Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I decided to turn am old computer that I have into a NAT router for my internal network.
I installed two ethernet cards (eth0 & eth1 ) and installed Linux 7.3.
I also downloaded a NAT script from the Internet that uses IPTABLES.
I set the router up so that "eth0" is my WAN ( Public IP ) and "eth1" is my LAN ( Internal IP )
On my LAN ( Internal network ) I have 3 servers, 1 workstation, and a wireless AP, that is used for
my wireless laptop and for my Neighbors wireless Internet connection. And also the Linux router that
I am trying to configure here.
Here is how my network is presently configured.
1, The Linux router uses "eth0" conected to the Internet ( Public IP: 23.456.789.1 )
The router also doubles up as a DNS server for my domain.
and "eth1" ( Private IP: 192.168.0.1 ) is connected to a 24 port switch.
Also connected to the switch are the below systems:
Wireless Access Point ( IP: 192.168.0.2 ) This uses 192.168.1.0/24 for the 802.11b wireless network.
DataBase server ( IP: 192.168.0.5 )
Mail Server ( IP: 192.168.0.6 )
Web server ( IP: 192.168.0.7 )
Static Workstation ( IP: 192.168.0.254 )
The netmask for the above Ethernet UTP network is: /24
I have one problem and I am also wondering if anyone can suggest a better way of subnetting my present configuration.
Problem:
Although it is quite possible to access the Web sites hosted on my Web server from outside of my network via the Internet, it does not seem to be possible to access the Web sites from inside the network. The same aplies to my mail server. e.g. From my static work station I cannot pull up any virtual hosted web sites that are on my Web server. I also cannot access them from my Internal wirelessly linked Laptop.
Also, I am wondering if anyone can give my any hint's on how I might reduce the subnetting so that things run a little more efficiently.
One note, I would not believe that this would work only for the fact that I had it working fine when I used a Linksys Hardware router. I could also see my Web pages and access my mail server without any problems.
Here is the present IPTABLES script that I am using.
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clean old iptables
iptables -F
iptables -X
iptables -Z
# Allow forwarding through the internal interface
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Default forward policy to DROP
iptables -P FORWARD DROP
# Do masquerading through eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The virual websites depend on a working dns server to resolve the site names to ip numbers,
otherwise all you will get is the default site pages...
Because your dns server is local, you need some INPUT rules for the dns server, similar to the FORWARD rules.
These rules aren't the best, quite paranoid and look like a conversion from ipchains, eg
# Enable passive ftp transfers
iptables -A INPUT -i eth0 -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
The ip_conntrack mechanism does this internally, no need for rules...
Have a look at this tutorial for some more info...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.