On 06/04/2013 09:20 AM, Johan Vermeulen wrote:
dear All,
I'm facing this routing problem, the setup is actualy part of ltsp, but I think this problem is Centos-specific.
The server is a Dell Poweredge R210. The install is standard 6.4, updated.
I have one nic facing the public internet:
vi /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2b NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" IPV6INIT=no USERCTL=no DNS2= DNS1= IPADDR= NETMASK= GATEWAY=
and one nic serving the lan and dhpcd.
vi /etc/sysconfig/network-scripts/ifcfg-em2
DEVICE=em2 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2c NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" IPADDR= NETMASK= IPV6INIT=no USERCTL=no
in iptables, prerouting and masquerading are configured :
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth+ -j MASQUERADE -A POSTROUTING -o em2 -j MASQUERADE
Shouldn't this be em1?
COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth+ -j ACCEPT -A INPUT -i em2 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth+ -j ACCEPT -A FORWARD -i em2 -j ACCEPT -A FORWARD -o eth+ -j ACCEPT -A FORWARD -o em2 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
and in /etc/sysctl.conf
ipforwarding is set to 1
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details.
# Controls IP packet forwarding net.ipv4.ip_forward = 1
clients get ip adresses from dhcp server, and there's no other dhcp server on the lan.
But clients cannot ping the public internet, e.g.
the only EM I'm seeing is when executing command :
[root@centoshofkwartier ~]# sysctl -p /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296
I switched the cables and switches, and changed the connection with the public internet.
Can anybody offer some advise on this?
Greetings, J.