HPE Community
Operating System - Linux
1827892 Members
1650 Online
109969 Solutions
New Discussion

IP forwarding in Linux

 
Shyam Sundar
Advisor

‎08-10-2002 01:48 AM

‎08-10-2002 01:48 AM

IP forwarding in Linux

Hello,

We have a cluster setup with NIS configured on it. All nodes run Redhat linux (7.3)

The master node has 2 NIC's, one with the IP of 3.212.228.220(eth0) and the other with 192.168.1.1(eth1), the default gateway for the system is 3.212.228.96

All the other nodes in the cluster has one NIC and act as NIS clients with their IP range in 192 series and default gateway as 192.168.1.1

Now from all the clients we are able to ping to 3.212.228.220 (eth0 of master node). But at the same time we are not able ping to other resources of 3.212.228.X network, even all nodes don't ping 3.212.228.96 (which is the default gateway of master node).

In the 3.212.228.96 router, return path is defined properly.

In this scenario, on the master node, whether IP forwarding should be enabled from 192.168.1.1 to 3.212.228.220?
If so, please guide me as how to do the same.

If there is anything else, which has to be done to access 3.212.228.X network from all clients, please advice.

Thanks & Regards,
Shyam
0 Kudos
Reply
3 REPLIES 3
Ron Kinner
Honored Contributor

‎08-10-2002 04:15 AM

‎08-10-2002 04:15 AM

Re: IP forwarding in Linux

You need IP forwarding ON.
You will need NAT (masquerading) if you want them to go to the internet.
You may have to open up your IPchains firewall to allow packets to pass.
Resources on the 3.212.228 LAN will need to know about the 192.168.1 LAN. Which means They must have a route pointing back through the Master Node for this LAN if you do not use NAT.

http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/TXT/TrinityOS.txt

Tells you more than you will ever want to know about this.

Ron
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎08-11-2002 11:19 PM

‎08-11-2002 11:19 PM

Re: IP forwarding in Linux

so why put this under HP-UX forum?

Moving it to linux forum
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Kodjo Agbenu
Honored Contributor

‎08-12-2002 11:09 AM

‎08-12-2002 11:09 AM

Re: IP forwarding in Linux

Hello,

At home, I use iptables for doing this.

Here is an abstract of my /etc/rc.d/rc.local file :

# -----
# Initialization
# * Flush all built-in chains
# * Delete all user-defined chains
# * Set the default policy : drop all input packets
# -----

DNS_SERVERS="IP_DNS_1 IP_DNS_2 ..."

iptables -t filter -F
iptables -t filter -X
iptables -t filter -Z
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP

echo "0" >/proc/sys/net/ipv4/ip_forward

iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -t nat -P OUTPUT DROP

# -----
# Allow traffic that seems "normal"
# -----

iptables -t filter -A INPUT -i eth1 -j ACCEPT
iptables -t filter -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

for dns in ${DNS_SERVERS}
do
iptables -t filter -A INPUT -i eth0 -p udp --sport 53 -d ${dns} -j ACCEPT
done

iptables -t filter -A FORWARD -i eth1 -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t filter -A OUTPUT -j ACCEPT

iptables -t nat -A PREROUTING -j ACCEPT
iptables -t nat -A POSTROUTING -j ACCEPT
iptables -t nat -A OUTPUT -j ACCEPT

# -----
# Masquerade outgoing traffic
# -----

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward

exit 0

Of course you may want more security, particularly maybe to log all "bad" packets. Feel free to adapt these rules to your configuration.


Good luck.

Kodjo
Learn and explain...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.