What you're trying to do is pretty simple. Firstly check that you don't have any iptables rules loaded stopping your forwarding: iptables -t mangle -F iptables -t mangle -X iptables -t filter -F iptables -t filter -X then make sure the iptables policy is set to accept: iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT then lastly make sure ip forwarding is switched on: echo 1 > /proc/sys/net/ipv4/conf/all/forwarding you can also do this per interface by echoing 1 to /proc/sys/net/ipv4/conf/eth0/forwarding etc. Once you've done this you should be able to get anywhere. From here follow your HOWTO's to set up a script to use iptables for filtering and NAT, and use HTB/SFQ for bandwidth control. It's all fairly straight forward just use the MASQUERADE target for source NATting your private LAN out to the Internet. Regards, Andrew. ----- Original Message ----- From: "Gerry Weaver" <gerryw@xxxxxxxxxxxxxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Sent: Friday, March 12, 2004 7:22 AM Subject: Linux routing newbie Help!! > Hi, > > I need some help with a routing/shaping setup that is a bit beyond my > current linux routing knowledge. I've read the how-to and most of the > related mailing list topics, but I still need some help to solve this > problem. I've been asking questions on various lists, but it seems like the > answers just add additional confusion. I decided to just describe what I'm > trying to do with the hope that someone could point me in the right > direction. I've read a fair bit about the 2.4 kernel and it seems that linux > is capable of doing these things. I just need some help to get started. I > think if I could get the actual problem translated into a working config, it > would go a long way to helping me understand linux routing etc. > > Here is the needed config: > > Private net #1: 10.10.1.0 (Higher bandwidth priority) > > Private net #2: 10.10.2.0 > > Private net #3: 10.10.3.0 > > Private net #4: 10.10.4.0 > > Private net #5: 10.10.5.0 > > Public net: 67.65.229.0 > > Goal: > > 1. Route the five private networks to the T1. > 2. Run dhcpd and hand out dynamic ip addresses to private nets #2-#5 > 3. Do bandwidth sharing giving net #1 a higher priority > 4. Do the usual firewall stuff (ICMP limiting, DOS attacks, etc.) > 5. Do traffic shaping for interactive traffic, www, etc. > 6. Do NAT for the private nets with the ability to add a specific public to > private ip mappings for net #1. > 7. Set up public address pools for NAT on net #2-#5? > > > We initially looked at a Cisco solution for this, but the price was simply > to high. I have installed a RedHat 9 on a pc with a sufficient number of > nics to do the job. > > I'm just trying to get the routing and NAT to work right now, but I'm not > having much luck. Could anyone offer any advice on the best way to set this > up? > > ip route > 67.65.229.0/24 dev eth0 proto kernel scope link src 67.65.229.253 > 10.10.1.0/24 dev eth1 proto kernel scope link src 10.10.1.254 > 10.10.2.0/24 dev eth2 proto kernel scope link src 10.10.2.254 > 10.10.3.0/24 dev eth3 proto kernel scope link src 10.10.3.254 > 10.10.4.0/24 dev eth4 proto kernel scope link src 10.10.4.254 > 10.10.5.0/24 dev eth5 proto kernel scope link src 10.10.5.254 > default via 67.65.229.254 dev eth0 > > I can ping addresses on all of the networks from the linux router machine, > but I can't ping from one private network to another or the internet. > > > > Thanks in advance, > Gerry > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004 > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
