Setup Simple Linux Gateway

Hi,

I've searched the newsgroups a bit and haven't found what I was looking
for yet.

I have Linux Redhat 7.2, and want to set it up as a simple gateway.
Specifically, I do _not_ want any kind of IP masquerading, because all
of the hosts that will be forwarded through the gateway have real public
IP addresses. What I do want is a simple gateway, so that on any box I
can set the linux host as the default gateway. I want the destination
host to see the real IP address of the source host.

I'm not familiar with this kind of setup, so can someone give me the
idea of how to set this up? I assume it would be fairly simple.

This setup is for testing purposes right now, so the box only has one
ethernet card (i.e. source host _could_ talk directly to destination
host, but for testing purposes I need it to bounce through the gateway
first).

Any help would be most appreciated. Thanks!

Warren

Warren wrote:
> I have Linux Redhat 7.2, and want to set it up as a simple gateway.
> Specifically, I do _not_ want any kind of IP masquerading, because all
> of the hosts that will be forwarded through the gateway have real public
> IP addresses. What I do want is a simple gateway, so that on any box I
> can set the linux host as the default gateway. I want the destination
> host to see the real IP address of the source host.

This is really simple: The only thing You need to do is to enable
forwarding on this box like: "echo "1" > /proc/sys/net/ipv4/ip_forward".

Problems that You may encounter are based on a improperly configured
routing table. So firstly, as You say, all clients should have Your
routing box set as a [default] gateway and, the outside (ISP or the
like) must know that they should use Your box as gateway for the range
of public IPs that are in use here, so You need a public IP for the
router, too.

After that, You can tune that all up with iptables or similar. If
there's no service running on this routing box (except for sshd, per-
haps), You needn't worry, but You may want to limit the address range
that You want to allow to go through it and similar.

This way, the routed packets won't be changed by any means, so that
both source and destination address will remain intact. You want this
behaviour, but You can use iptables SNAT, DNAT and MASQUERADE targets
if You want to experiment.


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

> This is really simple: The only thing You need to do is to enable
> forwarding on this box like: "echo "1" > /proc/sys/net/ipv4/ip_forward".

Thanks I was able to get it to work as a default gateway by using
that command.

Now I run into another problem of sorts. It's a little tricky to explain
so here goes:

- nodeG is Redhat Linux 7.2 acting as the gateway with IP forwarding enabled
- nodeS is the source node
- nodeD is the destination node

I set the routing table on nodeS to talk to nodeD via the gateway nodeG.
Then I do a traceroute and see this:
1) nodeG
2) nodeD

This is as I expect. Then I do a traceroute immediately again and get a
different answer:
1) nodeD

Thus, at first it gets routed through the gateway, and after that it's
talking directly to the node. That's all fine and good since they are on
a local network. But I have a problem. I want to _force_ it to go
through the gateway because the gateway is also running nistnet, which
limits bandwidth and allows testing of networking products. I can't test
the product unless it actually gets forced through the gateway.

Can anyone:
(1) explain to me how it talks directly to the node after the first
connect even though the routing table says differently
(2) tell me what to do to fix it

If it helps, nodeD and nodeS are connected to the same switch.

Thanks!

Warren