I've read a number of articles, googled the web for a few months and now attempting at turning my CentOS box into a gateway for the third time. Configured my dhcpd.conf and other related files and all seems to be working, I can have my M$ desktop leasing an ip address and all. The problem is when I want to go out to the internet I keep on getting the Request Timed out error. I'm pretty sure I've followed the manuals to the letter. The hardware is working fine. Any clues or pointers would be very much appreciated. TIA, Joao
> I've read a number of articles, googled the web for a few months and > now attempting at turning my CentOS box into a gateway for the third > time. Configured my dhcpd.conf and other related files and all seems > to be working, I can have my M$ desktop leasing an ip address and all. > > The problem is when I want to go out to the internet I keep on getting > the Request Timed out error. > > I'm pretty sure I've followed the manuals to the letter. The hardware > is working fine. > > Any clues or pointers would be very much appreciated. > > TIA, > Joao > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >What other software are you using? I have use one for the same purpose. Are you using a firewall and if so what rules do you have? Royce
On Wed, 2005-03-30 at 14:10 +0100, Joao Medeiros wrote:> I've read a number of articles, googled the web for a few months and > now attempting at turning my CentOS box into a gateway for the third > time. Configured my dhcpd.conf and other related files and all seems > to be working, I can have my M$ desktop leasing an ip address and all. > > The problem is when I want to go out to the internet I keep on getting > the Request Timed out error. > > I'm pretty sure I've followed the manuals to the letter. The hardware > is working fine. > > Any clues or pointers would be very much appreciated. > > TIA, > JoaoYou need to do ip-masquerading to pass traffic thru a linux box as a gateway. That requires 2 NICs and an iptables script which does masquerading I use this script to setup that kind of box: http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050330/514541a1/attachment-0005.sig>
Don't forget to turn forwarding on too. sysctl -w net.ipv4.ip_forward=1 Johnny Hughes wrote:>You need to do ip-masquerading to pass traffic thru a linux box as a >gateway. That requires 2 NICs and an iptables script which does >masquerading > >I use this script to setup that kind of box: >http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER > > > >
Make sure you have bind installed and two ethernet cards installed. Give the lan ethernet card a static IP such as 192.168.0.1 Use the firestarter package (www.fs-security.com). http://www.fs-security.com/ Run the wizard (5 screens) http://www.fs-security.com/pics/wizard3.png You're done! If you are curious about how to do this yourself, check /etc/ firestarter there is a "firewall" config file that shows every step the program did to enable forwarding, etc. If you are generally happy with the program, you can add in custom scripts in the user-pre file- they load before firestarters other rules and take precendence. If you hate the program, study what options it passes under the config file. On 03/30/2005 07:21:37 AM, Johnny Hughes wrote:> On Wed, 2005-03-30 at 14:10 +0100, Joao Medeiros wrote: > > I've read a number of articles, googled the web for a few months > and > > now attempting at turning my CentOS box into a gateway for the > third > > time. Configured my dhcpd.conf and other related files and all > seems > > to be working, I can have my M$ desktop leasing an ip address and > all. > > > > The problem is when I want to go out to the internet I keep on > getting > > the Request Timed out error. > > > > I'm pretty sure I've followed the manuals to the letter. The > hardware > > is working fine. > > > > Any clues or pointers would be very much appreciated. > > > > TIA, > > Joao > > You need to do ip-masquerading to pass traffic thru a linux box as a > gateway. That requires 2 NICs and an iptables script which does > masquerading > > I use this script to setup that kind of box: > http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER > > >> _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >
On Wed, 30 Mar 2005, Joao Medeiros wrote:> I've read a number of articles, googled the web for a few months and > now attempting at turning my CentOS box into a gateway for the third > time. Configured my dhcpd.conf and other related files and all seems > to be working, I can have my M$ desktop leasing an ip address and all. > > The problem is when I want to go out to the internet I keep on getting > the Request Timed out error.sounds like you did not add a proper default route, or there is a deeper netmask issue. File should look something like this (I have trimmed lots out): [herrold at ftp etc]$ grep -v ^# dhcpd.conf ddns-update-style none ; server-identifier ftp.eleven.lan ; option domain-name-servers 10.16.11.253, 66.195.224.112 ; option time-offset 300; default-lease-time 600; max-lease-time 14400; option option-128 code 128 = string; option option-129 code 129 = text; shared-network ELEVEN-LAN { option routers 10.16.11.1; # router being our router; option domain-name "eleven.lan"; option subnet-mask 255.255.255.0; allow booting; allow bootp; subnet 10.16.11.0 netmask 255.255.255.0 { pool { range 172.16.11.2 172.16.11.98 ; authoritative ; allow unknown-clients; } } } [herrold at ftp etc]$ -- Russ Herrold
Johnny Hughes wrote: <snip>>You need to do ip-masquerading to pass traffic thru a linux box as a >gateway. That requires 2 NICs and an iptables script which does >masquerading > >I use this script to setup that kind of box: >http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER > >Is it absolutely necessary to use IP-Masq / NAT in order to setup Linux as a Router? I'm trying to setup a few Linux machines (Centos of course) as convential routers as opposed to Gateways so that I can learn more about routing between them on various Subnets. All the How-To's I've found talk about Masq, I would appreciate if anyone can point me in the direction of a convential Linux router howto. Thanks in advance Regards Lee