Using Fedora as firewall.

Rodolfo J. Paiz rpaiz at simpaticus.com
Sat Apr 17 19:47:43 UTC 2004


At 03:56 4/17/2004, you wrote:
>Now I have two networking cards, one buildin in the motherboard (eth0) and 
>one in a PCI slot (eth1). When I tried to do the same to give my WinXP box 
>access to the internet I couldn't get it right. When I connect to internet 
>using eth0 everything is fine. When I start eth1 to the WinXP box it 
>works, but then I have no contact with the internet thru eth0.
>To get contact with the internet again I have to stop eth1 and restart 
>eth0. Does anyone have a clue?

First you need to solve your networking problems, so that you can have both 
network interfaces up and running and so that the Fedora box (which will be 
the firewall and gateway) can access both the Internet via eth0 and the 
internal network (your XP box) via eth1.

Then my best suggestion is to go to http://www.shorewall.net and read the 
"two-interface quick guide" there. Download the software and it will show 
you how to set up the configuration files (simple text files) to get the 
result you want. Shorewall will configure everything: gateway service, 
routing, masquerading, firewall rules, and allowing some ports access from 
the Internet to your firewall or to an internal machine if you so desire.

I am also working on a more complete document for what you want, called the 
"Small Netserver HOWTO". It will show you how to set up DHCP, DNS, and NTP 
for your home network on that Fedora box, which will make your life much 
easier from then on. It is unfortunately not complete yet, but hopefully 
what I have so far will help give you a little guidance and I'll finish it 
soon. You can reach it from here:

http://www.simpaticus.com/linux

Note: this document assumes you have set up your networking properly (which 
you haven't so far) so it is *NOT* useful to solve your actual problems. It 
will, hopefully, be useful to you *after* you get past this small 
networking problem. Hope it helps somewhat.

Now, to solve your present problem:

>The internet company used DNS to assign network adresses and the WinXP has 
>adress 172.16.0.2

Can we get the following:

         * Contents of /etc/sysconfig/network-scripts/ifcfg-eth0 and ifcfg-eth1

         * Contents of /etc/sysconfig /network

         * Contents of /etc/resolv.conf

         * Output of "/sbin/route -n"

This will help us figure out the problem.


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com





More information about the fedora-list mailing list