Okay I have a Red Hat 9 box acting as my router to the internet for my LAN. I have my external nic set to get it's IP via DHCP (which it does just fine). My internal NIC is set to static like so:

IP 192.168.1.1
sub 255.255.255.0
no gateway

so I go over to one of my LAN boxes and put in the staic IP like so:

IP 192.168.1.2
Sub 255.255.255.0
gateway 192.168.1.1

But no matter what I do internal requests never make it to teh interner. I can go the machine with the dual nics that is acting as my router and it can get out just fine. So this tells me that I am am missing something but what is it? Please help me before I lose my mind!

Originally posted by Mow
But no matter what I do internal requests never make it to teh interner. How are you testing this? By pinging some DNS name?

What's the error message?

I can ping the gateway but if I try to go to say this site on a LAN node it just says teh site could not be found ...... it almost sounds like the forwarding is not working.

Sounds like routing between interfaces is not enabled.


Edit the file /etc/sysctl.conf

Verify that you have this entry in there:

net.ipv4.ip_forward=1

Restart networking.

checked and did ........ still no luck.

Well, lets start from the beginning.

Was this an existing box that got its public IP via DHCP, worked fine like that, then you added the second NIC to make it do routing so you can share it with the LAN?

If so, and you are doing this by hand you also have to enable NAT (IP Masquearding). Have you done that yet?

Seems to me your RH 9 should have a wizard to set this up for you, no?

Was this an existing box that got its public IP via DHCP, worked fine like that, then you added the second NIC to make it do routing so you can share it with the LAN? -- yes

If so, and you are doing this by hand you also have to enable NAT (IP Masquearding). Have you done that yet? -- yes

Seems to me your RH 9 should have a wizard to set this up for you, no? -- I would think so and either I'm being a dork and missing it totally or for whatever reason this didn't get installed.

Well, the only suggestion I have at this point would be to look on Red Hat's site or the Documentation CD for a HOWTO on IP MASQ/NAT that is relavent for Red Hat Linux 9, and go thru that very closely.

I don't run any of that NAT/MASQ stuff here myself, so I have no direct experience with it.

Okay now it just got goofier. I reloaded my machine, went through and made the changes to enable forwarding and masquerading and it worked! I was able to surf the net from internal to external just fine! Then I ran the updates from RHN and then rebooted to use the new kernel and I'm broke again ...... even rebooting into the old kernel doesn't work.

I just don't get it. This shouldn't be this hard to set up.

When you "went through and made the changes to enable forwarding and masquerading and it worked" did you write or change anything in the /proc filesystem? That filesystem isn't permanent, it vanishes on shutdown.

Originally posted by Mow
I can ping the gateway but if I try to go to say this site on a LAN node it just says teh site could not be found That's not the error message.

What happens when you ping www.justlinux.com? What, exactly, gets printed?

I'm guessing that you haven't set up DNS properly. I don't think it has anything at all to do with IP forwarding. But without the exact error, all that anybody can do is just guess.

Okay I can recreate the erro and the fix (sort of).

If I reload my machine, setting my external nic to DHCP, Medium Firewall and the internal to say 192.168.1.1 sub 255.255.255.0 with no gateway then I run teh following commands:

echo 1 > /proc/sys/net/ipv4/ip_forward (and I also change the ipforward line in /etc/sysctl.conf from 0 to 1)

Then I do a iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 (external nic) -j MASQUERADE

And bam 100% of the time I get it running.

Now here is the catch, if I let rhn update my system with the updates and reboot, everything stops working. Even if I revert back to the old kernel.

I've just got done reloading to test this and it's teh same thing ...fresh load works fine, update via the Red Hat Network, everything quits working. So something is getting adjusted that is messing everything up. It doesn't seem kernel specific either.

I figured i would provide a definitive answer. I had the same problem. There is no GUI/ Wizard. So now. Red hat uses IPTables by default. That is perfectly ok. To configure NAT/IP Masquerading, and make your life easier, lets assume your dhcp interface is eth0, and your static is eth1.

Step 1.
with a text editor as root, edit the following files.
/etc/sysctl.conf and set net.ipv4.ip_forward = 1
/etc/sysconfig/network and set GATEWAYDEV = eth0
comment out GATEWAY =
Step 2.
as root run the following commands in the terminal.
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
"iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT"
"iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT"
"iptables -A FORWARD -s ! 192.168.1.0/24 -j DROP"
"iptables-save > /etc/sysconfig/iptables"
"service iptables restart"
"service network restart"
That should basically take care of you. Good luck, and I hope I helped.

An important one is "iptables-save > /etc/sysconfig/iptables"
It sounds like all the modifications you made aren't being saved. Iptables as a service looks for the /etc/sysconfig/iptables file for it's rules. So basically save your work.:cool:

I just use Firestarter and all these headaches go away in about 5 minutes or however long it takes to set up your IP's and configure the wizard. Sometimes it's nice to have something that just works so you can go on with life.

Thank you all for the help ..... everything seems to be in order now.

The thing that got me is that it all worked until I let RH update ..... now I have some GREAT solutions and I seem to be okay.

I'm actually going to do a minimal install of Mandrake, configure my NIC's and then load firestarter .... just an easy way to go really :)

Thanks again all ..... I'll buy the next round.