Linux routing problems

Hi Guys,
I'm having a little problem getting my head around routing in Linux
OS: Centos 5.3

Have have two NIC's install in this server
NIC1 is drectly connected to the internet in a datacentre via a switch and has a public IP.  It needs to route its traffic via another public IP(gateway)
NIC1 has IPtables enabled as a firewall

NIC2 has assigned a local IP address.

Problem: I cannot for the life of me get internet access.  I'm used to using a Cisco router/Pix for this type of thing, but because of the shear scale of traffic, the Pix I normally use, cannot cope.

Can someone give me some pointer?

regards

LVL 1
middletnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BlazCommented:
In general these are the steps to get forwarding working:

1. enable ip forwarding on the machine:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. make sure that NATing is configured (MASQUERADE or SNAT):
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

3. make sure that you allow forwarding traffic in iptables rules:
iptables -I FORWARD -i eth0 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Thats about it.

Post a comment if you have troubles with any of these steps
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
While Blaz assumed you couldn't get Internet Access from connected LAN hosts, I'm not so sure your question isn't that you are having trouble connecting to the Internet on the Linux box itself...

If this is the case, you need to look at your routing tables:
   # route

Your rules are actually simple... you want to direct anything on the LAN to eth1 (NIC2) and anything NOT for the LAN to eth0 (NIC1). Since examples work best, lets assume your WAN IP address is 1.2.3.4 & your assigned gateway is 1.2.3.1. Further, let's assume your LAN IP is 10.0.0.1/24.

What you WANT your routing table to look like is this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0          *                     255.255.255.0   U     0       0        0    eth1
169.254.0.0    *                     255.255.0.0       U     0       0        0    eth1
default            1.2.3.1            0.0.0.0              UG    0       0        0    eth0

In CENTOS, you'll manage these settings in the following files (for reboot)
 - /etc/sysconfig/network
    GATEWAY=1.2.3.1

 - /etc/sysconfig/network-scripts/ifcfg-eth0
    IPADDR=1.2.3.4
    etc....

 - /etc/sysconfig/network-scripts/ifcfg-eth1
    IPADDR=10.0.0.1
    etc...

Once the routing tables are setup, THEN you can add the forwarding commands listed above.

Just my thoughts in case the issue was routing for the Linux box vs. connecting clients....

Dan
IT4SOHO
0
middletnAuthor Commented:
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

I'm getting the followwhen I execute the above line,
iptables v1.3.5: Can't use -i with POSTROUTING

What is the -i for?

regards
0
BlazCommented:
Yes, you are right - sorry. -i is incomming interface (which isnt available in postrouting chain) while -o is outgoing interface. Just ommit the "-i eth0" part:
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.