Mandrake as gateway/firewall

[zhex900]

I tried everything I can think of . But I my Mandrake 10 box still cannot bring up eth0 and eth1.

 

Ultimately I want my Mandrake box to serve as a gateway/firewall/proxy/dhcp server.

 

 

Internet-----(Mandrake box)------ Router ------- Clients ( Star topology)

 

Please correct me if I am wrong, to get this working. I need to do the following steps.

 

1) Assign IP Address to both eth0 and eth1. (I could not get this part working)

2) Configure routing table. (Not sure how this works exactly)

3) Enable IP forwarding. (This is the easy part)

4) Configure Firewall (shorewall), to enable NAT. (Shorewall’s doc seems to be easy to understand, but since the above steps are not working probably. I don’t know whether my configure files for shorewall is correct or not)

5) Proxy (Squid). (This I’ll do later. Need to read some doc first)

 

Now, I want to resolve the first two setups. So my aim is to have one NIC as dhcp and one static. Also I don't know whether I should add any additional routes, using route.

 

 

First attempt. Eth0 static, eth1 dhcp.

 

*eth1 is connected to my own gateway. (This is for testing, when it works eth1 should be connected to my cable modem)

 

*eth0 is not connected

 

[root@TIGER sysconfig]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=TIGER
GATEWAY=192.168.0.1

[root@TIGER sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
DEVICE=eth0
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
IPADDR=192.168.0.24
NETWORK=192.168.0.0
ONBOOT=yes

[root@TIGER sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
GATEWAY=192.168.0.1
BOOTPROTO=dhcp
DEVICE=eth1
MII_NOT_SUPPORTED=yes
ONBOOT=yes
METRIC=12

[root@TIGER sysconfig]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:02:44:11:DD:24
         inet6 addr: fe80::202:44ff:fe11:dd24/64 Scope:Link
         UP BROADCAST MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:0 (0.0 b)  TX bytes:2226 (2.1 Kb)
         Interrupt:9 Base address:0x2f00

eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
         inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:974 errors:0 dropped:0 overruns:0 frame:0
         TX packets:552 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:157364 (153.6 Kb)  TX bytes:75286 (73.5 Kb)
         Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

[root@TIGER sysconfig]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
127.0.0.0       *               255.0.0.0       U         0 0          0 lo
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth1

[root@TIGER sysconfig]# service network restart
Shutting down interface eth0:                                   [  OK  ]
Shutting down interface eth1:                                   [  OK  ]
Shutting down loopback interface:                               [  OK  ]
Disabling IPv4 packet forwarding:                               [  OK  ]
Setting network parameters:                                     [  OK  ]
Bringing up loopback interface:                                 [  OK  ]
Bringing up interface eth0:                                     [FAILED]
Bringing up interface eth1:                                     [  OK  ]
[COLOR=red]Operation failed.[/COLOR]

 

Why do I have a "Operation failed"?

At this stage I everything seems to work ok. Since eth1 is allocated a IP, and can ping machines in and out side of the network.

 

Second attempt After eth0 cable is connected to my gateway router. So both eth0 and eth1 are connected to my gateway router.

[root@TIGER sysconfig]# service network restart
Shutting down interface eth0:                                   [  OK  ]
Shutting down interface eth1:                                   [  OK  ]
Shutting down loopback interface:                               [  OK  ]
Disabling IPv4 packet forwarding:                               [  OK  ]
Setting network parameters:                                     [  OK  ]
Bringing up loopback interface:                                 [  OK  ]
Bringing up interface eth0:                                     [  OK  ]
Bringing up interface eth1:                                     [  OK  ]
[COLOR=red]Operation failed.[/COLOR]

[root@TIGER etc]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
127.0.0.0       *               255.0.0.0       U         0 0          0 lo

No gateway so cannot connect to outside.

[root@TIGER sysconfig]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:02:44:11:DD:24
         inet6 addr: fe80::202:44ff:fe11:dd24/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:29 errors:0 dropped:0 overruns:0 frame:0
         TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:5002 (4.8 Kb)  TX bytes:4450 (4.3 Kb)
         Interrupt:9 Base address:0x2f00

eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
         inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:992 errors:0 dropped:0 overruns:0 frame:0
         TX packets:577 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:160938 (157.1 Kb)  TX bytes:79650 (77.7 Kb)
         Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

Eth0 still no IP Address. Why?

Attempt three.

 

After I swap the ifcfh-ethx files between eth0, eth1

So now eth0 is dhcp, and eth1 is static with ip address 192.168.0.24

[root@TIGER network-scripts]# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:50:22:E9:8E:A4
         inet addr:192.168.0.24  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::250:22ff:fee9:8ea4/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:1079 errors:0 dropped:0 overruns:0 frame:0
         TX packets:633 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:171246 (167.2 Kb)  TX bytes:84854 (82.8 Kb)
         Interrupt:11 Base address:0x4e00

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:3814 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3814 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:314322 (306.9 Kb)  TX bytes:314322 (306.9 Kb)

[paul]

you don't have any obscure hardware like a firewire card that might be using eth0 do you?

try lspci (or lspcidrake) to have a look at connected devices.

also lsmod to see what modules have been loaded

[zhex900]

I don't think so, because I used eth0 before.

 

I am away from my box, so I only can double check it when I get home.

[streeter]

You are trying to put both cards on the same network - make one of them (the one not connected) 192.168.1.something and change the network number, netmask, broadcast etc.

 

Have you tried setting both to dhcp at the same time, plugging one in at a time and bringing networking up?

All we need to do is prove that eth0 (a Surecom card - what model?) can be assigned an IP address, then we can proceed...

 

See the pinned topic at the top of the networking forum for how to set up internet connection sharing.

[zhex900]

That is probably the reason for my problem. The funny thing is that my linux box are having some hardware problems. So I need to reinstall Mandrake on another box. So I won't be able to test it until Saturday.

 

Nevertheless, just say eth0 and eth1 is working. Is the steps I listed at the top correct?

[streeter]

Pretty much correct - your routing table shouldn't need anything done to it as long as you are not trying to do anything strange.

 

The default gateway is set to your router address and the interface should be the one plugged in to it...

 

Default gateway and (optional) gateway device are set in /etc/sysconfig/network - again, see the howto.

 

Chris