| 1 |
Greetings all. Hope the weather in bejing is pleasant, Mr Wu. |
| 2 |
|
| 3 |
On Mon, 14 May 2007 11:58:34 -0300 (ART) |
| 4 |
"Norberto Bensa" <nbensa@×××.net> wrote: |
| 5 |
|
| 6 |
> On Mon, May 14, 2007 8:23 am, Chuanwen Wu wrote: |
| 7 |
> > Thank you!I think i have done what you meant. |
| 8 |
> > Here is the information: |
| 9 |
> > |
| 10 |
> > |
| 11 |
> > /etc/conf.d/net in the server |
| 12 |
> > config_eth0=( "202.114.10.134 netmask 255.255.255.0 brd |
| 13 |
> > 202.114.10.255" ) routes_eth0=( "default gw 202.114.10.129" ) |
| 14 |
> |
| 15 |
> OK |
| 16 |
|
| 17 |
> > |
| 18 |
> > config_eth1=( "192.168.1.63 netmask 255.255.255.0 brd |
| 19 |
> > 192.168.1.255" ) routes_eth1=( "default gw 192.168.1.1" ) |
| 20 |
> |
| 21 |
> You don't need a route here. |
| 22 |
More exactly, a route to the subnet 192.168.1.0/24 will automatically |
| 23 |
be created through eth1. A _gateway_ in this case is not necessary |
| 24 |
because eth1 lives on that subnet. |
| 25 |
> |
| 26 |
> > /etc/conf.d/net in one PC |
| 27 |
> > config_eth0=( "192.168.1.35 netmask 255.255.255.0 brd |
| 28 |
> > 192.168.1.255" ) routes_eth0=( "default gw 192.168.1.1" ) |
| 29 |
> |
| 30 |
> No. GW should be 192.168.1.63, which is the IP address of your |
| 31 |
> gateway. |
| 32 |
> HTH, |
| 33 |
> Norberto |
| 34 |
> |
| 35 |
First, the firewall configuration. Your first message said: |
| 36 |
> The eth0 here has the real ip,and the eth1 have a subnet |
| 37 |
> ip:192.168.1.21. |
| 38 |
But here you show that you set it to .63, as Norberto pointed out. I |
| 39 |
assume that was just a typographical error in the first email. Moving |
| 40 |
on, the default route for the firewall is probably to the outside |
| 41 |
world, and if you can ping google.com, it works. |
| 42 |
|
| 43 |
Second, the client configuration. The route for the subnet it's on |
| 44 |
(192.168.1/24) is automatically created, as before. The default route |
| 45 |
is the IP of the firewall/gateway it's behind, namely 192.168.1.63 as |
| 46 |
Norberto said. The machine that's forwarding packets to the internet |
| 47 |
for these hosts now provides the route to the outside world for these |
| 48 |
hosts. |
| 49 |
|
| 50 |
Third, you must tell your client PCs nameservers, so that they can |
| 51 |
resolve domain names. If you fail to do so, even though a ping of |
| 52 |
google.com, for example, fails, a ping of its ip address |
| 53 |
(64.233.167.99, in my case) will work. |
| 54 |
|
| 55 |
Fourth, you must check your firewall (that is, iptables) configuration |
| 56 |
to be sure your iptables all refer to the correct subnet. |
| 57 |
> iptables --table nat -A POSTROUTING -s 192.168.8.0/24 -j MASQUERADE |
| 58 |
that wasn't right -- obviously the subnet should be your own. |
| 59 |
|
| 60 |
Since the firewall you're building knows all the information the hosts |
| 61 |
need to know (subnet information, routes, etc) you may wish to set up a |
| 62 |
rudimentary DHCP server on it, so that additional hosts can be added |
| 63 |
without configuration by the user. You may also wish to impliment a |
| 64 |
caching, recursive nameserver for enhanced efficiency. DNSMasq can do |
| 65 |
both. |
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-user@g.o mailing list |
Archives