Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how Linux Network Configuration

Posted on 2013-02-02
9
Medium Priority
?
665 Views
Last Modified: 2013-02-09
Hello everyone,
I'm confused between iptables and route
-I have a fedora server that has 2 interfaces
External : p2p1
IP 192.168.110.110/24
Gw 192.168.110.1
DNS 192.168.110.1

Open in new window

Internal : p2p2
IP 192.168.206.1/24
Gw 192.168.110.110
DNS 0.0.0.0

Open in new window

-Client
IP 192.168.206.2/24
Gw 192.168.206.1
DNS 192.168.110.1

Open in new window

The firewall is disable in the server
it pings from server device internal IP to client IP but doesn’t ping from server external IP to client IP
I did the iptables to allow the traffic in the forward chain
# iptables –t nat –A POSTROUTING –o p2p1 –MASQUERADE
#iptables –t nat –A PREROUTING –p tcp –d 192.168.110.1-–dport 80 –j DNAT -–to 192.168.206.1
#iptable  -A FORWARD –p tcp –d 192.168.206.1–-dport  80 –j ACCEPT

Open in new window


also changed to enable sysctl net.ipv4.ip_forward=1
after doing these the client can access the internet..
now why do we need route?
And I wish I could use route but I didn’t understand it. I did like that on server but I really don’t understand it and I delete it before doing iptables
route add -net 192.168.206.1 netmask 255.255.255.0
    gw 192.168.110.1 p2p2

Open in new window

please I am really confused between these if someone can help me. I need my network has more security..
and also I have another a question how can I use my external ip address as DNS.
Thanks guys!
0
Comment
Question by:PCANW
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
9 Comments
 
LVL 80

Accepted Solution

by:
arnold earned 525 total points
ID: 38847666
iptables is a firewall.
route deals with a routing table.

What is this system supposed to do?
Are you trying to set it up as a router to allow traffic between the two segments to pass through the fedora box?
your route directive on the fedora is incorrect.
your routing table on the fedora box should be
192.168.110.0 255.255.255.0 192.168.110.1 p2p2
192.168.206.0 255.255.255.0 192.168.206.1 p2p1

within your DHCP configuration you will push the the settings to one side.

You need to be clear what functionality you want to get from this fedora box.
0
 
LVL 35

Assisted Solution

by:Duncan Roe
Duncan Roe earned 525 total points
ID: 38847723
iptables is a firewall. Incorrect - it is also a router.
It is indeed confusing that there are routers and route tables, but they are quite separate.
route tables are for how a box routes internally generated IP datagrams: which network interface (NIC) to send them on, what is the address of the gateway (on the local LAN segment unless this box is the gateway)
Gateway and router mean essentially the same thing. iptables rules cause packets coming in from one NIC to be sent out on another. When traffic is toward the Internet, an iptables rule will modify the source address of the outgoing IP datagram to be that of the interface on which it is being sent. This is Network Adress Translation (NAT). When a response datagram is received, the destination address of that datagram is modified to be that of the originating system and the datagram sent out via the NIC on the local LAN. This is Connection Tracking (conntrack)
I've only scratched the surface of what iptables can do. Just remember that route is always internal to the system where it is issued and iptables enables Internet connection.
0
 
LVL 1

Author Comment

by:PCANW
ID: 38848103
Thanks guys! I really appreciate that
what about DNS?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:PCANW
ID: 38848111
oop, I made a mistake. i will correct the point between you guys I will call them to correct that on monday because you all helped me

Thanks again
0
 
LVL 1

Author Closing Comment

by:PCANW
ID: 38871976
arnold, I think you mean the routing table on the fedora box should be
192.168.110.0 255.255.255.0 192.168.110.1 p2p1
192.168.206.0 255.255.255.0 192.168.206.1 p2p2 ? Is that right?
0
 
LVL 80

Expert Comment

by:arnold
ID: 38872159
Right.
0
 
LVL 1

Author Comment

by:PCANW
ID: 38872360
Thanks!!
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question