[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Natting/Proxy/DansGuardian server dead after power bump- Help!



On Thu, 9 Oct 2003, Jim Christiansen wrote:

>Hello Everyone,
>
>I've got a problem here.  750 students can't surf.
>
>My proxy/natting box that I sent all of the student traffic through has 
>died.  It was a headless RedHat 8 box with Webmin and ran well.  I thought 
>I'ld install K12LTSP on it since it had natting built in if there were two 
>cards detected.  I can not ping and dig outside my 192.168.1.x network.
>
>pico -w /etc/sysconfig/networking/devices/ifcfg-eth0
>BOOTPROTO=none
>PEERDNS=no
>TYPE=Ethernet
>DEVICE=eth0
>NETMASK=255.255.255.0
>BROADCAST=142.26.181.255
>IPADDR=142.26.181.70
>NETWORK=142.26.181.0
>ONBOOT=yes
>USERCTL=no
>
>pico -w /etc/sysconfig/networking/devices/ifcfg-eth1
>BOOTPROTO=none
>PEERDNS=no
>TYPE=Ethernet
>DEVICE=eth1
>NETMASK=255.255.255.0
>BROADCAST=192.168.1.255
>IPADDR=192.168.1.253
>NETWORK=192.168.1.0
>ONBOOT=yes
>USERCTL=no
>
>Nat is turned on in redhat-config-services.

First, I see that you have the public address on eth0 and the
private on eth1. K12LTSP, by default, looks for the private on
eth0 and the public on eth1.

Edit /etc/init.d/nat and at the top you'll a line that says:

	PUBLIC_ETHERNET="eth1"

Try changing that to:

	PUBLIC_ETHERNET="eth0"

and restarting the nat service.

The nat service does two things, it turns on IP forwarding and
adds a firewall rule.

If the following command returns "1", IP forwarding is on:

	cat /proc/sys/net/ipv4/ip_forward

To check that the firewall rule is loaded, run:

	iptables -L -n -t nat | grep MASQUERADE

which should return:

	MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0


You should be sure to double-check all of your firewall rules.
If you switched the default public/private ethernet devices but
used the default K12LTSP firewall rules you may be firewalling
yourself off (while giving free-reign from the Internet side).
This is true only if you select the "K12LTSP" option, selecting 
"Server" or "Workstation" has different default firewall rules.


-Eric




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]