Well I think this system is back on 3.5. How do I tell? Have not used it in a while... I need a NAT for some quick testing and this box was available. Only a 6gb drive, so I can't install Astaro (which I have licenses for). So is there a simple way to turn on NATing? Should I upgrade to 4.2? This box is behind a firewall, so security risks are not the issue. This time.
On Mon, 2005-12-19 at 11:34 -0500, Robert Moskowitz wrote:> Well I think this system is back on 3.5. How do I tell? Have not > used it in a while...---- cat /etc/redhat-release ----> > I need a NAT for some quick testing and this box was available. Only > a 6gb drive, so I can't install Astaro (which I have licenses for).---- multiple NIC's ? yum install firestarter or http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/index.html ----> > So is there a simple way to turn on NATing? Should I upgrade to 4.2?---- simple no - NAT requires firewall rules. For this purpose, there shouldn't be much of a difference between CentOS 3 or 4 ----> > This box is behind a firewall, so security risks are not the issue. This time.---- OK Craig
Robert Moskowitz <rgm at htt-consult.com> wrote:> Well I think this system is back on 3.5. How do I tell? > Have not used it in a while...cat /etc/redhat-release> I need a NAT for some quick testing and this box was > available. Only a 6gb drive, so I can't install Astaro > (which I have licenses for). > So is there a simple way to turn on NATing? Should I > upgrade to 4.2?Why would you upgrade to 4.2? NetFilter and the IPTables interface has changed little since 2.4. E.g., given a private network of 172.31/16, and an Internet-face interface of eth2 /sbin/iptables -A POSTROUTING -t nat -s 172.31.0.0/255.255.0.0 -o eth2 -j MASQUERADE echo "1" >> /proc/sys/net/ipv4/ip_forward This also assumes you already have existing iptables rules regarding ESTABLISHED,RELATED states and other firewall rules.> This box is behind a firewall, so security risks are not > the issue. This time.Is your firewall also doing NAT+PAT? If so, then I don't recommend 2 layers of NAT+PAT -- especially not on a corporate network. -- Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com --------------------------------------------------------------- "On the basis of the American view, which may be right, the success of the Iraqi political experiment is bound to provide a model to be emulated in Syria and in the various countries neighbouring Iraq" -- Nur-Al-Din, Al-Safir (Lebanon Periocial)
On Monday 19 December 2005 11:34, Robert Moskowitz wrote:> Well I think this system is back on 3.5. How do I tell? Have not > used it in a while... > > I need a NAT for some quick testing and this box was available. Only > a 6gb drive, so I can't install Astaro (which I have licenses for). > > So is there a simple way to turn on NATing? Should I upgrade to 4.2? > > This box is behind a firewall, so security risks are not the issue. This > time. >Firestarter will take about 5 minutes to set up: http://prdownloads.sourceforge.net/firestarter/firestarter-1.0.3-1.i386.rpm?download If you want greater control (multiple IPs on virtual interfaces), try shorewall: http://www.shorewall.net/ Also, if you want DHCP, you need to do a yum install dhcp. Firestarter will configure DHCPd for you, but it will not install it.