[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Modem and NIC Gateway

On Thu, Feb 5, 2009 at 3:11 PM, Zanga Chimombo <z.chimombo@admarc.co.mw> wrote:
>> You said 'i am able to ping 172.21.5.136 but not 172.21.0.1'
>
> from a client machine on the internal network.
>
>> and 'i can
>> connect fine to the internet from the gateway'.
>
>> So you can ping, say google.com from your gateway machine correctly?
>
> yes.
>
>> But
>> you can't ping 172.21.0.1 from your gateway?
>
> i can ping 172.21.0.1 fine from the gateway but not from a client.
>
>> Since you can get to the internet from your gateway, then its routing
>> should
>> be fine,
>
> everything is indeed fine from the gateway. i can browse www.google.com,
> ping my ISPs gateway (172.21.0.1).the problem is the internal network.
>
>> and the next thing is to configure IP masqurading to allow your
>> internal network to connect via that machine.
>
> so i have to setup iptables? any pointers...?
>

My personal recommendation would be to use Shorewall, because I have been
impressed with it when I've used it. The guide at
http://shorewall.net/two-interface.htm should be appropriate for your
needs (and be sure not to miss the notes specific to the Debian package).
Shorewall can be used to set up a full set of firewalling rules, plus port
forwarding, as well as masquerading but I don't know if you might consider
it overkill for your needs.

If you want to configure it manually, you could start by looking at
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/,
including the comments, but I wouldn't actually do this except in the
testing stage, because it's easy to make mistakes in configuration which
will cause problems (like allowing incoming requests from the internet to
be masqueraded, appearing to your network like they are coming from your
gateway machine). More generally, you should be able to find a lot
of resources about IP masquerading via Google.

Once you've set up the forwarding, you need to have the other machines
on your network actually use the gateway to access the internet. If they
are using DCHP then that is just a matter of setting the default gateway
in your DHCP server config (and you might want to run a DHCP server on
your gateway, if you don't already have one on your network). If your
machines have static IP addresses, then you need to include a reference
to the gateway in their network configuration. In Debian this can be done
by adding a line to the appropriate stanza in /etc/interfaces, like eg:
iface eth0 inet static
        address 192.168.0.111
        netmask 255.255.255.0
        gateway 192.168.0.1

Or for a quick test 'route add default gw 192.168.0.1' on the client
should work, assuming that's the IP address of the internal interface
of your gateway.

Doubtless there are a multitude of GUI tools to do this, depending on
what you're running on the client machines, but if you're not using DHCP
then I assume you already know how to configure network interfaces.

I believe that should cover the usual cases, but if I've made any
mistakes or false assumptions, then let me know.

Thanks,
Nye
Reply to: