Re: [SLE] routing / forwarding ergent help

From: Sandy Drobic (suse-linux-e_at_japantest.homelinux.com)
Date: 03/14/05

  • Next message: Gerhard den Hollander: "Re: [SLE] NICs changing names by themselves?" 
    Date: Mon, 14 Mar 2005 12:52:30 +0100
To: suse-linux-e <suse-linux-e@suse.com>

    Mohammad Fattahian wrote:

    > Hi sandy;
    >
    > Thanks for your reply. Is it the whole of things that I needed?

    >>I've done : ... echo "1" > /proc/sys/net/ipv4/ip_forward

    That setting tells the box that forwarding packets betwenn the different
    interfaces is allowed, the basic requirement for a router.

    > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    This setting expands and says "accept the connections my network has initiated.

    Forgot the last basic setting:
    iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

    This rule tells the box to forward anything it receives on interface eth0 to
    eth1. Basically this is the rule that makes it possible for the internal
    network to use the box to access the internet.

    Please don't forget to set up the dns resolution in /etc/resolv.conf on the
    clients in the internal network. Otherwise they won't be able to resolv
    names to ip addresses.

    Also note that this only provides basic access to the internet, no security
    for the clients beside the Network Address Translation at all!

    Sandy

    PS: Please direct your answers to the list and not my address. Others might
    benefit from the discussion as well and I do read the list. (^-^) 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Gerhard den Hollander: "Re: [SLE] NICs changing names by themselves?"

    Relevant Pages

    • RE: DDoS to microsoft sites
      ... sense that these are network aware. ... The primary difference between the two clients is that the first port scan I ... > - netbios (brute force attack on Administrator account) ... > connected to the Internet. ...
      (Incidents)
    • Re: How to add static routes to ISA Server
      ... I think that the route add should be: ... you want it to represent the whole network and also the subnet should be ... If you want to make your VPN clients like internal users, ... internal network" and "Internet access") so your VPN clients will be ...
      (microsoft.public.isa)
    • Re: [Fedora] Re: Wireless Access Point
      ... I can't enforce that on all of our clients. ... clients which in effect would not allow them to get to any network other ... I just need to figure out how to tell it to have connecting clients fetch an IP from the linux server once I turn off it's internal DHCP. ... However, if one of our employees were to bring in their laptop, they can connect to the same WAP and would be able to see everything "through" that server and access everything on the network (and internet.) So there's some configuration that I need to figure out on the linux server to start with. ...
      (Fedora)
    • Re: Error 0x80072030 returned from call to GetBOConnector()
      ... I do not use PPoE clients on my servers. ... >the internet but the clients do not. ... I was just going to run the wizard again ... >> Generally you have one nic for the internal network. ...
      (microsoft.public.windows.server.sbs)
    • Re: [Fedora] Re: Wireless Access Point
      ... I can't enforce that on all of our clients. ... clients which in effect would not allow them to get to any network other ... I just need to figure out how to tell it to have connecting clients fetch an IP from the linux server once I turn off it's internal DHCP. ... However, if one of our employees were to bring in their laptop, they can connect to the same WAP and would be able to see everything "through" that server and access everything on the network (and internet.) So there's some configuration that I need to figure out on the linux server to start with. ...
      (Fedora)