Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » SMS User Support

Post new topic   Reply to topic
Webmin and S.M.S Functions Goto page Previous  1, 2, 3, 4  Next
View previous topic :: View next topic  
Author Message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Sun Oct 31, 2010 6:32 am    Post subject: Reply with quote

You need to give eth1 an IP, edit rc.inet1.conf for doing that.
You can use efg (http://yourserver/efg) to configure the routing firewall.
Since you eth0 has 192.168.1.x your eth1 should have something different like 192.168.2.x and all workstations under it.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Mon Nov 01, 2010 3:55 pm    Post subject: Reply with quote

If I use eth1 server 192.168.110.50 and workstation static ips 192.168.110.x will I use a corretc class network?
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Mon Nov 01, 2010 4:37 pm    Post subject: Reply with quote

Yes!

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Mon Nov 01, 2010 10:09 pm    Post subject: Reply with quote

I am lost!!!
I`m trying this Server Ethernet config

eth0: dhcp
eth1:192.168.2.1
Gateway:""
DNS: 200.149.55.140
( first only, because I am using netconfig)

After that I`m using command.

#iptables -t nat -F
#/etc/rc.d/rc.ip_forward restart


I `ll do a script to it yet

server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 203 0 0 eth0
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 203 0 0 eth0


Workstation
eth0: 192.168.2.7
Gateway:"192.168.2.1" Server eth1 Static ip
DNS: 200.149.55.140 ( first only, because I am using netconfig)


#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1 0 0 eth0

Server can ping 8.8.8.8 and w.w.w.gmail.com . But it isn`t pinging workstation 192.168.2.7!!

What`s the problem?
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Mon Nov 01, 2010 10:49 pm    Post subject: Reply with quote

You said
eth1:192.168.2.1
and your route says
192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
and your workstation says
eth0: 192.168.2.7
Gateway:"192.168.2.1"

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Mon Nov 01, 2010 11:30 pm    Post subject: Reply with quote

But what` s the gateway in workstation? Is this a eth1 server ip ? About server how can I correct it to this ip class?
Back to top
View user's profile Send private message
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Tue Nov 02, 2010 2:33 am    Post subject: Reply with quote

After a route -del and reboot it was:

server:/home/normal#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0

But ping isn`t ok!
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Tue Nov 02, 2010 7:05 am    Post subject: Reply with quote

Have you run efg (http://[yourserver]/efg)?
rc.ip_forward just enables packet forward doesn't forward anything.

Run efg and choose getaway/firewall, copy and start your rc.firewall script.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Tue Nov 02, 2010 2:36 pm    Post subject: Reply with quote

Have you run efg (http://[yourserver]/efg)?

But, at first, I`m trying a very simple way! Would you mind to revise my steps? It should be a bit wrong!!

Server
1) I connetct ISP to eth0 card and eth1 like a local lan
2) I get internet connection pages
3) eth0:dhcp
eth1: 192.168.2.1
Gateway ""

A simple rc.firewall script to router.
#chmod +x roteando ( to start at boot )

#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Workstation
1) #netconfig
Hostname:maq7.localdomain
Domain:maq7_local
Ip address:192.168.2.7
Netmask:255.255.255.0
Gateway:192.168.2.1 ( same used in eth1 server )
Nameserver:200.149.55.140 ( ISP )

Now route -n
server:l#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 0 eth0


#cat /proc/sys/net/ipv4/ip_forward
(1)

It confirms forward enable

#2)iptables -vL

There is a different ssh output in fail2ban. It can be a block to ssh and local lan?
Back to top
View user's profile Send private message
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Tue Nov 02, 2010 3:01 pm    Post subject: Reply with quote

I ` m doing a double post, but its a good reason!!!

server:/home/normal#ping 192.168.2.7
PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data.
64 bytes from 192.168.2.7: icmp_req=1 ttl=64 time=0.113 ms
64 bytes from 192.168.2.7: icmp_req=2 ttl=64 time=0.103 ms


I don`t get a workstation internet connection. But this is a evolution, hehe!!!
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Tue Nov 02, 2010 4:58 pm    Post subject: Reply with quote

vivanguarda wrote:

#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

I believe you need to add
iptables -A FORWARD -i eth1 -j ACCEPT
for routing to work.

I insist though running efg for an advanced firewall and you can add dhcp server to eth1 for your workstations.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
keopp
Senior Member


Joined: 08 Nov 2008
Posts: 166
Location: Romania

PostPosted: Tue Nov 02, 2010 8:44 pm    Post subject: Reply with quote

Quote:

A simple rc.firewall script to router.
#chmod +x roteando ( to start at boot )

#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Hello,

I'm not sure, but how do you know that roteando script is launched at boot time?
What is this script's purpose?
rc.firewall is suposed to be a file, not a folder.....
Am I missing something here?

Cheers![/b]
Back to top
View user's profile Send private message
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Thu Nov 04, 2010 1:20 am    Post subject: Reply with quote

Firewall was done in efg and I `m searching a chain like you pointed me:

iptables -A FORWARD -i eth1 -j ACCEPT

I found similar...

INPUT Chain
#
[i]
echo "Process INPUT chain ..."

# Allow all on localhost interface
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT


# If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT


# Rules for the private network (accessing gateway system itself)
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT



FORWARD Chain
#

echo "Process FORWARD chain ..."

# Used if forwarding for a private network
[/i]




Do you think this established the same rules?
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Thu Nov 04, 2010 6:43 am    Post subject: Reply with quote

I pointed
Code:
iptables -A FORWARD -i eth1 -j ACCEPT

to add it to your simple firewall script
Code:
#vi /etc/rc.d/rc.firewall/roteando
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


If you are using efg then you can delete your simple firewall script, the same rule applied at
Code:
# If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT


gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Fri Nov 05, 2010 4:02 am    Post subject: Reply with quote

I did an efg Alien Bob Firewall. Now I get ping Server and Workstation, but I don`t get internet conection.
Server dns:
Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line

and Worstation I`m using ISP
200.149.55.140

Is it the problem? I did a Transparent Proxy in EFG advanced configuration.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » SMS User Support All times are GMT + 2 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional