Solved

Linux routing problems

Posted on 2009-06-30
4
402 Views
Last Modified: 2013-11-16
Hi Guys,
I'm having a little problem getting my head around routing in Linux
OS: Centos 5.3

Have have two NIC's install in this server
NIC1 is drectly connected to the internet in a datacentre via a switch and has a public IP.  It needs to route its traffic via another public IP(gateway)
NIC1 has IPtables enabled as a firewall

NIC2 has assigned a local IP address.

Problem: I cannot for the life of me get internet access.  I'm used to using a Cisco router/Pix for this type of thing, but because of the shear scale of traffic, the Pix I normally use, cannot cope.

Can someone give me some pointer?

regards

0
Comment
Question by:middletn
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24751948
In general these are the steps to get forwarding working:

1. enable ip forwarding on the machine:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. make sure that NATing is configured (MASQUERADE or SNAT):
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

3. make sure that you allow forwarding traffic in iptables rules:
iptables -I FORWARD -i eth0 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Thats about it.

Post a comment if you have troubles with any of these steps
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 250 total points
ID: 24773166
While Blaz assumed you couldn't get Internet Access from connected LAN hosts, I'm not so sure your question isn't that you are having trouble connecting to the Internet on the Linux box itself...

If this is the case, you need to look at your routing tables:
   # route

Your rules are actually simple... you want to direct anything on the LAN to eth1 (NIC2) and anything NOT for the LAN to eth0 (NIC1). Since examples work best, lets assume your WAN IP address is 1.2.3.4 & your assigned gateway is 1.2.3.1. Further, let's assume your LAN IP is 10.0.0.1/24.

What you WANT your routing table to look like is this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0          *                     255.255.255.0   U     0       0        0    eth1
169.254.0.0    *                     255.255.0.0       U     0       0        0    eth1
default            1.2.3.1            0.0.0.0              UG    0       0        0    eth0

In CENTOS, you'll manage these settings in the following files (for reboot)
 - /etc/sysconfig/network
    GATEWAY=1.2.3.1

 - /etc/sysconfig/network-scripts/ifcfg-eth0
    IPADDR=1.2.3.4
    etc....

 - /etc/sysconfig/network-scripts/ifcfg-eth1
    IPADDR=10.0.0.1
    etc...

Once the routing tables are setup, THEN you can add the forwarding commands listed above.

Just my thoughts in case the issue was routing for the Linux box vs. connecting clients....

Dan
IT4SOHO
0
 
LVL 1

Author Comment

by:middletn
ID: 24779727
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

I'm getting the followwhen I execute the above line,
iptables v1.3.5: Can't use -i with POSTROUTING

What is the -i for?

regards
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24781147
Yes, you are right - sorry. -i is incomming interface (which isnt available in postrouting chain) while -o is outgoing interface. Just ommit the "-i eth0" part:
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need help on Windows Firewall blocking program 7 46
When syspreping a clone machine 7 47
Cisco WRVS4400N 11 37
Internet options/Settings 1 47
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question