Two Networks With Single Gateway

Posted on 2012-08-22
Last Modified: 2012-08-29
Hi, I am beginner to Linux need experts advise. I have two networks

CentoS 5


eth0: ISP IP Address

Linux is setup with transparent squid and squidGuard

I want both the LANs to communicate with each other and also i need the internet through Linux on LAN A Network

What do i need to do in order to ping both the networks and use Linux Box as a gateway on both the networks?
Question by:Cherukuri30
    LVL 7

    Author Comment

    Current iptables script

    # squid server IP
    # Interface connected to Internet
    # Interface connected to LAN
    # Squid port

    # Clean old firewall
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Load IPTABLES modules for NAT and IP conntrack support
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    # Setting default filter policy
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Unlimited access to loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Allow UDP, DNS and Passive FTP
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
    # set this system as a router for Rest of LAN
    iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # unlimited access to LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
    # if it is same system
    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
    LVL 25

    Accepted Solution

    first off you want to create an alias on the eth1 interface so that your server can be a gateway on the .1.x lan.

    in the /etc/sysconifg/network-scripts directory copy the ifcfg-eth1 and make a ifcfg-eth1:1 file
    then edit that file with the IP information needed to be in the 1.x lan

    next you'll need to update your iptables script.

    you'll need to add I the following (granted the interface IP you use is for the eth1:1 alias interface.  

    iptables --append FORWARD --in-interface $LAN_IN2 -j ACCEPT
    iptables -A INPUT -i $LAN_IN2 -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN2 -j ACCEPT
    iptables -t nat -A PREROUTING -i $LAN_IN2 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER2:$SQUID_PORT

    Also, this doesn't allow traffic between the two lans so if you want that you'll need to add the appropriate FORWARD chain entries
    iptables -A FORWARD -i $LAN_IN2 -o $LAN_IN -j ACCEPT
    iptables -A FORWARD -i $LAN_IN -o $LAN_IN2 -j ACCEPT

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now