I once used my laptop to route internet traffic between my desktop & wireless router. ( The desktop didn't have wireless then. ). ( Using openSUSE )
Quote:
echo 1 > /proc/sys/net/ipv4/ip_forward
|
This is done as well in the YaST interface setup. If you enable forwarding, that is what is done in the startup scripts.
You also need to configure the routes. You can use the "route" or "ip" command for that.
I found that I also needed to enable the "ip_conntrack" module before routing would work. On the kernel that I use now the names of the modules have changed. I think that you want to modprobe the "nf_conntrack_ipv4" and "nf_conntrack_ipv4" kernel modules. I am not certain about the old name. It might have been ip_conntrack or maybe tcp_conntrack.
Anyway, configuring the routes and modprobing the *_conntrack modules are parts you are missing. You shouldn't need to configure iptables unless you are also configuring NAT. And even that you may be able to do from the YaST2 interface & firewall configuration wizards.
I wouldn't bother with this and instead use a NAT router. However If you want to run a proxy or IDS, then running a Linux router (or brouter) would enable you to handle all of the internet traffic.
----
Also look in the /etc/sysconfig/SuSEfirewall2 script. You can make a lot of general changes like NAT, selecting interfaces, or inserting custom rules there. This file is well commented and structured to work with the SuSEfirewall2 script/service.
Editing this file is equivalent to running "YaST2 firewall". Here is a part the deals with forwarding:
Code:
## Type: yesno
## Default: no
#
# 5.)
# Should routing between the internet, dmz and internal network be
# activated?
#
# Set this to "yes" if you either want to masquerade internal
# machines or allow access to the dmz (or internal machines, but
# this is not a good idea).
#
# This option overrides IP_FORWARD from
# /etc/sysconfig/network/options
#
# Setting this option one alone doesn't do anything. Either activate
# masquerading with FW_MASQUERADE below if you want to masquerade
# your internal network to the internet, or configure FW_FORWARD to
# define what is allowed to be forwarded. You also need to define
# internal or dmz interfaces in FW_DEV_INT or FW_DEV_DMZ.
#
# defaults to "no" if not set
#
FW_ROUTE="no"