Very Computer

I'll be brief and to the point because I think that my problem should
be easy to solve.  I'm setting up a LAN on RH 7.0 with a cable modem
and 2 NIC cards.  Card 1, eth0, is connected to a 5-port switch and is
running dhcpd.  This seems to be working correctly and all of the M$
machines can get IPs and ping each and the LINUX box.  Card 2, eth1, is
connected to the cable modem and is able to ping the Internet.  The
problem I'm having is that I don't know how to give the local LAN the
ability to get to the internet.  There are a few things I've been
playing with like the LAN's default gateway and the ip-route table.
I'm guessing there is a oneliner or simple fix to get eth0 to talk to
eth1 so my LAN can access the Internet.  Suggestions and help much
appreciated !!  Thanx !!

-Mike

Sent via Deja.com
http://www.deja.com/

http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html

hs

Read up on IP Masquerading and ipchains .

Michael
--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

: I'll be brief and to the point because I think that my problem should
: be easy to solve.  I'm setting up a LAN on RH 7.0 with a cable modem
: and 2 NIC cards.  Card 1, eth0, is connected to a 5-port switch and is
: running dhcpd.  This seems to be working correctly and all of the M$
: machines can get IPs and ping each and the LINUX box.  Card 2, eth1, is
: connected to the cable modem and is able to ping the Internet.  The
: problem I'm having is that I don't know how to give the local LAN the
: ability to get to the internet.  There are a few things I've been
: playing with like the LAN's default gateway and the ip-route table.
: I'm guessing there is a oneliner or simple fix to get eth0 to talk to
: eth1 so my LAN can access the Internet.  Suggestions and help much
: appreciated !!  Thanx !!

First, make certain that your /etc/sysctl.conf contains the following lines:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_always_defrag = 1

Then you should execute the following:

# assuming your LAN is on the 10s and the RH7 box is at x.x.x.254 - adjust
# as needed
route add -host 10.0.0.254 eth1

# adjust this for the IP of your cable modem
route add -host 111.22.33.44 eth0

/sbin/ipchains -F

# note:  this rule set is very restrictive, and very safe - adjust as
# needed for sufficient 'net access for the RH7 box itself...
/sbin/ipchains -A input -i ! lo -j DENY
/sbin/ipchains -A output -i ! lo -j DENY
/sbin/ipchains -A forward -j DENY
/sbin/ipchains -P forward DENY

/sbin/ipchains -M -S 7200 10 60

# again, adjust as needed
/sbin/ipchains -A forward -s 10.0.0.1 -j MASQ # windoze box numero uno
/sbin/ipchains -A forward -s 10.0.0.2 -j MASQ # windoze box num...
/sbin/ipchains -A forward -s 10.0.0.3 -j MASQ
/sbin/ipchains -A forward -s 10.0.0.4 -j MASQ
/sbin/ipchains -A forward -s 10.0.0.5 -j MASQ
/sbin/ipchains -A forward -s 10.0.0.6 -j MASQ

# or...  if everything on your internal net is to be masqueraded:
# /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ

/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----