First,
I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT}
This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT fine, but when I write the file /etc/sysconfig/network with the line 'FORWARD_IPV4=YES' it still doesn't enable the ip forwarding after boot?
cat /proc/sys/net/ipv4/ip_forward 0
So how do I do this?
Second, In DHCP, you can specify multiple DNS servers:
option domain-name-servers 10.0.0.1, 10.0.0.2, 10.0.0.3;
can you also do this with routers?
option routers 10.0.0.1 10.0.0.2;
so that if one is down, the network PC's can fail over to another?
Tim Alberts wrote:
First,
I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT}
This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT fine, but when I write the file /etc/sysconfig/network with the line 'FORWARD_IPV4=YES' it still doesn't enable the ip forwarding after boot?
cat /proc/sys/net/ipv4/ip_forward 0
So how do I do this?
Modify /etc/sysctl.conf : # Controls IP packet forwarding net.ipv4.ip_forward = 1
CM
Tim Alberts wrote:
First,
I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT}
This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT fine, but when I write the file /etc/sysconfig/network with the line 'FORWARD_IPV4=YES' it still doesn't enable the ip forwarding after boot?
cat /proc/sys/net/ipv4/ip_forward 0
So how do I do this?
You want to modify the /etc/sysctl.conf file:
# Controls IP packet forwarding net.ipv4.ip_forward = 1
That change will take effect the next time the system is rebooted; or, you can type:
/sbin/sysctl -p
which will load the values specified in /etc/sysctl.conf immediately.
-Greg
On Tue, Feb 12, 2008 at 10:26:54AM -0800, Tim Alberts wrote:
So how do I do this?
edit /etc/sysctl.conf
option routers 10.0.0.1 10.0.0.2;
Not as far as I know.
Tim Alberts wrote:
First,
I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT}
For ip forwarding, edit /etc/sysctl.conf and make sure you have a line that says net.ipv4.ip_forward = 1
For iptables, if you already have a working iptables config, just run: service iptables save This will create an /etc/sysconfig/iptables for you. Then make sure that the system loads up these rules on boot with: chkconfig iptables on
Re: your dhcp question below...you can do what you list (the man page [man dhcp-options] and RFC2132 say they should be listed in order of preference) but the question really is, "What will the DHCP client do with multiple IPs in this option?" because I could see this behavior being inconsistent.
-Shawn
This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT fine, but when I write the file /etc/sysconfig/network with the line 'FORWARD_IPV4=YES' it still doesn't enable the ip forwarding after boot?
cat /proc/sys/net/ipv4/ip_forward 0
So how do I do this?
Second, In DHCP, you can specify multiple DNS servers:
option domain-name-servers 10.0.0.1, 10.0.0.2, 10.0.0.3;
can you also do this with routers?
option routers 10.0.0.1 10.0.0.2;
so that if one is down, the network PC's can fail over to another?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Tim Alberts wrote:
So how do I do this?
easiest way is to put it in /etc/rc.d/rc.local . I'm sure that's not the "proper" way though.
so that if one is down, the network PC's can fail over to another?
No PC will do that even if the DHCP server supported it. What you want is VRRP, so the backup router will assume the IP and MAC address of the failed router. There are other protocols that can accomplish the same thing, OpenBSD uses pf carp, some older cisco gear have HSRP. Lots of firewall vendors have their own proprietary protocols for fail over. I run ESRP in my environment to provide layer 3 router fault tolerance as well as layer 2 loop prevention in a single protocol(that doesn't require any protocols be installed on downstream equipment unlike (R|M)STP)
nate
-
CM -
David Mackintosh -
Greg Bailey -
John R Pierce -
nate -
Shawn O'Shea -
Tim Alberts