nixCraft

phatlix · #1 (**permalink**) 09-06-2007, 03:26 PM

Anyone,

I know this read is going to be confusing, but I want to give you more information than to little. I have found a lot of time wasted going back and for trying to get the proper info out, so I am going to tackle it from the get go. The setup I have is actually very simple, but when you try and explain it, in words... well, you have to draw your own picture. That sucks every so often. So please bare with me, I will do my best.

Here is the short setup description:

I have 2 T1's. 1 for internet access and 1 is a private line to my colo. I have an internal network of about 20 machines. My colo has it's own internal network. The reason I am here is to find a solution, on how to let my internal local lan see my remote lan (colo) with all the connections going straight to one linux box. The linux box has three interfaces. Eth0, Eth1, Eth2. One to the internet, one to my switch for the LAN, and one to my colo. I am able to plug the T1 right into my local LAn switch, and setup a route on the linux box, and everything works fine (somewhat). But I do not want my T1 going straight into the switch. I would like to have all connections managed on the one system. When I do this, NATing to the internet for the local LAn works fine, and from the router I am able to see my private line router interface just fine. But from my workstation, I can not. I feel this is an issue with IP FORWARDING. I am not real familiar with that part of the chain, so I am asking for help.

I will now give you the information I am using:

Code:

 
NETWORK:
Eth0 - 70.103.152.1 /29 -> 70.103.152.2 Cisco 1700 (T1 to internet) 
Eth1 - 172.16.1.1 /24   -> Switch (internal network)
Eth2 - 192.168.1.1 /30  -> 192.168.1.2 Cisco 1700 (Private T1 to Colo)
 
/etc/sysconfig/network-scripts/route-eth1
192.168.0.0/24 via 192.168.1.2

Just to be complete... here is the serial interfaces and network in the colo. This I hope will let you understand the routing.

Code:

 
LOCAL SIDE:
FastEth0 192.168.1.2/30
Serial0 172.16.0.1/30
 
REMOTE SIDE:
Serial0 172.16.0.2/30
FastEth0 192.168.0.254/24

OK... here is my current IPTABLES. I know it is missing the parts I may need, but I'm hoping you can help me fill in the blanks.

Code:

 
----- START /etc/sysconfig/iptables -----
 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fw-in - [0:0]
 
-A INPUT -j fw-in
-A FORWARD -j fw-in
-A FORWARD -i eth1 -j ACCEPT
-A fw-in -i lo -j ACCEPT
 
-A fw-in -p icmp -m icmp --icmp-type any -j ACCEPT
 
#-A FORWARD -s 0/0 -i eth1 -d 192.168.0.0/24 -o eth2 -j ACCEPT
 
-A fw-in -m state --state ESTABLISHED,RELATED -j ACCEPT
 
### LOCAL LAN ###
-A fw-in -m state --state NEW -s 172.16.1.0/24 -j ACCEPT
-A fw-in -m state --state NEW -s 192.168.0.0/24 -j ACCEPT
 
### SSH ACCESS ###
-A fw-in -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 
-A fw-in -j DROP
 
COMMIT
 
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
 
-A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
COMMIT
 
----- END /etc/sysconfig/iptables -----

Any help would be much appreciated.

Thanx!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to configure NET-SNMP for multiple different Networks	manish_2479	Networking, Firewalls and Security	3	06-14-2007 01:29 AM
hacking into router	raj1	Linux software	1	01-11-2006 11:41 PM
airtel router setup	rudra	Linux software	0	01-08-2006 02:22 PM
dlink router password		Linux software	1	12-28-2005 01:12 AM
Help ... I mess up with my ADSL router	sweta	Linux software	1	09-21-2005 08:59 PM

nixCraft

1 Router - 3 Networks - Big Help

1 Router - 3 Networks - Big Help

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads