Firewall
I am setting up a firewall in Linux using Redhat 9.0 (command line). I have loaded the standard "Servers" installation and installed two network cards.
On the one side my private network with IP: 10.xx.xxx.x and on the other a Router connecting to the Internet with a public IP: 196.xx.xxx.xxx. My firewall, to be, has been setup with one nic (eth1) with IP: 10.xx.xxx.xxx to match my private network and on the other nic (eth0) with a public IP: 196.xx.xxx.xxx. The firewall software has been set to no firewall in order for me to get the routing right. From the firewall, to be, I can ping my private network as well as the Internet. No problem. From my private network, with Windows XP and gateway set to my firewall eth0 IP I can ping both nics, but I can't ping the Router nor the Internet. The following settings has been done: ifcfg-eth0: DEVICE=eth0 IPADDR=196.xx.xxx.xxx NETMASK=255.xxx.xxx.xxx NETWORK=196.xx.xxx.xxx BROADCAST=196.xx.xxx.xxx ONBOOT=yes ifcfg-eth1: DEVICE=eth1 IPADDR=10.xx.xxx.xxx NETMASK=255.xxx.xxx.xxx NETWORK=10.xx.xxx.xxx BROADCAST=10.xx.xxx.xxx GATEWAY=196.xx.xxx.xxx (eth0) ONBOOT=yes route: 196.xx.xxx.x * 255.xxx.xxx.x eth0 10.xx.xxx.x * 255.xxx.xxx.x eth1 127.0.0.0 * 255.0.0.0 lo default 196.xx.xxx.xxx 0.0.0.0 eth0 Iptables is setup to ACCEPT FORWARD In sysctl.conf the line net.ipv4.ip_forward = 1 is set. Is there something I am missing? I can't find anything in the HOWTO's. I am sure it must be something simple. Will I be able to use this Linux box to setup a VPN and Proxy as well? It is a PIII 600MHz with 128MB ram. Any help will be appreciated. Thanks in advance. :newbie: |
I don't quite understand. Is the linux box the router you're using, or do you have an additional router inbetween linux box and the Internet?
If you have a separate physical router, you need to use a second private network ID between the router and the linux box. The linux box shouldn't see the "public" addresses. If you don't have a separate physical router, the linux box IS the router, make sure the /proc/sys/net/ipv4/ip_forward file has the "1" in it. I've found that I have to force it with the line "echo "1" >/proc/sys/net/ipv4/ip_forward" in the /etc/rc.local file. |
There is a Cisco router with public IP between the firewall and the Internet. I have managed to get it going. Please look at the following post.
http://www.linuxquestions.org/quest...&threadid=82005 Also look at the following link. http://morizot.net/firewall/gen/ My problem was with the iptables. Thanks for all the help. |
All times are GMT -5. The time now is 11:32 AM. |