[SMS]

gerasimos_h · Posted: Sun Oct 31, 2010 6:32 am Post subject:

You need to give eth1 an IP, edit rc.inet1.conf for doing that.
You can use efg (http://yourserver/efg) to configure the routing firewall.
Since you eth0 has 192.168.1.x your eth1 should have something different like 192.168.2.x and all workstations under it.

gerasimos_h

vivanguarda · Member Joined: 01 May 2009 Posts: 98

If I use eth1 server 192.168.110.50 and workstation static ips 192.168.110.x will I use a corretc class network?

gerasimos_h · Posted: Mon Nov 01, 2010 4:37 pm Post subject:

Yes!

gerasimos_h

vivanguarda · Member Joined: 01 May 2009 Posts: 98

I am lost!!!
I`m trying this Server Ethernet config

eth0: dhcp
eth1:192.168.2.1
Gateway:""
DNS: 200.149.55.140 ( first only, because I am using netconfig)

After that I`m using command.

#iptables -t nat -F
#/etc/rc.d/rc.ip_forward restart

I `ll do a script to it yet

server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 203 0 0 eth0
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 203 0 0 eth0

Workstation
eth0: 192.168.2.7
Gateway:"192.168.2.1" Server eth1 Static ip
DNS: 200.149.55.140 ( first only, because I am using netconfig)

#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1 0 0 eth0

Server can ping 8.8.8.8 and w.w.w.gmail.com . But it isn`t pinging workstation 192.168.2.7!!

What`s the problem?

gerasimos_h · Posted: Mon Nov 01, 2010 10:49 pm Post subject:

You said
eth1:192.168.2.1
and your route says
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
and your workstation says
eth0: 192.168.2.7
Gateway:"192.168.2.1"

gerasimos_h

vivanguarda · Member Joined: 01 May 2009 Posts: 98

But what` s the gateway in workstation? Is this a eth1 server ip ? About server how can I correct it to this ip class?

vivanguarda · Member Joined: 01 May 2009 Posts: 98

After a route -del and reboot it was:

server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0

But ping isn`t ok!

gerasimos_h · Posted: Tue Nov 02, 2010 7:05 am Post subject:

Have you run efg (http://[yourserver]/efg)?
rc.ip_forward just enables packet forward doesn't forward anything.

Run efg and choose getaway/firewall, copy and start your rc.firewall script.

gerasimos_h

vivanguarda · Member Joined: 01 May 2009 Posts: 98

Have you run efg (http://[yourserver]/efg)?

But, at first, I`m trying a very simple way! Would you mind to revise my steps? It should be a bit wrong!!

Server
1) I connetct ISP to eth0 card and eth1 like a local lan
2) I get internet connection pages
3) eth0:dhcp
eth1: 192.168.2.1
Gateway ""

A simple rc.firewall script to router.
#chmod +x roteando ( to start at boot )

#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Workstation
1) #netconfig
Hostname:maq7.localdomain
Domain:maq7_local
Ip address:192.168.2.7
Netmask:255.255.255.0
Gateway:192.168.2.1 ( same used in eth1 server )
Nameserver:200.149.55.140 ( ISP )

Now route -n
server:l#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0

#cat /proc/sys/net/ipv4/ip_forward
(1)

It confirms forward enable

#2)iptables -vL

There is a different ssh output in fail2ban. It can be a block to ssh and local lan?

vivanguarda · Member Joined: 01 May 2009 Posts: 98

I ` m doing a double post, but its a good reason!!!

server:/home/normal#ping 192.168.2.7
PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data.
64 bytes from 192.168.2.7: icmp_req=1 ttl=64 time=0.113 ms
64 bytes from 192.168.2.7: icmp_req=2 ttl=64 time=0.103 ms

I don`t get a workstation internet connection. But this is a evolution, hehe!!!

gerasimos_h · Posted: Tue Nov 02, 2010 4:58 pm Post subject:

keopp · Posted: Tue Nov 02, 2010 8:44 pm Post subject:

vivanguarda · Member Joined: 01 May 2009 Posts: 98

Firewall was done in efg and I `m searching a chain like you pointed me:

iptables -A FORWARD -i eth1 -j ACCEPT

I found similar...

INPUT Chain
#
[i]
echo "Process INPUT chain ..."

# Allow all on localhost interface
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT

# If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT

# Rules for the private network (accessing gateway system itself)
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT

FORWARD Chain
#

echo "Process FORWARD chain ..."

# Used if forwarding for a private network[/i]

Do you think this established the same rules?

gerasimos_h · Posted: Thu Nov 04, 2010 6:43 am Post subject:

I pointed

vivanguarda · Member Joined: 01 May 2009 Posts: 98

I did an efg Alien Bob Firewall. Now I get ping Server and Workstation, but I don`t get internet conection.
Server dns:
Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line

and Worstation I`m using ISP
200.149.55.140

Is it the problem? I did a Transparent Proxy in EFG advanced configuration.