Yes, you need to forward the packets. Do you need ip chains? Mmmm, maybe not. you need to do 'echo 1 > /proc/net/ip_forward' Or something. I don't know if that's the exact path, but look for one of those rc.firewall/firedog/firemasq scripts. This will be one of the first lines. This enables kernel packet forwarding. IP chains is a packet filter. You probably don't need any ipchains rules just to get it working. Your kernel input/output/forward rules are set to 'allow' by default. You need ipchains in order to filter out bad traffic. For instance, in the rc.firewall script, there is a rule that drops packets coming from the external interface, that say they are on the internal network. Cory -----Original Message----- From: Garl R. Grigsby [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 4:19 PM To: [EMAIL PROTECTED] Subject: [EUG-LUG:389] RE: Networking woes. Well we are running all registered IPs so I would not need to bother with masquerading. I have setup a linux firewall a while back, so I guess I would just need to use IPChains to forward the packets from eth0 to eht1, correct? Garl Cory Petkovsek wrote: > Oh yes, the docs: > > IP-Masquerade-Howto > Firewall-Howto > IPChains-Howto > > You'll also need to either learn ipchains, or get an rc.firewall script to > properly configure ipchains for masquerading. Search google.com or > freshmeat for rc.firewall, or firemasq. > > I have a pentium 75, 48mb memory, running 2 3com 905b/c 10/100 nics, serving > our 256k dsl line, firewall, dhcp, and dns, and email filter. I'm planning > on swapping out those expensive nics, and putting in some cheaper ones. > > Cory > > -----Original Message----- > From: Garl R. Grigsby [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 19, 2001 3:55 PM > To: eug-lug > Subject: [EUG-LUG:386] Networking woes. > > I need some advise. I know that there is a lot of networking > experience floating around this group, so I am hoping somebody can help > me. > My office currently has a T1 link to our main office. over the last > couple of months the usage of this link has steadily increased to the > point where we are running out of bandwidth, which is causing problems > for several apps that need a full time connection to our main office. > The problem is that nobody will admit to being the bandwidth hog. I have > looked at using apps such as Ethereal and Sniffer Lan but all of our > network is all run off of switches which, as I understand it, makes > these devices almost useless. > My idea is to build a dual nic'd linux box and connect it between > our top level switch and our wan router. With this setup I should be > able to see all of the network traffic that is traveling across the wan > link, right? > Now for my questions. Will this setup work? What will I have to > setup to forward the traffic from one nic to the other, and still have > ethereal see the traffic. Also how much of a machine will I need for > this? Currently I am looking at using a Pentium Pro 200 with 128 MB of > ram. Does anybody know of a package that would generate a html page of > the T1 usage? Has anybody done this before? > > Thanks all, > Garl > > -- > ============================================================================ > = > > Garl R. Grigsby > Senior Customer Applications Engineering - Analysis Team > ---------------------------------------------------------------------------- > - > > Structural Dynamics Research Corporation Phone: (800)242-7372 > TAO Americas Support Center FAX: (541)342-8277 > 1750 Willow Creek Circle Email: > [EMAIL PROTECTED] > Eugene, OR 97402 Internet: > http://www.sdrc.com > ============================================================================ > = > > -FEA makes a good engineer great, and a poor engineer dangerous- > ============================================================================ > = > > PGP ID: 0xF2D845E7 > PGP Fingerprint: 9C40 CB5E 1C51 CF58 E3F9 3F2C 8F1F F3EF F2D8 45E7 > ============================================================================ > = -- ============================================================================ = Garl R. Grigsby Senior Customer Applications Engineering - Analysis Team ---------------------------------------------------------------------------- - Structural Dynamics Research Corporation Phone: (800)242-7372 TAO Americas Support Center FAX: (541)342-8277 1750 Willow Creek Circle Email: [EMAIL PROTECTED] Eugene, OR 97402 Internet: http://www.sdrc.com ============================================================================ = -FEA makes a good engineer great, and a poor engineer dangerous- ============================================================================ = PGP ID: 0xF2D845E7 PGP Fingerprint: 9C40 CB5E 1C51 CF58 E3F9 3F2C 8F1F F3EF F2D8 45E7 ============================================================================ =
