Solved

Routing on RH6.2 Lan to Internet through Cable modem

Posted on 2000-05-06
10
194 Views
Last Modified: 2010-03-18
I was able to setup both the internal, and external connections on two separate network cards.  Now I need help getting the ipchains to work (I have RH6.2).  I looked at the instructions in the book where it says to open up netcfg& and choose ip4 forwarding and put ppp0 or slip0 for connection device and modified it for my eth0 (this is the nic hooked to the net), but I have left everything else blank, and it seems not to generate the two files it should (/etc/network being one of them).  so I am looking for detailed step by step instructions please!!! and do not answer, just comment ( I do not want to lock the question till I test the solution)

Some more general info: my cable hookup is dhcp, and my internal NIC has the ip of 192.168.1.50 with netmask 255.255.255.0 (please use those numbers in solutions not any general ones).

Thank you
Kejtar
0
Comment
Question by:Kejtar
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Expert Comment

by:linuxminded
ID: 2783525
kejtar,
what you want to check is /etc/sysconfig
the file is network, edit it, and make sure the 2 lines are
NETWORKING=yes
FORWARD_IPV4=yes

forward_ip might say false just change it to yes..

the step 2 is to configure the ipchains rules in the
/etc/rc.d/rc.local file.
well that's were I was taught to configure it, and works for me..
now I am going to post my ipchains code for you to look over and I recommend you consult with man ipchains to see if you might want to do things diffrently.

# 1) Flush the rule tables.
/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output
# 2) Set the MASQ timings and allow packets in for DHCP configuration.
/sbin/ipchains -M -S 7200 10 60
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
# 3) Deny all forwarding packets except those from local network.
# Masquerage those.
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
# 4) Load forwarding modules for special services.
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio

linuxminded.
I spend way too many nights playing with sendmail :(
0
 
LVL 12

Accepted Solution

by:
j2 earned 100 total points
ID: 2783846
.or just go to www.pointman.org and grab PM firewall, which does all this for youm with an easy install script, and gives you a very good firewall / logger aswell.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2784838
ok, what would be the client config? Should I use 192.168.1.50 for the gateway?
Kejtar
0
 
LVL 2

Expert Comment

by:mzehner
ID: 2784973
If you are hooking up clients up on your 192.168.1.0 network to access the internet, then yes 192.168.1.50 is your gateway for your clients.  Are you trying to set up a router for your clients to go to the internet or do you want to do IP masquerading with firewall rules?  The comment by linuxminded for ipchains is good.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2784983
Actually I am looking for both.
Kejtar
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 12

Expert Comment

by:j2
ID: 2785408
Did you try pmfirewall? Installing it and setting the clients to use .50 as GW and setting them to use the DNS of your ISP should be all yo uneed to do.
0
 
LVL 2

Expert Comment

by:mzehner
ID: 2786780
Normally you disable routing for security purposes when you do IP masquerading.  Although the two functions are similar, they are really seperate.  It is OK for learning purposes to do some routing, but if you are interested in security, then you will want to do IP masquerading.  By doing this your computer that is your firewall will perform operations on behalf of any computers behind it.  As far an anyone or any computer is aware they are talking to your IP masqurading computer (firewall).  Then you will set up your ipchains to allow or not allow various services.  This is known as a packet filtering firewall.  If you want some simple instructions on IP masquerading I will post them.  There is a somewhat long configuation file (in the IP masquerading howto) called rc.firewall, that you can run from your /etc/rc.d/rc.local file that will allow you to do IP masquerading if your kernel was compiled with the right options (My Redhat 6.1 has the correct options so you are probably mostly set with 6.2).  A few modifications to this file and you'll have a packet filtering firewall.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2786951
I have started working with the pmfirewall ( I like it so far), but I have one problem: I can't figure out the client config...
eth1 (internal NIC) has the ip of 192.168.1.50 and  subnet 255.255.255.0 should I use 192.168.1.50 for gateway and dns server, only one for one and not the other (and vice versa) because none of the three above combinations seem to work for me.

Kejtar
0
 
LVL 12

Expert Comment

by:j2
ID: 2787208
Gateway, Yes
DNS, No (unless you HAVE a named running you your server, you will need to point the clients to the DNS of your ISP.) Just as i said in my post of May 7 11:12
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2787227
YIPPPIEEEEEE IT WORKS!!!!!! Since I have moved from winproxy to this, I was thinking of the linuxbox address when I was thinking of the dns address ...
Points will have to go to j2 for directing me towards the pmfirewall, and showing me where I erred on the dns.


Kejtar
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
CPU#7 stuck for 22s! 4 236
deny acl with basic authentication user on squid 7 74
linux, squid server 23 48
LDAP setup? 9 82
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now