On Thu, 2005-06-02 at 10:33 +1000, Michael Mansour wrote: > Hi Jake, > > > I have a class two NIC firewall. eth0 is my external interface > > connected to my cablemodem, eth1 is my internal interface connected > > to my hub. I am using iptables-based firewall rules and using NAT > > so I can access the internet from all my desktops. Everything is > > working correctly. > > > > The problem is that it only works if I manually set up a default gateway > > route through the external interface. After I boot the system, I > > type the following command: > > > > route add default gw x.x.x.x > > > > where x.x.x.x is the address assigned to my external interface. If I > > don't do this, I cannot access anything on the internet from any my > > internal machines. Once I execute this command it all works as > > expected. I am certain, however, that as a RH 7.2 system, which is > > what I was before I started incrementally upgrading to FC1 where I > > am now, I did not need to do this for it to work. > > > > How can I get this routing between two NICs to work correctly without > > manually executing a 'route' command? Please don't tell me to add this > > command to rc.local. My external IP address is dynamic so it can change > > between reboots. I need some mechanism that works dynamically. I'm > > sure that it used to work this way! > > I was actually surprised to find that out of so many replies to you, people > seemed to have missed the answer to your problem. > > In your /etc/sysconfig/network-scripts/ifcfg-ppp0 file, this is the file > that's used to configure your link/routing when you dialup. There's a variable > here you need to set: > > DEFROUTE=yes > > which will grab the default route information from your ISP and configure your > routing for you. For this to work, you should _not_ set a GATEWAY variable in > your /etc/sysconfig/network file. The GATEWAY flag adds a static default route > to your routing table on system boot, which is not what you want in your > situation. Within the /etc/sysconfig/network file remove the GATEWAY flag (if > it's in there) and add: > > GATEWAYDEV="ppp0" > > which will tell the rc network script to use the default route supplied by the > ifcfg-ppp0 script which picks that up from your ISP. > > Other interesting variables you can use in ifcfg-ppp0 are: > > ONBOOT > PEERDNS > CLAMPMSS > FIREWALL > > there's docs in the system somewhere (I forgot where I read all this when > first doing it) which explains what each variable does, you should review it > to allow you to better understand how the process works. I would guess you're referring to /usr/share/doc/initscripts-*/sysconfig.txt. -- Paul W. Frields, RHCE http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 Fedora Documentation Project: http://fedora.redhat.com/projects/docs/
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
