?
Solved

Routing on RH6.2 Lan to Internet through Cable modem

Posted on 2000-05-06
10
Medium Priority
?
200 Views
Last Modified: 2010-03-18
I was able to setup both the internal, and external connections on two separate network cards.  Now I need help getting the ipchains to work (I have RH6.2).  I looked at the instructions in the book where it says to open up netcfg& and choose ip4 forwarding and put ppp0 or slip0 for connection device and modified it for my eth0 (this is the nic hooked to the net), but I have left everything else blank, and it seems not to generate the two files it should (/etc/network being one of them).  so I am looking for detailed step by step instructions please!!! and do not answer, just comment ( I do not want to lock the question till I test the solution)

Some more general info: my cable hookup is dhcp, and my internal NIC has the ip of 192.168.1.50 with netmask 255.255.255.0 (please use those numbers in solutions not any general ones).

Thank you
Kejtar
0
Comment
Question by:Kejtar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Expert Comment

by:linuxminded
ID: 2783525
kejtar,
what you want to check is /etc/sysconfig
the file is network, edit it, and make sure the 2 lines are
NETWORKING=yes
FORWARD_IPV4=yes

forward_ip might say false just change it to yes..

the step 2 is to configure the ipchains rules in the
/etc/rc.d/rc.local file.
well that's were I was taught to configure it, and works for me..
now I am going to post my ipchains code for you to look over and I recommend you consult with man ipchains to see if you might want to do things diffrently.

# 1) Flush the rule tables.
/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output
# 2) Set the MASQ timings and allow packets in for DHCP configuration.
/sbin/ipchains -M -S 7200 10 60
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
# 3) Deny all forwarding packets except those from local network.
# Masquerage those.
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
# 4) Load forwarding modules for special services.
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio

linuxminded.
I spend way too many nights playing with sendmail :(
0
 
LVL 12

Accepted Solution

by:
j2 earned 400 total points
ID: 2783846
.or just go to www.pointman.org and grab PM firewall, which does all this for youm with an easy install script, and gives you a very good firewall / logger aswell.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2784838
ok, what would be the client config? Should I use 192.168.1.50 for the gateway?
Kejtar
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Expert Comment

by:mzehner
ID: 2784973
If you are hooking up clients up on your 192.168.1.0 network to access the internet, then yes 192.168.1.50 is your gateway for your clients.  Are you trying to set up a router for your clients to go to the internet or do you want to do IP masquerading with firewall rules?  The comment by linuxminded for ipchains is good.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2784983
Actually I am looking for both.
Kejtar
0
 
LVL 12

Expert Comment

by:j2
ID: 2785408
Did you try pmfirewall? Installing it and setting the clients to use .50 as GW and setting them to use the DNS of your ISP should be all yo uneed to do.
0
 
LVL 2

Expert Comment

by:mzehner
ID: 2786780
Normally you disable routing for security purposes when you do IP masquerading.  Although the two functions are similar, they are really seperate.  It is OK for learning purposes to do some routing, but if you are interested in security, then you will want to do IP masquerading.  By doing this your computer that is your firewall will perform operations on behalf of any computers behind it.  As far an anyone or any computer is aware they are talking to your IP masqurading computer (firewall).  Then you will set up your ipchains to allow or not allow various services.  This is known as a packet filtering firewall.  If you want some simple instructions on IP masquerading I will post them.  There is a somewhat long configuation file (in the IP masquerading howto) called rc.firewall, that you can run from your /etc/rc.d/rc.local file that will allow you to do IP masquerading if your kernel was compiled with the right options (My Redhat 6.1 has the correct options so you are probably mostly set with 6.2).  A few modifications to this file and you'll have a packet filtering firewall.
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2786951
I have started working with the pmfirewall ( I like it so far), but I have one problem: I can't figure out the client config...
eth1 (internal NIC) has the ip of 192.168.1.50 and  subnet 255.255.255.0 should I use 192.168.1.50 for gateway and dns server, only one for one and not the other (and vice versa) because none of the three above combinations seem to work for me.

Kejtar
0
 
LVL 12

Expert Comment

by:j2
ID: 2787208
Gateway, Yes
DNS, No (unless you HAVE a named running you your server, you will need to point the clients to the DNS of your ISP.) Just as i said in my post of May 7 11:12
0
 
LVL 1

Author Comment

by:Kejtar
ID: 2787227
YIPPPIEEEEEE IT WORKS!!!!!! Since I have moved from winproxy to this, I was thinking of the linuxbox address when I was thinking of the dns address ...
Points will have to go to j2 for directing me towards the pmfirewall, and showing me where I erred on the dns.


Kejtar
0

Featured Post

Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question