I'm having problems getting a Linux Gateway set-up. I've gone over the LDP Networking HOWTO's, and as far as I know I've set everything up correctly. Of course, I'm sure I'm overlooking something and I was hoping someone could point it out for me. ;-)
At my work, our traditional internal network is 192.168.0.0/24. A gateway sits at the I.P. address 192.168.0.4, and also acts as a proxy server. The problem with this is the fact that it's an old MS Proxy server (All the computers in the internal network are also running a MS Operating system). Now I have nothing to do with this network, however in my spare I've been trying to set up a linux gateway as an alternative path outside the network, which could also offer tons of other services. I've managed to get a static I.P. assigned for the Linux Box, which is directly accessible from the internet. I'm using the 2.4 linux kernel, and have compiled in the necessary items to run the machine as a gateway. FYI, I'm running Debian woody. Also for safety I won't use the 'real' I.P. address that the outside see's.
The Linux Box has two NIC's, eth0 and eth1. Here's some info extracted from ifconfig (w the real external I.P. being omited):
eth0 Link encap:Ethernet HWaddr 00:01:02:36:E6:A2
inet addr:192.168.0.95 Bcast:192.168.0.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:01:02:78:6D:77
inet addr:220.127.116.11 Bcast:18.104.22.168.143 Mask:255.255.255.240
eth0 is connected to the internal network, and eth1 is connected to the internet. In the above example, the I.P. address 22.214.171.124 is an address you can use to directly connect to the box from the outside.
Here is the results of the route command:
Destination Gateway Genmask Flags Metric Ref Use Iface
126.96.36.199 * 255.255.255.240 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default 188.8.131.52 0.0.0.0 UG 0 0 0 eth1
From the above routing table, you can see that the box has a gateway at 184.108.40.206 to access the internet.
My first task was to set up NAT, so I could use the linux box as the new gateway for a windows xp machine, and make internet connections through this gateway. After completely flushing out and deleting all chains in both the "filter" and "nat" tables, I've tried the following commands with iptables:
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to 220.127.116.11
iptables -t filter -I FORWARD -s 192.168.0.0/24 -i eth0 -j ACCEPT
The following is a list of the two resulting tables (I'm omiting the empty tables):
iptables -t nat -L:
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/24 anywhere to:18.104.22.168
iptables -t filter -L:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
I've also turned on I.P. forwarding by using the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward
and checked to make sure it is indeed set to 1. Now, on the windows XP side all that I'm assuming I would need to do is change the gateway to point to my linux machine instead of the old gateway. Ex. the old gateway is at 192.168.0.4, so I just change that to 192.168.0.95. I can get DNS working later, so for now I've put in a couple external DNS servers in the DNS section of the windows network configuration. With this current setup, I can't seem to get an outside connection from the windows machine. A Few more notes: 1. I can ping the linux gateway from the windows machine. 2. The linux machine can ping computers both inside the internal network (such as my test windows computer), and computers on the outside. 3. I'm using I.P. addresses to test the outside connection, just to eliminate the chance that it's a DNS issue.
It's probably something stupid that I overlooked or left out, so I'm hoping someone could take a look at this setup and notice what's wrong with it.
Thanks in advance.