you need to add the firewalling/ ip masq rules rules.
the following will get you up and running, and restore your credibility.
see the ipfwadm man pages for more in depth rules/accounting.
# setup ip masquerade
modprobe ip_masq_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0
the ip config is adjusted for your situation, but it is extremely
important that you have eth0 as your default route on your Linux box.
the above is a shell script living in sbin.
I run the above script from /etc/rc.d/rc.local.
Good luck Jarmo, and feel free to e-mail me direct with any other help
necessary to get it up and running.
Jarmo Paavilainen wrote:
>
> Hi,
>
> After convincing my boss about how great Linux is, I'm in trouble. I have
> most likely lost all my credibility now, and probably will loose my job :-<
>
> I'm trying to make a Linux (Redhat 5.2) to work as a gateway.
>
> The question is:
>
> Do I need anything else than ip-forwarding to make a gateway?
>
> If I don't, read on....
>
> My network is configured like this:
>
> O internet
> U |
> T | Some kind of high(?) speed (64kByte) all time connected modem
> S |
> I 195...65 (router)
> D |
> E | pairtwisted 10base-T
> |
> 195...66, 255.255.255.252 (eth0)
> My Linux redhat www and ftp server.
> Works and is accessible. Through both 3Com900 cards but with different IPs,
> and that's as it should be.
> 10.0.0.200, 255.255.255.0 (eth1)
> I |
> N | Coax 10base-2
> S |
> I 10.0.0.2 (DHCP NT server. Addresses 10.0.0.2 and 10.0.0.200 are reserved)
> D |
> E 10...## Clients (Win95/98 and NT)
>
> I do not want any client to be visible to the outside, so no need for
> masquerading and stuff like that. I only want to give the clients access to
> the internet.
>
> I can ping all computers (both intern and extern) and routers from my Linux
> box. So that's ok. I can also ping all client from any client, including the
> Linux box (at 10.0.0.200). Ive configured my clients to use 10...200 as
> their gateway.
>
> But I can _not_ ping anything on the extern network from any client.
>
> What I believed was that its enough to have ip-forwarding on to do this,
> obviously I was wrong.
>
> My ifcfg-eth0 looks something like this:
> DEVICE="eth0"
> IPADDR=195...66
> NETMASK=255.255.255.252
> NETWORK=195...64
> BROADCAST=195...67
> ONBOOT=yes
>
> My ifcfg-eth1 looks something like this:
> DEVICE="eth1"
> IPADDR=10...200
> NETMASK=255.255.255.0
> NETWORK=10...0
> BROADCAST=10...255
> GATEWAY=195...66 <- The other card
> ONBOOT=yes
>
> My /etc/sysconfig/network looks something like this:
> NETWORKING=yes
> FORWARD_IP4=true
> HOSTNAME=whatever.whereever.com
> DOMAINNAME=whereever.com
> GATEWAY=195...65 <- The router
> GATEWAYDEV=eth0
>
> I do not run any "ipfwadm" commands. All is forwarded as default anyway,
> right?
> I do not run any "route" or any other commands. No need to do, right?
>
> And do I need to say it....I do not know enough about TCP/IP, actually I do
> not know much (truth is that I'm totally ignorant). But I'm learning :-)
>
> // Jarmo
> [EMAIL PROTECTED]
