Simple Routing with Redhat 9

Discussion in 'Linux Networking' started by Jimbo Johnes, Nov 13, 2003.

  1. Jimbo Johnes

    Jimbo Johnes Guest

    Greetings,
    This has been keeping me awake for 3 days now, so I am turning to you
    for help.
    My objective is to set up a simple firewall using iptables using RH9
    as my gateway. I have 8 ip addresses [5 usable] starting from
    64.138.38.42 - 46.
    ..41 is the ip address of the modem. .47 is the broadcast ip.
    I have 2 NICs eth0[external] -64.138.38.42 and 64.138.38.45; gateway =
    ..41
    the other NIC, internal, is 192.168.1.101, with no gateway. I have
    routing enabled so the workstations on the internal LAN can browse the
    net.
    Simple, isn't it?
    There are no iptables rules loaded at this time, so anyone is free to
    go in and out. The problem is that when I telnet into the firewall .42
    and issue wget from the server on the local LAN [.108] to get me a
    small image [about 100 bytes] everything is fine, but when the image
    size is larger 10K+ the wget either hangs or very slow.
    I am running snort to log the packets and i see the packets being send
    in and out of the server [.108], but the process never completes.
    anyone had similar experience? any idea's what is going on?
    i appreciate any help,

    misha
     
    Jimbo Johnes, Nov 13, 2003
    #1
    1. Advertisements

  2. Jimbo Johnes in magna cum
    audacia dixit:

    [zac]
    Why have you set up your LAN with public ip?

    I probably would have done this way:
    - one NIC with the modem and the public ip - 64.138.38.41
    - the second NIC with private ip connected to the hub (i presume) -
    192.168.0.1
    than you need to setup your clients with the range of the internal lan
    192.168.0.[2;255] same subnet.

    setup your clients with default gateway=192.168.0.1 then the DNS=your_dns.

    Now on the server enable ipforward and NAT and MASQUERADE pkts outgoing from
    modem with a script at startup that could be:

    ##################################
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # Variables
    IF_WITH_MODEM =eth0

    iptables -F
    iptables -X
    iptables -t nat -A POSTROUTING -o $IF_WITH_MODEM -j MASQUERADE
    iptables -A INPUT -i $IF_WITH_MODEM -p tcp --syn -j DROP
    ###################################

    Hope this help.

    Bye!
     
    Arsenio Lupin, Nov 14, 2003
    #2
    1. Advertisements

  3. Jimbo Johnes

    Ivan Marsh Guest

    No, but your next problem is going to be the massive denial of service
    attack you'll, no doubt, be under for cross-posting and including your IP
    address.
     
    Ivan Marsh, Nov 14, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.