Linux router

mleppelman · 04-11-2011, 02:39 PM

I am farly new to linux and I am try to set up a linux box for use as a router. The linux box has 2 NICs: eth0, and eth1. I work for a company that has customer computers come in for repair. We are trying to isolate the workbench from the rest of the servers but still ba able to acces the servers and the internet. our network is setup as folows.

we have a static IP from our ISP (not sure what it is) our severs or 10.1.2.x. the new bench I am setting up will be 10.1.9.x

I have the following static IPs set in the linux box

eth0 10.1.2.76
sub 255.255.255.0
gatway 10.1.2.1

eth1 10.1.9.1
sub 255.255.255.0
Gateway 10.1.2.76

any help would be greatly appreciated

saavik · 04-11-2011, 02:46 PM

Ok, we might be able to help, but what is the question ?

1.) Setup the ip`s (which you did )
2.) Configure iptables (if you do not know how to do that I can help you)
3.) echo 1 > /proc/sys/net/ipv4/ip_forward
4.) maybe configure your proxy/router

mleppelman · 04-11-2011, 02:53 PM

I am having troubles getting it to work. I have no idea how to set up iptables. Help would be greatful. also I am unabl to ping either of the IP from a computer set on the bench with IP of 10.1.9.20

mleppelman · 04-11-2011, 02:59 PM

I am having troubles getting it to work. I have no idea how to set up iptables. Help would be greatful. also I am unabl to ping either of the IP from a computer set on the bench with IP of 10.1.9.20

mleppelman · 04-11-2011, 03:02 PM

another thing I just relized is when I hook a computer the eth1 I loose conection to the internet.

never say never · 04-11-2011, 03:56 PM

If you are not comfortable working with Linux (and even if you are), I would recommended PFSense, or maybe IPCop or Smoothwall. They will allow you to take an older system with multiple Nics and very easily configure what you want to do.

The nice thing about PFSense is it allows multiple WAN links, can do fail over ... IPCop is more a home user setup, but works well, and Smoothwall also works well

PFSense is FreeBSD based, IPCOP and Smoothwall are Linux based.

Any of these can be setup in about 5 - 10 minutes, and are very stable and as secure as you make them.

mleppelman · 04-11-2011, 04:15 PM

I must be pretty stupid. I can't get any one of those programs to install let alone work.

ubyt3m3 · 04-11-2011, 06:28 PM

Hi,
What is your Linux distribution that you use at your work place?
Also, your current problem is that you can't communicate between 10.1.9.x and 10.1.2.x?
I'm trying understand your problem...
-gibb

jmc1987 · 04-11-2011, 07:40 PM

First off you need to disable your firewall till you have a working setup. Now just to point out your gw should be blank unless your box is pulling IP from another router (ISP info or unless you are cascading routers). Did you enable ipv4_forwarding in /etc/sysctl.conf.

hks1233 · 04-12-2011, 12:20 AM

Enabling Ip forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 10.1.2.76
sub 255.255.255.0
gatway 10.1.2.1

eth1 10.1.9.1
sub 255.255.255.0
Gateway 10.1.2.76

Assuming etho is the interface having net connection

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT

mleppelman · 04-12-2011, 08:13 AM

my distribution is fedora 14. kernel 2.6.35.11-83.fc14

eth0 is the WAN side. eth1 is the LAN side

another problem I am having is I can't ping either IP from the client computer on the bench. Before I installed the iptables package I was able to ping both.

mleppelman · 04-12-2011, 08:19 AM

I am able to ping both IPs again.
now when I have a computer plugged it to eth1 I can't get on the internet.

It seams the system does not know what nic is use to get on the net and what is used for the test bench. I think once this is fixed it should be working.

mleppelman · 04-12-2011, 08:28 AM

this is what I have in sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

not sure if the second is needed or not but that is what is there.

mleppelman · 04-12-2011, 10:24 AM

after making the sugest changes is restarted network services. this is what I got.

service network restart

Shutting down interface eth0: Device state: 3 (disconnected)
[ OK ]
Shutting down interface eth1: Device state: 3 (disconnected)
[ OK ]
Shutting down loopback interface: Error: Device 'lo' not found.
[FAILED]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/4
[ OK ]
Bringing up interface eth1: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/5
[ OK ]
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists

I under stand the shutting down and bringing up of the connection but I have no idea what the rest means.

never say never · 04-13-2011, 07:13 AM

Quote:

Originally Posted by mleppelman

I must be pretty stupid. I can't get any one of those programs to install let alone work.

They aren't programs, they are complete operating systems, specialized distributions of linux (FreeBSD in the case of PFSense). Simply burn the iso to a CD, boot from the CD, and there will be an option to configure and run off the CD or install to hard drive (which you would want to do after testing).