What you''re trying to do is pretty simple.
Firstly check that you don''t have any iptables rules loaded stopping
your
forwarding:
iptables -t mangle -F
iptables -t mangle -X
iptables -t filter -F
iptables -t filter -X
then make sure the iptables policy is set to accept:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
then lastly make sure ip forwarding is switched on:
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
you can also do this per interface by echoing 1 to
/proc/sys/net/ipv4/conf/eth0/forwarding etc.
Once you''ve done this you should be able to get anywhere. From here
follow
your HOWTO''s to set up a script to use iptables for filtering and NAT,
and
use HTB/SFQ for bandwidth control. It''s all fairly straight forward
just use
the MASQUERADE target for source NATting your private LAN out to the
Internet.
Regards,
Andrew.
----- Original Message -----
From: "Gerry Weaver" <gerryw@objectivedomain.com>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, March 12, 2004 7:22 AM
Subject: [LARTC] Linux routing newbie Help!!
> Hi,
>
> I need some help with a routing/shaping setup that is a bit beyond my
> current linux routing knowledge. I''ve read the how-to and most of
the
> related mailing list topics, but I still need some help to solve this
> problem. I''ve been asking questions on various lists, but it seems
like
the> answers just add additional confusion. I decided to just describe what
I''m
> trying to do with the hope that someone could point me in the right
> direction. I''ve read a fair bit about the 2.4 kernel and it seems
that
linux> is capable of doing these things. I just need some help to get started. I
> think if I could get the actual problem translated into a working config,
it> would go a long way to helping me understand linux routing etc.
>
> Here is the needed config:
>
> Private net #1: 10.10.1.0 (Higher bandwidth priority)
>
> Private net #2: 10.10.2.0
>
> Private net #3: 10.10.3.0
>
> Private net #4: 10.10.4.0
>
> Private net #5: 10.10.5.0
>
> Public net: 67.65.229.0
>
> Goal:
>
> 1. Route the five private networks to the T1.
> 2. Run dhcpd and hand out dynamic ip addresses to private nets #2-#5
> 3. Do bandwidth sharing giving net #1 a higher priority
> 4. Do the usual firewall stuff (ICMP limiting, DOS attacks, etc.)
> 5. Do traffic shaping for interactive traffic, www, etc.
> 6. Do NAT for the private nets with the ability to add a specific public
to> private ip mappings for net #1.
> 7. Set up public address pools for NAT on net #2-#5?
>
>
> We initially looked at a Cisco solution for this, but the price was
simply> to high. I have installed a RedHat 9 on a pc with a sufficient number of
> nics to do the job.
>
> I''m just trying to get the routing and NAT to work right now, but
I''m not
> having much luck. Could anyone offer any advice on the best way to set
this> up?
>
> ip route
> 67.65.229.0/24 dev eth0 proto kernel scope link src 67.65.229.253
> 10.10.1.0/24 dev eth1 proto kernel scope link src 10.10.1.254
> 10.10.2.0/24 dev eth2 proto kernel scope link src 10.10.2.254
> 10.10.3.0/24 dev eth3 proto kernel scope link src 10.10.3.254
> 10.10.4.0/24 dev eth4 proto kernel scope link src 10.10.4.254
> 10.10.5.0/24 dev eth5 proto kernel scope link src 10.10.5.254
> default via 67.65.229.254 dev eth0
>
> I can ping addresses on all of the networks from the linux router machine,
> but I can''t ping from one private network to another or the
internet.
>
>
>
> Thanks in advance,
> Gerry
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/