes to execute file.sh. Allso nothing happends when I put it in /etc/...../ folder, I mean after I restart my suse 9.0 pro. But my dhcp works fine, samba works great, other than I cannot get on the net from the mashines that connect to suse. while suse still gets on the net. I have allso tryed to use the firewall that comes with suse, but it just shuts off all of the external network which runs on a different dhcp server, which means after I shut down suse, my network is perfectly fine. here is to visual of my network.
adsl modem->e-smith server which acts as nat,internet gateway,ftp,webserver,(poor firewall cofiguration),dhcp->hub->suse-test server
->computers
here is what I am trying to do.
adsl modem->suse(dhcp,configurable firewall,web,ftp,internet,other servers)->other computers on my network.
the computer which I am testing out suse is pII 350 with 400meg ram.
the that will run suse server and other servers will be and Amd K6-2 550mhz 400 or more ram.( it is currently running Sme(e-smith server))
the reason why I am trying out suse is because it is more confugurable than other Linix distribution( that I have tryed), and allso sme server sucks when it comes to make a game server, no one can see or join the game that I make, even thogh that I do port forwarding, and the other modules that come for it are in beta so they dont work properly. and allso it laks the abile to add other server modules, and has a lot probles one you try to install gcc and similar components.
Post the error message. If its that the command IPTABLES doesn't exist, then set the "$IPTABLES=/location " line to the correct location. It should be /sbin. If you changed the script, You'll likely have to show the parts your change and what the desired outcome of those changes were supposed to be.
Here's what I tried to decipher from your post
1. The SusE server can get to the internet which is grabbing a DHCP address from the DSL provider. (ETH0)
2. You've set the ETH1 to your private IP address.
3. Your DHCP is working, meaning your internal clients are getting the private network address's from SusE.
Since the clients are not getting out to the internet, check
contents of /etc/resolv.conf {make sure its picking up the ISP's nameservers}
Do an ipconfig/ifconfig on clients to see if they are recieving the IP address, gateway, and DNS address from SusE
contents of /proc/sys/net/ipv4/ip_forward {if SusE forwarding traffic}
list iptables to find out what is really going on.
possibly re-download the firewall script cause I don't know what you changed.
With the info you gave me, thats the best I can do for now. If you post more info or the items above, I can likely help more.
Certain editors will create a line break. The only thing I can think of is the "/r" lines which are completely blank lines should be deleted. Which editor do you use? VI shouldn't do that as it wraps lines.
Simply put, open the file with VI and move the cursor to each line that is blank. press dd to delete that line. Do this for the entire script.
well, the script worked really, well. Testing if other systems can go on the net.
Nope, my other systems just get the dhcp adress and thats it, they still dont go on the net.
suse it self can go on the net. I will try restarting suse.
here is the output
Loading STRONGER rc.firewall - version 0.80s..
External Interface: eth0
Internal Interface: eth1
---
External IP: 192.168.2.21
---
Internal Network: 192.168.10.0/24
Internal IP: 192.168.10.1/24
---
- Verifying that all kernel modules are ok
Loading kernel modules: ip_tables, ip_conntrack, ip_conntrack_ftp,
iptable_nat, ip_nat_ftp
---
Enabling forwarding......
Enabling DynamicAddr..
---
Clearing any existing rules and setting default policy to DROP..
Creating a DROP chain..
- Loading INPUT rulesets
- Allowing EXTERNAL access to the WWW server
- Allowing EXTERNAL access via SECURE SHELL
- Loading OUTPUT rulesets
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
- NAT: Enabling SNAT (MASQUERADE) functionality on eth0
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.