Re: Firewall to two networks
On 22 Aug 2002 at 12:01, Vince Mulhollon wrote:
> I have not done this exact config with two internal networks, but
> something close to:
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> And don't forget an 'echo 1 > /proc/sys/net/ipv4/ip_forward
At the moment I'm just trying to reach the point at which I can
confirm that each card can ping other local machines.
> >> # /etc/network/interfaces -- configuration file for ifup(8),
> >> #auto eth1
> >> #iface eth1 inet static
> >> # address 192.168.1.1
> >> # netmask 255.255.255.0
> >> # network 192.168.1.0
> >> # broadcast 192.168.1.255
> >> # gateway 217.34.100.197
>
> Why comment these guys out (#)? How do they get configured?
> Don't think you need that gateway entry for the internal interfaces
> because your machine IS the gateway.
OK taken those two gateway lines out and that gets rid of the
complaint about "network unreachable"
> Here's the important part:
> Post your /sbin/route -n from the firewall itself.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
217.34.100.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0
0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
0.0.0.0 217.34.100.198 0.0.0.0 UG 0 0
0 eth0
> Also post your ifconfig from the firewall.
eth0 Link encap:Ethernet HWaddr 08:00:00:39:49:06
inet addr:217.34.100.197 Bcast:217.34.100.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:132 errors:0 dropped:0 overruns:0 frame:0
TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:10571 (10.3 KiB) TX bytes:10138 (9.9 KiB)
Interrupt:5 Base address:0x320
eth1 Link encap:Ethernet HWaddr 00:00:E8:2D:0A:C8
inet addr:192.168.1.1 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:318 errors:0 dropped:0 overruns:0 frame:0
TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:31358 (30.6 KiB) TX bytes:20979 (20.4 KiB)
Interrupt:10 Base address:0x300
eth2 Link encap:Ethernet HWaddr 00:EE:B1:02:CA:66
inet addr:192.168.2.1 Bcast:192.168.2.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3323 (3.2 KiB) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:61 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5432 (5.3 KiB) TX bytes:5432 (5.3 KiB)
Hugely appreciate any help any of you can give with this. With this
set up I can ping things through the external ethernet but not the
other two..... but my brain is addled and I'm sure I'm missing the
blindingly obvious.
TIA again.
Chris
PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling
and Therapeutic Communities; practice, research,
teaching and consultancy.
Chris Evans & Jo-anne Carlyle
http://psyctc.org/ Email: chris@psyctc.org
Reply to: