Search:  
Gentoo Wiki

HOWTO_quick_routing


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Contents

The Dirty Way

routing schematics: internet<->server<->client

0
1
1
0

if not: type on the server

ifconfig eth0 10.8.0.1 netmask 255.255.255.0

type on the client

ifconfig eth0 10.8.0.2 netmask 255.255.255.0


There are 2 scripts:

Server

#!/bin/sh
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward

cat /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
cat /proc/sys/net/ipv4/conf/all/rp_filter

echo "should be 0110"

#all the nic that connect to the internet
#this assumes that eth0 is your uplink
iptables  -t  nat  -A  POSTROUTING  -o  eth0  -j  MASQUERADE
iptables  -A  FORWARD  -s  10.8.0.1  -j  ACCEPT
iptables  -A  FORWARD  -d  10.8.0.1  -j  ACCEPT
#prevent others ip from conecting to my eth0
iptables  -A  FORWARD  -s  !  10.8.0.1  -j DROP

Client

route add default gw 10.8.0.1

If it doesn't work, ping www.gentoo.org on the server and write down the IP. Then, ping the same IP on the client: if it works but pinging www.gentoo.org doesn't, you'll need to edit /etc/resolv.conf... See gentoo manual for more information on this.

The Better, permanent way

I'm assuming both the server/gateway (10.8.0.1) and the client have their network settings working properly. Keep in mind that doing this with only a network card is unsafe, since you'll have to filter the clients by IP and that can be spoofed.

Enabling kernel forwarding

In the gateway, edit /etc/sysctl.conf with your favourite editor and add (or change) the following:

net.ipv4.ip_forward=1

If you don't want to wait for a reboot, just issue the following as root:

echo "1" > /proc/sys/net/ipv4/ip_forward

Enabling iptables masquerading

Add the following to the iptables rules of the gateway (change network accordingly):

# Enable masquerading
iptables -t nat -A  POSTROUTING  -o  eth0  -j  MASQUERADE
# Allow all clients from our LAN to connect to the gateway
iptables  -A  FORWARD  -s  10.8.0.0/24  -j  ACCEPT
iptables  -A  FORWARD  -d  10.8.0.0/24  -j  ACCEPT
#prevent others ip from conecting to my eth0
iptables  -A  FORWARD  -s  ! 10.8.0.0/24  -j DROP

Configuring the client

Simply remove the old default route and add this new one

route del default
route add default gw 10.8.0.1

Troubleshooting

If your client(s) can't access the internet through the gateway, make sure those iptables rules weren't added AFTER the "drop-all" rule (iptables -A INPUT -j DROP) common to most rulesets.

If you get an output similar to "iptables v1.4.1.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)" check that additionally to the standard iptables-options you also have the following kerneloptions enabled: Networking -> Network options -> Netfilter -> Core Netfilter Configuration:

Networking -> Network options -> Netfilter -> Core Netfilter Configuration:

You can find more information about correctly setting up iptables under HOWTO_Iptables_for_newbies

Note: I haven't used Gentoo for a long time, I no longer remember the Gentoo Way (tm) to do this. 89.180.41.40 13:45, 30 July 2007 (UTC)
Retrieved from "http://www.gentoo-wiki.info/HOWTO_quick_routing"

Last modified: Sat, 04 Oct 2008 04:43:00 +0000 Hits: 11,543