Solved

Linux routing problems

Posted on 2009-06-30
4
389 Views
Last Modified: 2013-11-16
Hi Guys,
I'm having a little problem getting my head around routing in Linux
OS: Centos 5.3

Have have two NIC's install in this server
NIC1 is drectly connected to the internet in a datacentre via a switch and has a public IP.  It needs to route its traffic via another public IP(gateway)
NIC1 has IPtables enabled as a firewall

NIC2 has assigned a local IP address.

Problem: I cannot for the life of me get internet access.  I'm used to using a Cisco router/Pix for this type of thing, but because of the shear scale of traffic, the Pix I normally use, cannot cope.

Can someone give me some pointer?

regards

0
Comment
Question by:middletn
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24751948
In general these are the steps to get forwarding working:

1. enable ip forwarding on the machine:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. make sure that NATing is configured (MASQUERADE or SNAT):
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

3. make sure that you allow forwarding traffic in iptables rules:
iptables -I FORWARD -i eth0 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Thats about it.

Post a comment if you have troubles with any of these steps
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 250 total points
ID: 24773166
While Blaz assumed you couldn't get Internet Access from connected LAN hosts, I'm not so sure your question isn't that you are having trouble connecting to the Internet on the Linux box itself...

If this is the case, you need to look at your routing tables:
   # route

Your rules are actually simple... you want to direct anything on the LAN to eth1 (NIC2) and anything NOT for the LAN to eth0 (NIC1). Since examples work best, lets assume your WAN IP address is 1.2.3.4 & your assigned gateway is 1.2.3.1. Further, let's assume your LAN IP is 10.0.0.1/24.

What you WANT your routing table to look like is this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0          *                     255.255.255.0   U     0       0        0    eth1
169.254.0.0    *                     255.255.0.0       U     0       0        0    eth1
default            1.2.3.1            0.0.0.0              UG    0       0        0    eth0

In CENTOS, you'll manage these settings in the following files (for reboot)
 - /etc/sysconfig/network
    GATEWAY=1.2.3.1

 - /etc/sysconfig/network-scripts/ifcfg-eth0
    IPADDR=1.2.3.4
    etc....

 - /etc/sysconfig/network-scripts/ifcfg-eth1
    IPADDR=10.0.0.1
    etc...

Once the routing tables are setup, THEN you can add the forwarding commands listed above.

Just my thoughts in case the issue was routing for the Linux box vs. connecting clients....

Dan
IT4SOHO
0
 
LVL 1

Author Comment

by:middletn
ID: 24779727
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

I'm getting the followwhen I execute the above line,
iptables v1.3.5: Can't use -i with POSTROUTING

What is the -i for?

regards
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24781147
Yes, you are right - sorry. -i is incomming interface (which isnt available in postrouting chain) while -o is outgoing interface. Just ommit the "-i eth0" part:
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Server Communications Audit 5 67
Cisco 2800 Enable PRI Controller 1 33
P2P and MPLS 3 41
You are currently not connected to any networks windows 10 5 80
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now