View previous topic :: View next topic |
Author |
Message |
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Oct 31, 2010 6:32 am Post subject: |
|
|
You need to give eth1 an IP, edit rc.inet1.conf for doing that.
You can use efg (http://yourserver/efg) to configure the routing firewall.
Since you eth0 has 192.168.1.x your eth1 should have something different like 192.168.2.x and all workstations under it.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Mon Nov 01, 2010 3:55 pm Post subject: |
|
|
If I use eth1 server 192.168.110.50 and workstation static ips 192.168.110.x will I use a corretc class network? |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Mon Nov 01, 2010 4:37 pm Post subject: |
|
|
Yes!
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Mon Nov 01, 2010 10:09 pm Post subject: |
|
|
I am lost!!!
I`m trying this Server Ethernet config
eth0: dhcp
eth1:192.168.2.1
Gateway:""
DNS: 200.149.55.140 ( first only, because I am using netconfig)
After that I`m using command.
#iptables -t nat -F
#/etc/rc.d/rc.ip_forward restart
I `ll do a script to it yet
server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 203 0 0 eth0
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 203 0 0 eth0
Workstation
eth0: 192.168.2.7
Gateway:"192.168.2.1" Server eth1 Static ip
DNS: 200.149.55.140 ( first only, because I am using netconfig)
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1 0 0 eth0
Server can ping 8.8.8.8 and w.w.w.gmail.com . But it isn`t pinging workstation 192.168.2.7!!
What`s the problem? |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Mon Nov 01, 2010 10:49 pm Post subject: |
|
|
You said
eth1:192.168.2.1
and your route says
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
and your workstation says
eth0: 192.168.2.7
Gateway:"192.168.2.1"
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Mon Nov 01, 2010 11:30 pm Post subject: |
|
|
But what` s the gateway in workstation? Is this a eth1 server ip ? About server how can I correct it to this ip class? |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Tue Nov 02, 2010 2:33 am Post subject: |
|
|
After a route -del and reboot it was:
server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0
But ping isn`t ok! |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Tue Nov 02, 2010 7:05 am Post subject: |
|
|
Have you run efg (http://[yourserver]/efg)?
rc.ip_forward just enables packet forward doesn't forward anything.
Run efg and choose getaway/firewall, copy and start your rc.firewall script.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Tue Nov 02, 2010 2:36 pm Post subject: |
|
|
Have you run efg (http://[yourserver]/efg)?
But, at first, I`m trying a very simple way! Would you mind to revise my steps? It should be a bit wrong!!
Server
1) I connetct ISP to eth0 card and eth1 like a local lan
2) I get internet connection pages
3) eth0:dhcp
eth1: 192.168.2.1
Gateway ""
A simple rc.firewall script to router.
#chmod +x roteando ( to start at boot )
#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Workstation
1) #netconfig
Hostname:maq7.localdomain
Domain:maq7_local
Ip address:192.168.2.7
Netmask:255.255.255.0
Gateway:192.168.2.1 ( same used in eth1 server )
Nameserver:200.149.55.140 ( ISP )
Now route -n
server:l#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0
#cat /proc/sys/net/ipv4/ip_forward
(1)
It confirms forward enable
#2)iptables -vL
There is a different ssh output in fail2ban. It can be a block to ssh and local lan? |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Tue Nov 02, 2010 3:01 pm Post subject: |
|
|
I ` m doing a double post, but its a good reason!!!
server:/home/normal#ping 192.168.2.7
PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data.
64 bytes from 192.168.2.7: icmp_req=1 ttl=64 time=0.113 ms
64 bytes from 192.168.2.7: icmp_req=2 ttl=64 time=0.103 ms
I don`t get a workstation internet connection. But this is a evolution, hehe!!! |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Tue Nov 02, 2010 4:58 pm Post subject: |
|
|
vivanguarda wrote: |
#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
I believe you need to add
iptables -A FORWARD -i eth1 -j ACCEPT
for routing to work.
I insist though running efg for an advanced firewall and you can add dhcp server to eth1 for your workstations.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
keopp Senior Member
Joined: 08 Nov 2008 Posts: 166 Location: Romania
|
Posted: Tue Nov 02, 2010 8:44 pm Post subject: |
|
|
Quote: |
A simple rc.firewall script to router.
#chmod +x roteando ( to start at boot )
#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
Hello,
I'm not sure, but how do you know that roteando script is launched at boot time?
What is this script's purpose?
rc.firewall is suposed to be a file, not a folder.....
Am I missing something here?
Cheers![/b] |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Thu Nov 04, 2010 1:20 am Post subject: |
|
|
Firewall was done in efg and I `m searching a chain like you pointed me:
iptables -A FORWARD -i eth1 -j ACCEPT
I found similar...
INPUT Chain
#
[i]
echo "Process INPUT chain ..."
# Allow all on localhost interface
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
# If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
# Rules for the private network (accessing gateway system itself)
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
FORWARD Chain
#
echo "Process FORWARD chain ..."
# Used if forwarding for a private network[/i]
Do you think this established the same rules? |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Thu Nov 04, 2010 6:43 am Post subject: |
|
|
I pointed
Code: | iptables -A FORWARD -i eth1 -j ACCEPT |
to add it to your simple firewall script
Code: | #vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
If you are using efg then you can delete your simple firewall script, the same rule applied at
Code: | # If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT |
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Fri Nov 05, 2010 4:02 am Post subject: |
|
|
I did an efg Alien Bob Firewall. Now I get ping Server and Workstation, but I don`t get internet conection.
Server dns:
Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line
and Worstation I`m using ISP
200.149.55.140
Is it the problem? I did a Transparent Proxy in EFG advanced configuration. |
|
Back to top |
|
|