Hi all i've a SLES 7 ..on a server with 2 network cards.. one 192.168.0.221 and one with public Ip 90.90.20.1 connected directly to an ADSL router I'd like to use the SLES as a router... I've turned on the ipforward option in /etc/rc.config but if i set as the default gateway on a win98/2000 machine on the lan the 192.168.0.221 ...i cannot ping any ip on internet, and i cannot surf the web too. Obviously i can do it on the SLES, i can ping and surf the web. What can i have to do to use my SLES 7 as a router for the lan? It is necessary to use iptables? Thank very much (@ @) -o00-(_)-00o- ****************************** * Alan Civita * * Datenquelle S.r.l. * * alan.civita@datenquelle.it * * tel: +390403721769 * ****************************** NOTICE *********************************************************** This email may contain confidential material. If you were not an intended recipient, Please notify the sender and delete all copies. We may monitor email to and from our network. ***********************************************************
Hi all i've a SLES 7 ..on a server with 2 network cards.. one 192.168.0.221 and one with public Ip 90.90.20.1 connected directly to an ADSL router
I had similar Problems with a Bintec-Router. We wanted to exchange the Bintec Router in a W2K-Envinontment with a Linux-Server with Mailserver/fetchmail and Firewall. There may be compatibility problems within the TCP/IP implementation of the Router.
I'd like to use the SLES as a router... I've turned on the ipforward option in /etc/rc.config
Then you need a routing table that routes the internal and external ip's to the router. 90.90.20.1 <-> Router = external device 192.168.0.221 <-> interal Net = internal device Your Routing should look like this: [root@server root]# /sbin/route -n Kernel IP Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 90.90.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 <IP of the router> 0.0.0.0 UG 0 0 0 eth0 There must be a static route for each device if not set allready. http://sdb.suse.de/de/sdb/html/key_form.html gives you help, search for keyword "route": The document: http://sdb.suse.de/de/sdb/html/maddin_route.html gives detailed information about routing on a network: /etc/route.conf must look like this: # Destination Dummy/Gateway Netmask Device # # Net devices # 127.0.0.0 0.0.0.0 255.255.255.0 lo 90.90.20.0 0.0.0.0 255.255.255.0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 eth1 # # Gateway # default <here come the ip of your router :-)>
but if i set as the default gateway on a win98/2000 machine on the lan the 192.168.0.221 ...i cannot ping any ip on internet, and i cannot surf the web too.
Obviously i can do it on the SLES, i can ping and surf the web.
Yes there is no routing acive on the SLES!
What can i have to do to use my SLES 7 as a router for the lan? It is necessary to use iptables?
Philippe
to Philippe: No, no and no. Private adreeses are no to be routed per definition. 10.x.y.z /8, 172.16.x.y /12, 192.168.x.y /16 are invalid for "normal" routing. to Alan: you need NAT for this and iptables is the way to go. That is, yopu "hide" your network 192.168.0.0 behind the single adress of your external interface and NAT tracks the connections and their address relations. You can use SuSEfirewall2 for this (explanations are in the config file) or you can setup some iptables rules for yourself. Your setup is similar to this eth0 - is external - 90.90.20.1 eth1 - is internal - 192.168.0.221 then some simple rules like that will do: -- Start FW-Script ------------------------------------------------ # Forwarding aktivieren, Netfilter Module laden, MASQ an # eth0 ist aussen, eth1 ist das private LAN echo 1 > /proc/sys/net/ipv4/ip_forward modprobe ip_tables iptable_filte ip_conntrack ip_conntrack_ftp modprobe iptable_nat ip_nat_ftp ipt_LOG ipt_MASQUERADE # NAT einschalten iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE # Default policy iptables -P FORWARD DROP iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT # ungueltige Pakete abweisen iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP iptables -A INPUT -m unclean -j DROP # HTTP und FTP ins Internet erlauben ... iptables -A FORWARD -i eth1 -p TCP --dport 80 -j ACCEPT iptables -A FORWARD -i eth0 -p TCP --sport 80 -j ACCEPT iptables -A FORWARD -i eth1 -p TCP --dport 21 -j ACCEPT iptables -A FORWARD -i eth0 -p TCP --sport 21 -j ACCEPT ---- END Firewall Script ------------------------------------------ Please note that this is very rudimentary, although not so unsafe at all ... ;-) Regards from Germany, Philipp Rusch Philippe Vogel schrieb:
Hi all i've a SLES 7 ..on a server with 2 network cards.. one 192.168.0.221 and one with public Ip 90.90.20.1 connected directly to an ADSL router
I had similar Problems with a Bintec-Router. We wanted to exchange the Bintec Router in a W2K-Envinontment with a Linux-Server with Mailserver/fetchmail and Firewall. There may be compatibility problems within the TCP/IP implementation of the Router.
I'd like to use the SLES as a router... I've turned on the ipforward option in /etc/rc.config
Then you need a routing table that routes the internal and external ip's to the router.
90.90.20.1 <-> Router = external device 192.168.0.221 <-> interal Net = internal device
Your Routing should look like this:
[root@server root]# /sbin/route -n Kernel IP Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 90.90.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 <IP of the router> 0.0.0.0 UG 0 0 0 eth0
There must be a static route for each device if not set allready.
http://sdb.suse.de/de/sdb/html/key_form.html gives you help, search for keyword "route":
The document: http://sdb.suse.de/de/sdb/html/maddin_route.html gives detailed information about routing on a network:
/etc/route.conf must look like this:
# Destination Dummy/Gateway Netmask Device # # Net devices # 127.0.0.0 0.0.0.0 255.255.255.0 lo 90.90.20.0 0.0.0.0 255.255.255.0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 eth1 # # Gateway # default <here come the ip of your router :-)>
but if i set as the default gateway on a win98/2000 machine on the lan the 192.168.0.221 ...i cannot ping any ip on internet, and i cannot surf the web too.
Obviously i can do it on the SLES, i can ping and surf the web.
Yes there is no routing acive on the SLES!
What can i have to do to use my SLES 7 as a router for the lan? It is necessary to use iptables?
Philippe
participants (3)
-
Alan Civita -
Philipp Rusch -
Philippe Vogel