PEI_IT
asked on
Routing with opensuse 10.2
Hello Experts,
I am trying to setup a router using opensuse10.2 between two public networks. We are changing to a new ISP and have to migrate all of our Internet accessable servers to the new network.
Our new address range is 203.97.94.144/28. Our router's internal facing ip is 203.97.94.158 and the mask is 255.255.255.240.
We have a stub network of 203.167.233.0/30 that we have to use to connect to our ISP. The ISP's router ip is 203.167.233.1 and our Internet facing ip will be 203.167.233.2. The mask is 255.255.255.252.
I need to be able to route between the 203.97.94.144/28 and 203.167.233.0/30 networks, but not nat.
I am trying to setup a router using opensuse10.2 between two public networks. We are changing to a new ISP and have to migrate all of our Internet accessable servers to the new network.
Our new address range is 203.97.94.144/28. Our router's internal facing ip is 203.97.94.158 and the mask is 255.255.255.240.
We have a stub network of 203.167.233.0/30 that we have to use to connect to our ISP. The ISP's router ip is 203.167.233.1 and our Internet facing ip will be 203.167.233.2. The mask is 255.255.255.252.
I need to be able to route between the 203.97.94.144/28 and 203.167.233.0/30 networks, but not nat.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ezaton,
You wrote:
What happens if you set your Linux to the following:
1. Internal network: 203.97.94.158/28
2. External network: 203.167.233.2/30
3. Default GW: 203.167.233.1
4. 'echo 1 > /proc/sys/net/ipv4/ip_forw
5. IPtables off (for the tests, of course)
This worked perfectly. The trick was: echo 1 > /proc/sys/net/ipv4/ip_forw
Now, how do you enable the firewall on the routing linux box without killing the routing that we have just set up between the two networks?
You wrote:
What happens if you set your Linux to the following:
1. Internal network: 203.97.94.158/28
2. External network: 203.167.233.2/30
3. Default GW: 203.167.233.1
4. 'echo 1 > /proc/sys/net/ipv4/ip_forw
5. IPtables off (for the tests, of course)
This worked perfectly. The trick was: echo 1 > /proc/sys/net/ipv4/ip_forw
Now, how do you enable the firewall on the routing linux box without killing the routing that we have just set up between the two networks?
ASKER
I solved the issue. I did the following to my router:
1. Configured my nics with Yast.
2. In Yast--->Network Services--->Routing, I enabled IP forwarding.
3. In Yast--->Security and Users--->Firewall--->Inter
3. Edited the firewall config file, /etc/sysconfig/SuSEfirewal
a. This file is well commented.
b. If you are setting up your machine as a router, you will have to edit options 2, 3, 5, 6, 9, 7, 10, 11, 12, 13, 14.
c. The option of concern is #13. This option allows you to pass packets from network to network without taking down the firewall. for example, if you wanted to pass all packets from all networks to all other networks you would enter: FW_FWD="0/0,0/0"
I hope that this helps anyone else out who has a similar problem.
1. Configured my nics with Yast.
2. In Yast--->Network Services--->Routing, I enabled IP forwarding.
3. In Yast--->Security and Users--->Firewall--->Inter
3. Edited the firewall config file, /etc/sysconfig/SuSEfirewal
a. This file is well commented.
b. If you are setting up your machine as a router, you will have to edit options 2, 3, 5, 6, 9, 7, 10, 11, 12, 13, 14.
c. The option of concern is #13. This option allows you to pass packets from network to network without taking down the firewall. for example, if you wanted to pass all packets from all networks to all other networks you would enter: FW_FWD="0/0,0/0"
I hope that this helps anyone else out who has a similar problem.
Great. I'm not much of a Suse fan. Had many issues with it, and Yast makes me sick (and thus my "manual" solution), however, if it works for you - great!
Will you please clarify your qestin in that:
- you say your router has an internal address. and you say you have 203.97.94.144/28 segment. How are the two segments conected where's the gateway (a host with two interfaces one in 203.97.94 segment the other one in 203.97.94 segment.
- If you have such a gateway then your gateways's default gateway must be 203.97.95.158.
- your router must have a route setting like thar
203.97.94.144 netmask 255.255.255.240 gw (your gateways interface ip on 203.97.94 segment)
- also check with your ISP that the router located at 203.167.233.2/30 has a routing setting for both of your IP ranges:
203.97.94.144 netmask 255.255.255.240 gw 203.167.232.1
203.97.94.158 netmask 255.255.255.240 gw 203.167.232.1
If you have these settings and enabled routing between your gateway systems i_nterface then you should be using the connection.