routes are killing me - how to?

Robert Serphillips yellowdog-general@lists.terrasoftsolutions.com
Wed Nov 6 19:19:01 2002 

Try this 

echo 1 > /proc/sys/net/ipv4/ip_forward

This allows, as the name implies ip forwarding. Most basic NAT. After
that make sure each of your clients gateway point to the internal
interface of your server ( in /etc/sysconfig/network). You should be
able to ping at that point. Read the howto and pay extra special
attention when it comes to the firewall. It would be very frustrating
after all that to work to have your system broken into and are forced
to wipe it and start from scratch.

-Rob



On Wed, 6 Nov 2002 20:29:07 -0500
Stefan Jeglinski <jeglin@4pi.com> wrote:

> I am setting up the following configuration in preparation for 
> setting up a firewall; behind the box are all the machines on the 
> 192.168.0.0 network.
> 
>                    +-------------------------+
>                    |                         |
> 192.168.0.0 ------+ eth0 (192.168.0.1)      |
>                    |                         |
>                    |                         |
>                    |   (63.220.231.132) eth1 +-+- router
>                    (63.220.231.129)|                         | |
>                    +-------------------------+ |
>                                                |
>                                                |
>                  other 63.220.231.128/26 IPs --+
> 
> The box has 2 physical interfaces eth0 and eth1. I'm showing all
> real IPs from our /26 block for clarity, so please don't try to hack
> or dos us :-)
> 
> I can't figure out how to construct the table to route traffic from 
> the private network onto the public and vice versa. My ifcfg-eth0, 
> ifcfg-eth1, and network files read:
> 
> ::::::::::::::
> /etc/sysconfig/network-scripts/ifcfg-eth0
> ::::::::::::::
> DEVICE=eth0
> IPADDR=192.168.0.1
> NETMASK=255.255.255.0
> NETWORK=192.168.0.0
> BROADCAST=192.168.0.255
> ONBOOT=yes
> BOOTPROTO=none
> 
> ::::::::::::::
> /etc/sysconfig/network-scripts/ifcfg-eth1
> ::::::::::::::
> DEVICE=eth1
> IPADDR=63.220.231.132
> NETMASK=255.255.255.192
> NETWORK=63.220.231.128
> BROADCAST=63.220.231.191
> ONBOOT=yes
> BOOTPROTO=none
> 
> ::::::::::::::
> /etc/sysconfig/network
> ::::::::::::::
> NETWORKING=yes
> FORWARD_IPV4=no
> HOSTNAME=orion.4pi.com
> DOMAINNAME=4pi.com
> GATEWAY=63.220.231.129
> GATEWAYDEV=eth1
> 
> Bringing up the network then creates this routing table:
> 
> Destination     Gateway         Genmask         Flags Iface
> 63.220.231.128  0.0.0.0         255.255.255.192 U     eth1
> 192.168.0.0     0.0.0.0         255.255.255.0   U     eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     lo
> 0.0.0.0         63.220.231.129  0.0.0.0         UG    eth1
> 
> This is my starting point. My problem is that nothing on the private
> 
> network can ping anything, not even 192.168.0.1, and I seem to 
> believe that it will all work if I can just add the correct routes
> to the table. I've been trying to read on-line dox and have done all
> 
> sorts of things to the routing table to make this work, but none 
> have. I won't try to repeat all those here. I have no way to know if
> 
> I'm really way off base to begin with or whether I just have to add
> a small tweak.
> 
> Any *knowledgeable* help greatly appreciated!
> 
> 
> Stefan Jeglinski
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>