>>>>> "MM" == Michael Mansour <mic@xxxxxxxxxxx> writes: MM> Hi Jake, >> I have a class two NIC firewall. eth0 is my external interface >> connected to my cablemodem, eth1 is my internal interface connected to >> my hub. I am using iptables-based firewall rules and using NAT so I >> can access the internet from all my desktops. Everything is working >> correctly. >> >> The problem is that it only works if I manually set up a default >> gateway route through the external interface. After I boot the system, >> I type the following command: >> >> route add default gw x.x.x.x >> >> where x.x.x.x is the address assigned to my external interface. If I >> don't do this, I cannot access anything on the internet from any my >> internal machines. Once I execute this command it all works as >> expected. I am certain, however, that as a RH 7.2 system, which is >> what I was before I started incrementally upgrading to FC1 where I am >> now, I did not need to do this for it to work. >> >> How can I get this routing between two NICs to work correctly without >> manually executing a 'route' command? Please don't tell me to add this >> command to rc.local. My external IP address is dynamic so it can >> change between reboots. I need some mechanism that works dynamically. >> I'm sure that it used to work this way! MM> I was actually surprised to find that out of so many replies to you, MM> people seemed to have missed the answer to your problem. MM> In your /etc/sysconfig/network-scripts/ifcfg-ppp0 file, this is the MM> file that's used to configure your link/routing when you MM> dialup. There's a variable here you need to set: MM> DEFROUTE=yes MM> which will grab the default route information from your ISP and MM> configure your routing for you. For this to work, you should _not_ set MM> a GATEWAY variable in your /etc/sysconfig/network file. The GATEWAY MM> flag adds a static default route to your routing table on system boot, MM> which is not what you want in your situation. Within the MM> /etc/sysconfig/network file remove the GATEWAY flag (if it's in there) MM> and add: MM> GATEWAYDEV="ppp0" MM> which will tell the rc network script to use the default route MM> supplied by the ifcfg-ppp0 script which picks that up from your ISP. MM> Other interesting variables you can use in ifcfg-ppp0 are: MM> ONBOOT MM> PEERDNS MM> CLAMPMSS MM> FIREWALL MM> there's docs in the system somewhere (I forgot where I read all this MM> when first doing it) which explains what each variable does, you MM> should review it to allow you to better understand how the process MM> works. MM> Regards, MM> Michael. Michael, Your answer is exactly the kind of answer I was hoping for since I am pretty sure it has to do with the various configuration variables not being set correctly. There is one problem, however, with your answer: I am not using a ppp device. My external NIC is dynamic since I am connected to a cablemodem and have not purchased a static IP address. The etho interface is configured via dhcp from my ISP; eth1 is hard-wired as 192.168.0.1. I believe that all the necessary magic comes from the /etc/sysconfig/networking-scripts directory. I have two files: ifcfg-eth0 and ifcfg-eth1. Contents of ifcfg-eth0: DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp Contents of ifcfg-eth1: DEVICE=eth1 BROADCAST=192.168.0.255 IPADDR=192.168.0.1 NETMASK=255.255.255.0 NETWORK=192.168.0.0 ONBOOT=yes The output of 'netstat -rn' following a reboot is: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 68.196.176.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth1 After I manually add a default route through eth0, I get the following: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 68.196.176.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 68.196.186.208 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth1 So what needs to be tweaked to make this all work correctly? And where can I find the documentation on those config files? Thanks! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
