Solved

basic linux firewall configuration

Posted on 2000-03-19
8
403 Views
Last Modified: 2010-04-20
I have a redhat 6.1 computer with 2 network cards in it. I have a cable modem with a static ip. my normal configuration for internet access is IP:24.5.216.13 DG:24.5.216.1 . So on the computer with the firewall I set the first card with that IP, then on the second card (eth1) I am using 192.168.1.1 .
From the firewall computer I can ping the internet and my computer with the 192.168 IP number (192.168.1.2 /WIN 98 machine).
From the win98 machine I can ping the 192.168.1.1 ip and I can ping the 24.5.216.13 ip for eth0, but I can't ping 24.5.216.1 (Default gateway).

  24.5.216.13             192.168.1.1
                  \                /
Internet_ _ \|firewall|/_ _ _ Win98
             
Does that help?
I have IP_forawrding turned on (1)
I think the problem lies in the default gateway setting for the win98 machine? Do I tell it 24.5.216.13 or 192.168.1.1?
or do I use the default gateway from my ISP 24.5.216.1?

Thanks Matt          

0
Comment
Question by:unomateo
8 Comments
 
LVL 2

Expert Comment

by:mzehner
ID: 2634724
You set your default gateway on the windows machine to 192.168.1.1.  You also need to make sure your routing tables in the Linux computer are set up properly.
route add -net 24.5.216.0 netmask 255.255.255.0 gw 24.5.216.13 dev eth0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth1
Also make sure your default gateway for the linux box is 24.2.216.1.  You can easily set this up with "netconfig" or "linuxconf".

You can set all this up in "linuxconf" or "netconfig" but you may want to enter them manually using the route command above until you are sure you have it correct.  You may use the "route" command to see the current contents of your routing tables.

Also when you have it working right configure it using netconfig or linuxconf or add the following to your /etc/sysconfig/static-routes" file:
eth0 net 24.5.216.0 netmask 255.255.255.0 gateway 24.5.216.13
eth1 net 192.168.1.0 netmask 255.255.255.0 gateway 192.168.1.1

My answer assumes your netmask on both networks is 255.255.255.0.  Also you may want to consider using ipchains to set us some packet filtering firewall rules to increase your security.  Also have you considered using IP masquerading?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2634819
If you only have a single static IP you have to use IP Masquerade on the Linux box, IP forwarding won't work. Take a look at the IP Masquerade howto for an explantion of why you need it, what it does, and how to do it (http://www.redhat.com/mirrors/LDP/HOWTO/IP-Masquerade-HOWTO.html).

You don't need to futz with the routing tables. They are already correct for Internet access, and the 192.168.1.0/24 network is in the routing table already simply because any locally attached network is automatically reachable. However, mzehner is correct in that the default gateway for any hosts on the inside network is the IP of the inside NIC of the linux box 9192.168.1.1).
0
 

Author Comment

by:unomateo
ID: 2634845
one question about the connection to my hub?
Before when the csble modem went straight to my hub the uplink light was lit?
now when I go thru the firewall computer it isn't, (cable to the firewall than out the ethernet card with 192.168. then to the hub)
is this a problem also?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2634899
Maybe, maybe not. Since I don't know what hub you've got, I don't know if it has an "Uplink port". Such a port has a built in cross-over wiring and is used to connect the hub to another hub or router. Other equipment shouldn't be connected to the "Uplink port" as you'd have to use an cross-over cable to to so. It seems to me that I've seen a smart hub that could automatically sense whether it needed to use a cross-over configuration for either the first or last port, and would light the "Uplink" light if it did so. Check the docs for your hub and see what it's supposed to do.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Expert Comment

by:EatEmAndSmile
ID: 2635593
Considering the gateway for the real Internet network should be seen to get access through, you should tell them about IP address 192.168.1.1. That's the only IP they can see on that machine. Actually if they could see the real IP addresses a gateway wouldn't be needed. :)
0
 
LVL 12

Expert Comment

by:j2
ID: 2635875
"Before when the csble modem went straight to my hub the uplink light was lit?
now when I go thru the firewall computer it isn't," That means the modem uses a crossoverport, so that user can use a straight cable to connect directly to an ethernet device, you must use a crossover cable to connect it to a hub.
0
 
LVL 12

Accepted Solution

by:
j2 earned 100 total points
ID: 2635887
What i would do is to simply download "pmfirewall" (www.pointman.org) download it, untar it, run the install script and just answer the questions (remember to say "yes" to 'Should this computer masquerade for other systems?') And you will be all set plus you now have a decent firewall.

Also my "Monday, March 20 2000 - 01:18PM CET " comment should have been

"via a hub, you must use a crossover cable to connect it directly to a computer."

Or if you dont need a firewall just do this on the linux

echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -A forward -s 192.168.1.0/24 -b -j MASQ

then set the clients to use 192.168.1.1 as their default gw, and set them to use the DNS of your ISP.
0
 
LVL 12

Expert Comment

by:j2
ID: 2635891
also "I have IP_forawrding turned on (1)" That isnt enough, that just enables it, you also must give it "rules" with ipchains to work. If you do not have ipchains installed, it is available on your RH CD, or from www.rustcorp.com
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now