Solved

Linux routing problems

Posted on 2009-06-30
4
406 Views
Last Modified: 2013-11-16
Hi Guys,
I'm having a little problem getting my head around routing in Linux
OS: Centos 5.3

Have have two NIC's install in this server
NIC1 is drectly connected to the internet in a datacentre via a switch and has a public IP.  It needs to route its traffic via another public IP(gateway)
NIC1 has IPtables enabled as a firewall

NIC2 has assigned a local IP address.

Problem: I cannot for the life of me get internet access.  I'm used to using a Cisco router/Pix for this type of thing, but because of the shear scale of traffic, the Pix I normally use, cannot cope.

Can someone give me some pointer?

regards

0
Comment
Question by:middletn
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 250 total points
ID: 24751948
In general these are the steps to get forwarding working:

1. enable ip forwarding on the machine:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. make sure that NATing is configured (MASQUERADE or SNAT):
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

3. make sure that you allow forwarding traffic in iptables rules:
iptables -I FORWARD -i eth0 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Thats about it.

Post a comment if you have troubles with any of these steps
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 250 total points
ID: 24773166
While Blaz assumed you couldn't get Internet Access from connected LAN hosts, I'm not so sure your question isn't that you are having trouble connecting to the Internet on the Linux box itself...

If this is the case, you need to look at your routing tables:
   # route

Your rules are actually simple... you want to direct anything on the LAN to eth1 (NIC2) and anything NOT for the LAN to eth0 (NIC1). Since examples work best, lets assume your WAN IP address is 1.2.3.4 & your assigned gateway is 1.2.3.1. Further, let's assume your LAN IP is 10.0.0.1/24.

What you WANT your routing table to look like is this:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0          *                     255.255.255.0   U     0       0        0    eth1
169.254.0.0    *                     255.255.0.0       U     0       0        0    eth1
default            1.2.3.1            0.0.0.0              UG    0       0        0    eth0

In CENTOS, you'll manage these settings in the following files (for reboot)
 - /etc/sysconfig/network
    GATEWAY=1.2.3.1

 - /etc/sysconfig/network-scripts/ifcfg-eth0
    IPADDR=1.2.3.4
    etc....

 - /etc/sysconfig/network-scripts/ifcfg-eth1
    IPADDR=10.0.0.1
    etc...

Once the routing tables are setup, THEN you can add the forwarding commands listed above.

Just my thoughts in case the issue was routing for the Linux box vs. connecting clients....

Dan
IT4SOHO
0
 
LVL 1

Author Comment

by:middletn
ID: 24779727
iptables -t nat -I POSTROUTING -i eth0 -o ppp0 -j MASQUERADE

I'm getting the followwhen I execute the above line,
iptables v1.3.5: Can't use -i with POSTROUTING

What is the -i for?

regards
0
 
LVL 16

Expert Comment

by:Blaz
ID: 24781147
Yes, you are right - sorry. -i is incomming interface (which isnt available in postrouting chain) while -o is outgoing interface. Just ommit the "-i eth0" part:
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet link load balancer 6 86
Remote access problem to camera controller 9 66
What's API gateway/firewall & how it's used 10 43
Understanding ping command in Ubuntu 5 28
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question