centos as LAN router

Issues related to configuring your network
Post Reply
asante
Posts: 4
Joined: 2006/08/31 15:09:00

centos as LAN router

Post by asante » 2007/05/16 12:45:40

Hi everyone,
I have installed centos server 4.3 with two network cards.

Eth0 is connected to the network with IP 10.10.10.xx
eth1 is connected to the network with an IP 10.10.11.xx.
what i want to achieve is for the two networks to reach each other via the centos
configured as router to routes traffic in each direction.

So far i have enabe IP forwarding by editing /etc/sysctl.conf and changed
net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1. but to no avail. machines on each network
are not able to ping each other.

I will be grateful if anybody could help me with this setup.

Thank You.

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

centos as LAN router

Post by foxb » 2007/05/16 13:39:33

Post your routing table and ip configuration on one pc on each side of router

asante
Posts: 4
Joined: 2006/08/31 15:09:00

Re: centos as LAN router

Post by asante » 2007/05/16 16:49:53

Hi FoxB,
Could you explain further what you posted.I didnt quite get that.

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Re: centos as LAN router

Post by foxb » 2007/05/16 17:01:57

Maybe you need to read some documentation
http://www.centos.org/docs/5/
http://lartc.org/howto/

dan0815
Posts: 3
Joined: 2007/04/16 20:19:37

I have the same problems

Post by dan0815 » 2007/05/18 12:35:38

there are 2 NICs in my x86-PC with CentOS5 (eth0 & eth1).
eth0 has a static IP (in the network of the company)
eth1 also has a static IP, 192.168.101.2, which is connected with my notebook 192.168.101.1
vmwareplayer was installed (vmnet8), so another NIC is known (172.16.71.1)
vmware ist running fine in NAT-mode, since the kernel-modules ?ip_tables' ?iptable_filter' ?ip_conntrack' and ?ipt_MASQUERADE' were already installed.
This is the output from: lsmod | grep ip

ipt_MASQUERADE 7745 1
iptable_nat 11205 1
ip_nat 20973 2 ipt_MASQUERADE,iptable_nat
ip6table_filter 6849 1
ip6_tables 18181 1 ip6table_filter
ip_conntrack_netbios_ns 6977 0
ip_conntrack 53153 5 ipt_MASQUERADE,iptable_nat,ip_nat,ip_conntrack_netbios_ns,xt_state
nfnetlink 10713 2 ip_nat,ip_conntrack
iptable_filter 7105 1
ip_tables 17029 2 iptable_nat,iptable_filter
ipt_REJECT 9537 1
ip6t_REJECT 9409 1
x_tables 17349 8 ipt_MASQUERADE,iptable_nat,ip6_tables,xt_state,ip_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
ipv6 251137 25 ip6t_REJECT


cat /proc/sys/net/ipv4/ip_forward
1
means ip_forward is turned to on (via boot in /etc/sysctl.conf: net.ipv4.ip_forward = 1)


this is the output from "route" or "netstat -r"

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.101.0 * 255.255.255.0 U 0 0 0 eth1
172.16.71.0 * 255.255.255.0 U 0 0 0 vmnet8
company-net.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default company-gateway 0.0.0.0 UG 0 0 0 eth0


i permitted incomming packets from eth1 via
iptables -A FORWARD -t filter -s 192.168.101.0 -i eth1 -j ACCEPT

and permitted NAT via
iptables -A POSTROUTING -t nat -s 192.168.101.1 -j MASQUERADE

this is the output from "service iptables status"

Tabelle: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.101.0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Tabelle: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 192.168.101.0 0.0.0.0/0
2 ACCEPT all -- 192.168.101.0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6000
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:177
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:177
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

(between: in my opinion the default line (line 1) in chain RH-Firewall-1-INPUT is obvious... doesn't this mean, that every packet goes through???)


the notebook was defined with static IP 192.168.101.1 and the gateway 192.168.101.2

a ping from the notebook to eth1 of the router is working (ping 192.168.101.2)
also the ping form 192.168.101.1 reaches 172.16.71.1 (vmnet8) and the ip of the NIC connected to the eth0-side of the company's LAN.
But any other ping to a host in the company's LAN or to the internet is NOT working... :-(

Do you see, what I have done wrong? I thought this should be working...
thanks in advance, dan0815

Post Reply