Firewall & Routing - help!

Kevin F. Berrien kblists at comcast.net
Thu Jun 10 20:44:35 UTC 2004 

Thanks for the reponses by everyone.  I've combined the ideas, done the 
following with the following results.

 > a)  make a route in 192.168.50.1 that routes traffic for 192.168.5.0 to
 > your IP of 192.168.50.48...  This will allow your gateway server/router
 > to route packets to this additional network properly.

Done, set a route on 50.1 to 5.0 (test environ is a linksys BEFSR41, 
live will be Symantec/Raptor fw).

 > And you need to turn on packet forwarding on the box that is routing 
between subnets to do that.
 > Edit /etc/sysctl.conf changing ip_forward on:
 > net.ipv4.ip_forward = 1
 > Then apply the change with the following command:
 > sysctl -p

Ok, edited the value of net.ipv4.ip_forward to true.  Please note, when 
I execute a network restart I see the following...

    Shutting down interface eth0:                              [  OK  ]
    Shutting down interface eth1:                              [  OK  ]
    Shutting down loopback interface:                          [  OK  ]
    Disabling IPv4 packet forwarding:                          [  OK  ]

I'm not sure where the IPv4 packet forwarding dissable is comming from.

 > When you have multiple devices like this, each device should have its 
gateway for the local network (or no gateway if *it*
>  is the gateway)

Edited eth1 with gateway blank.

 > then you should have a statement like this in your 
/etc/sysconfig/network file:
 > GATEWAYDEV=eth0

Added.

 >  NOW, try pinging 192.168.5.200 from 192.168.50.48... You should get
 >  responses back.  If so, try 192.168.5.3 next.

******** I've turned off the fw to test the routing.

Ok, I can ping from the firewall both ways, machine from one subnet to 
the other, and vice versa.
I can access my internal web server just fine.  I get dns results from 
internal dns server etc.... so I'm bridging the subnets now.

I however, CAN NOT get out of my 50.x subnet to the internet from the 
firewall, and from the machine at 5.3.

[root at choke root]# ping www.groklaw.net
connect: Network is unreachable

Also, where are the default routes, etc.. stored in RH/FC1?  When I 
first  boot, I've got some crazy routes from playing around before....

btw, here is my routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
172.20.5.0      *               255.255.255.0   U     0      0        0 eth1
192.168.5.0     *               255.255.255.0   U     0      0        0 eth1
192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
[root at choke root]#

Dunno what hte 169.254 is, or where its comming from.


My route on the bastion fw (50.1)  appears to be ok.


All most there!  Thanks!

More information about the fedora-list mailing list