Firewall & Routing - help!
Jeff Vian
jvian10 at charter.net
Thu Jun 10 22:59:07 UTC 2004
Kevin F. Berrien wrote:
> Rodolfo J. Paiz wrote:
>
>> Please just post to the list and don't CC me. I'm getting two copies
>> of everything you send, and it's confusing as hell. Thanks.
>
>
> My appologies.
>
>> I really suggest you use masquerading rather than "real" routing. Not
>> necessary, and in this case slightly less secure since it actually
>> permits the concept of incoming traffic. Not what you want, I think.
>
>
> One of the requirements of this installation is to allow remote
> desktop connections from subnet A (2 admin stations) to server on B.
> Thus, I'm avoiding masq. The could spready theoretically to all
> desktops in B.
Masq is not required, only proper routing and IP forwarding enabled on
the gateway machine (as long as there is no communication from a private
network address to an internet address).
>> This will provide the information for the system to set your default
>> route. Do not set a default route somewhere else.
>
>
> Well, after I set it, did a network restart, I have no default route,
> and no traffic from 50.1. When I reboot, I get a default route (from
> a previous attempt I had made at getting this working??). Then I DO
> get traffic from the net via 50.1
>
> If I remove the static route, no internet again.
>
> As I posted on a follow up to my own post...
>
> When I boot, I have the following routes...
>
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 172.20.5.0 * 255.255.255.0 U 0 0
> 0 eth1
> 192.168.5.0 * 255.255.255.0 U 0 0
> 0 eth1
> 192.168.50.0 * 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo
> default 192.168.50.1 0.0.0.0 UG 0 0
> 0 eth0
>
> if I do a network restart it limits down to this....
>
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 172.20.5.0 * 255.255.255.0 U 0 0
> 0 eth1
> 192.168.5.0 * 255.255.255.0 U 0 0
> 0 eth1
> 192.168.50.0 * 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo
>
> So I loose my default route (that I got somewhere when I booted ).
>
> So I need to shore up two things it seems.
>
> 1. default route or no default route. And keep the default route when
> I boot/or restart netowork.
> 2. Remove some old routes in my table, like the 172.20.5.0, and have
> that change stay after reboot (I'll need to know this after anyways,
> as I have to change the ip/subnets from my test environment to the
> live environment.
The default route is usually set by an entry such as mine below in
/etc/sysconfig/network. You MUST have a default route in order to
access the internet.
GATEWAY=192.168.2.15
This must be configured as an IP that is available within one of the
subnets on one of the interfaces installed. It also can be (and usually
is) included within the /etc/sysconfig/network-scripts/ifcfg-ethX file
that it applies to. My system has that line in both locations.
IIRC, the /etc/sysconfig/network file is used at boot, but not used when
doing a network restart, so that may be why the change in 'boot' vs
'network restart' routing.
This also could explain why you are getting the 172.20.5.0 as well as
the 192.168.5.0 networks on eth1. (The 169.254.0.0 address has already
been explained.)
Entries in /etc/hosts may also affect this as far as being able to
communicate using hostnames.
More information about the fedora-list
mailing list