[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Natting/Proxy/DansGuardian server dead after power bump- Help!



Thank you, Eric,

I wanted to keep everything as 'standard' as possible so I switched the IP addresses on both nics. Then went back to school to swap the cables.

[root proxy2 root]# cat /proc/sys/net/ipv4/ip_forward
1

But...
[root proxy2 root]# iptables -L -n -t nat | grep MASQUERADE
[root proxy2 root]#

This must explain why nothing is working! Somehow I manged to mess up your nat deamon. When I ran the install, I chose custom and ticked off erverything except news server.

I have turned off iptables. Should this be turned off for your nat function to operate?
service iptables stop
chkconfig iptables off


service nat start
returns...
[root proxy2 root]# service nat start
Starting up Network Address Translation:
[root proxy2 root]#

...nothing

Maybe the rules or the script is not working?

Jim


pico -w /etc/sysconfig/networking/devices/ifcfg-eth0
BOOTPROTO=none
PEERDNS=no
TYPE=Ethernet
DEVICE=eth0
NETMASK=255.255.255.0
BROADCAST=142.26.181.255
IPADDR=142.26.181.70
NETWORK=142.26.181.0
ONBOOT=yes
USERCTL=no

pico -w /etc/sysconfig/networking/devices/ifcfg-eth1
BOOTPROTO=none
PEERDNS=no
TYPE=Ethernet
DEVICE=eth1
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
IPADDR=192.168.1.253
NETWORK=192.168.1.0
ONBOOT=yes
USERCTL=no

Nat is turned on in redhat-config-services.

First, I see that you have the public address on eth0 and the private on eth1. K12LTSP, by default, looks for the private on eth0 and the public on eth1.

Edit /etc/init.d/nat and at the top you'll a line that says:

PUBLIC_ETHERNET="eth1"

Try changing that to:

PUBLIC_ETHERNET="eth0"

and restarting the nat service.

The nat service does two things, it turns on IP forwarding and
adds a firewall rule.

If the following command returns "1", IP forwarding is on:

cat /proc/sys/net/ipv4/ip_forward

To check that the firewall rule is loaded, run:

iptables -L -n -t nat | grep MASQUERADE

which should return:

MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0


You should be sure to double-check all of your firewall rules. If you switched the default public/private ethernet devices but used the default K12LTSP firewall rules you may be firewalling yourself off (while giving free-reign from the Internet side). This is true only if you select the "K12LTSP" option, selecting "Server" or "Workstation" has different default firewall rules.


-Eric


_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]