Solved

Linux routing problems

Posted on 2009-06-30
4
414 Views
Last Modified: 2013-11-16
Hi Guys,
I'm having a little problem getting my head around routing in Linux
OS: Centos 5.3

Have have two NIC's install in this server
NIC1 is drectly connected to the internet in a datacentre via a switch and has a public IP.  It needs to route its traffic via another public IP(gateway)
NIC1 has IPtables enabled as a firewall

NIC2 has assigned a local IP address.

Problem: I cannot for the life of me get internet access.  I'm used to using a Cisco router/Pix for this type of thing, but because of the shear scale of traffic, the Pix I normally use, cannot cope.

Can someone give me some pointer?

regards

0
Comment
Question by:middletn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24751948
In general these are the steps to get forwarding working:

1. enable ip forwarding on the machine:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. make sure that NATing is configured (MASQUERADE or SNAT):
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

3. make sure that you allow forwarding traffic in iptables rules:
iptables -I FORWARD -i eth0 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Thats about it.

Post a comment if you have troubles with any of these steps
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 250 total points
ID: 24773166
While Blaz assumed you couldn't get Internet Access from connected LAN hosts, I'm not so sure your question isn't that you are having trouble connecting to the Internet on the Linux box itself...

If this is the case, you need to look at your routing tables:
   # route

Your rules are actually simple... you want to direct anything on the LAN to eth1 (NIC2) and anything NOT for the LAN to eth0 (NIC1). Since examples work best, lets assume your WAN IP address is 1.2.3.4 & your assigned gateway is 1.2.3.1. Further, let's assume your LAN IP is 10.0.0.1/24.

What you WANT your routing table to look like is this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0          *                     255.255.255.0   U     0       0        0    eth1
169.254.0.0    *                     255.255.0.0       U     0       0        0    eth1
default            1.2.3.1            0.0.0.0              UG    0       0        0    eth0

In CENTOS, you'll manage these settings in the following files (for reboot)
 - /etc/sysconfig/network
    GATEWAY=1.2.3.1

 - /etc/sysconfig/network-scripts/ifcfg-eth0
    IPADDR=1.2.3.4
    etc....

 - /etc/sysconfig/network-scripts/ifcfg-eth1
    IPADDR=10.0.0.1
    etc...

Once the routing tables are setup, THEN you can add the forwarding commands listed above.

Just my thoughts in case the issue was routing for the Linux box vs. connecting clients....

Dan
IT4SOHO
0
 
LVL 1

Author Comment

by:middletn
ID: 24779727
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

I'm getting the followwhen I execute the above line,
iptables v1.3.5: Can't use -i with POSTROUTING

What is the -i for?

regards
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24781147
Yes, you are right - sorry. -i is incomming interface (which isnt available in postrouting chain) while -o is outgoing interface. Just ommit the "-i eth0" part:
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question