[ale] network question

Damon L. Chesser damon at damtek.com
Sat Jan 23 18:36:26 EST 2010


On Sat, 2010-01-23 at 17:24 -0500, Geoffrey wrote:
> Damon L. Chesser wrote:
> > On Sat, 2010-01-23 at 11:13 -0700, Robert L. Harris wrote:
> >> Turn on forwarding on the machine on A then set the default route on  
> >> the B machines to the machine on A
> >>
> >> :wq!
> >> --
> >>    Robert L. Harris
> > 
> > To be more clear:
> > 
> > cat /proc/sys/net/ipv4/ip_forward
> > if it is not 1, you need to turn it on:
> > 
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > 
> > edit  /etc/sysctl to enable it at boot:
> > net.ipv4.ip_forward = 1
> > 
> > Restart the network on the aaa host.
> > 
> > Now, if you use the "bbb" IP of the "aaa" host as a gateway on the bbb
> > machines, you will be able to ping out.  On the aaa host, use your
> > network gateway as the gw address, on the bbb hosts, use the bbb
> > interface of the aaa host as the bbb gw.  If you are using iptables on
> > the aaa hosts, you will need to modify the iptables rules to allow
> > network traffic through put.  HTH
> 
> Ah, this is what I missed.  The firewall is likely causing havoc with 
> the connectivity.  So, anyone suggest the proper iptables foo to 
> accomplish this?
> 
> internet<->router(gateway for aaa network)aaa.aaa.aaa.aaa
> 
> aaa.aaa.aaa.aaa<->aaa.aaa.aaa.aab<->bbb.bbb.bbb.bbb ???

Not off the top of my head, it is one of those things that I do, then
forget.

see here:
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

If you are using RHEL/CentOS or FC, system-configure-securitylevel-tui
IIRC will allow you to set it with an ncurses interface.  Note the
IIRC!.

Also note that that url will tell you how to set up Masquerading, which
means you can not provide services on the aaa network (from the bbb
network) and this might not be what you want.  If that is the case, then
you would not use iptables --table nat --append POSTROUTING
--out-interface eth0 -j MASQUERADE but I think you would just use
forwarding.
> 
> 
> > 
> >> On Jan 23, 2010, at 10:36, Geoffrey <lists at serioustechnology.com> wrote:
> >>
> >>> Here's the scenario.
> >>>
> >>> Two networks:
> >>>
> >>> aaa.aaa.aaa.000
> >>> bbb.bbb.bbb.000
> >>>
> >>> network aaa has access to internet.  network bbb needs to access
> >>> internet via a machine on aaa.
> >>>
> >>> Assumption is, simply create a route between aaa and bbb.  Does not  
> >>> seem
> >>> to work, bbb can not get to internet.
> >>>
> >>> -- 
> >>> Until later, Geoffrey
> >>>
> >>> "I predict future happiness for America if they can prevent
> >>> the government from wasting the labors of the people under
> >>> the pretense of taking care of them."
> >>> - Thomas Jefferson
> >>> _______________________________________________
> >>> Ale mailing list
> >>> Ale at ale.org
> >>> http://mail.ale.org/mailman/listinfo/ale
> >>> See JOBS, ANNOUNCE and SCHOOLS lists at
> >>> http://mail.ale.org/mailman/listinfo
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> > 
> > 
> > 
> 
> 



-- 
Damon
damon at damtek.com



More information about the Ale mailing list