I recently tried to swap server from an ancient Asus PIII machine running Fedora-8 to a Dell PowerEdge T105 running Centos-5.1 .
Unfortunately, I have not been able to set it up to allow local machines to access the internet.
I can access the internet directly from the server (which connects to an ADSL modem) but not from a laptop connected to the server through an ethernet hub or WiFi router.
I can ssh into the server from the laptop, but cannot ping anything beyond the server.
It is as though there were a firewall running on the server which will not allow packets on the LAN to pass to the internet.
This is probably a very ignorant question, but is there such a default firewall running under CentOS?
I've gone back to my old server temporarily, but would prefer to sort out the new one if I could.
Any advice or suggestions gratefully received.
On Tue, Apr 15, 2008 at 5:33 PM, Timothy Murphy gayleard@eircom.net wrote:
Unfortunately, I have not been able to set it up to allow local machines to access the internet.
Did you enable routing? The output of "cat /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't route packets between networks. In some cases (depending on your Internet modem/router) it's possible that you'll need to configure the server to do NAT as well.
You can see the firewall rules with the command "iptables -nL". You can delete all rules by running "iptables -F" (beware, your server will be unprotected if you do that).
If you give more details about your network topology, it would be easier to help you. You may also look at the contents of /etc/sysctl.conf and /etc/sysconfig/iptables on your old server, probably the routing, NAT and firewalling configuration of that server is there.
HTH, Filipe
On Tuesday 15 April 2008 11:48:00 pm Filipe Brandenburger wrote:
Unfortunately, I have not been able to set it up to allow local machines to access the internet.
Did you enable routing? The output of "cat /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't route packets between networks. In some cases (depending on your Internet modem/router) it's possible that you'll need to configure the server to do NAT as well.
Thanks very much. I see that this is set to 0 at present: ------------------------------------------------- [tim@helen ~]$ cat /proc/sys/net/ipv4/ip_forward 0 ------------------------------------------------- I'll try setting it to 1, and re-connecting the server.
You can see the firewall rules with the command "iptables -nL". You can delete all rules by running "iptables -F" (beware, your server will be unprotected if you do that).
I was actually using shorewall (from the epel repository, I think), and hoped/assumed it would take care of any settings like this. I ran "service shorewall clear" and looked at "iptables -L" which seemed to allow everything: ------------------------------------------------- [tim@helen ~]$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination -------------------------------------------------
If you give more details about your network topology, it would be easier to help you. You may also look at the contents of /etc/sysctl.conf and /etc/sysconfig/iptables on your old server, probably the routing, NAT and firewalling configuration of that server is there.
Thanks for your offer. If your earlier suggestion does not work, I'll take it up. I more or less copied everything from the other server, but could easily have missed something.
Thanks again.
On Wednesday 16 April 2008 12:25:35 am Timothy Murphy wrote:
On Tuesday 15 April 2008 11:48:00 pm Filipe Brandenburger wrote:
Unfortunately, I have not been able to set it up to allow local machines to access the internet.
Did you enable routing? The output of "cat /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't route packets between networks. In some cases (depending on your Internet modem/router) it's possible that you'll need to configure the server to do NAT as well.
I found in the end this wasn't the issue; shorewall sets /proc/sys/net/ipv4/ip_forward to 1 by default; I only read it as 0 because I had stopped shorewall.
My error was that I had not added my LAN to /etc/shorewall/masq . Just a silly oversight.
-
Filipe Brandenburger -
Timothy Murphy