Hi,
I've been using for about a year now and I'm trying to setup a server to play with. I've got the internet coming into ethernet0 and I see activity. What is the best way to forward the internet out of eth1 to my router?

I'm using red hat.

Thanks!

To forward ports, you need to know your router's local address. Typically just surf to that address in your browser and configure port forwarding from there. Check out your router's documentation.

I know how to do it on the router, my problem is this:

Internet from outside goes into linux box on eth0 (10.250.2.1). I want to forward that internet connection out through eth1 (10.250.2.2).

I have this machine setup as a firewall to protect my machines. I just need to get the internet in one ethenet card and out the other.

I use this setup. Same config, eth0->provider and eth1->router. Notice, you do not need to reference a specific ip.

echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding
echo 1 > /proc/sys/net/ipv4/tcp_syncookies # DOS flooding
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter # source address verification (spoofing)
echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter # source address verification (spoofing)
echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter # source address verification (spoofing)
echo 1 > /proc/sys/net/ipv4/ip_dynaddr # dynamic addressing

# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --table mangle --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
iptables --table mangle --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --append FORWARD --in-interface eth0 --out-interface eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --append FORWARD --in-interface eth1 --out-interface eth0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG,PSH -j DROP # drop bad packets

iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -m state -p icmp --state INVALID -j DROP
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 5/second -j ACCEPT


to permanently save the iptables, once you are happy with them, type

service iptables save

they are then stored in /etc/sysconfig/iptables to be used for each reboot. I put the echo statements in rc.local.

thats advanced for me :)
If I put that into a BASH script and run it, the internet will then be forwarded out of the eth1 interface?

Thanks guys for all of your help.

Yes, but it will not set up DNS for you. At this point you will have address-by-ip only.

as a result you can browse to http://63.236.73.208 (http://63.236.73.208) but not http://justlinux.com (http://justlinux.com)

That may or may not be another post.

Good Luck.

philipant,
Thanks for the help. I now have it forwarding internet from one interface to the other so that my whole network has internet.

Does anyone know how I can setup DNS so that I can type in the domain instead of the IP?

Thanks Again!

This is a copy of my /etc/dhcpd.conf file. You can modify it to your needs.

default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
option domain-name-servers 192.168.2.1;
authoritative;
ddns-update-style ad-hoc;

subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.101 192.168.2.254;
}

As I review your post, I can not help noticing you said
Internet from outside goes into linux box on eth0 (10.250.2.1). I want to forward that internet connection out through eth1 (10.250.2.2).

It would probably a better idea to place eth0 and eth1 on different subnets.

i.e eth0->10.250.1.1 and eth1->10.250.2.1

Each device should have a unique subnet, especially as a dhcp server on eth1 can assign the eth0 ip to a computer on eth1. This is aside from traffic confusion, where your computer needs unequivical rules as to which subnet to place traffic on.