On 06/04/2013 09:20 AM, Johan Vermeulen wrote: > dear All, > > I'm facing this routing problem, the setup is actualy part of ltsp, but > I think this problem is Centos-specific. > > The server is a Dell Poweredge R210. The install is standard 6.4, updated. > > I have one nic facing the public internet: > > vi /etc/sysconfig/network-scripts/ifcfg-em1 > > DEVICE=em1 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2b > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="cdfe1d58-c56c-47fc-8a93-5df2e168d176" > IPV6INIT=no > USERCTL=no > DNS2=195.238.2.22 > DNS1=192.168.66.1 > IPADDR=192.168.66.5 > NETMASK=255.255.255.128 > GATEWAY=192.168.66.1 > > and one nic serving the lan and dhpcd. > > vi /etc/sysconfig/network-scripts/ifcfg-em2 > > DEVICE=em2 > BOOTPROTO=none > HWADDR=d4:ae:52:c1:28:2c > NM_CONTROLLED=no > ONBOOT=yes > TYPE=Ethernet > UUID="e72a17b6-fb5f-43f0-9136-fa4d92b542ae" > IPADDR=192.168.70.129 > NETMASK=255.255.255.128 > IPV6INIT=no > USERCTL=no > > in iptables, prerouting and masquerading are configured : > > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *nat > :PREROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING -o eth+ -j MASQUERADE > -A POSTROUTING -o em2 -j MASQUERADE Shouldn't this be em1? > COMMIT > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -i eth+ -j ACCEPT > -A INPUT -i em2 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > -A FORWARD -p icmp -j ACCEPT > -A FORWARD -i lo -j ACCEPT > -A FORWARD -i eth+ -j ACCEPT > -A FORWARD -i em2 -j ACCEPT > -A FORWARD -o eth+ -j ACCEPT > -A FORWARD -o em2 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > > and in /etc/sysctl.conf > > ipforwarding is set to 1 > > # Kernel sysctl configuration file for Red Hat Linux > # > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > # sysctl.conf(5) for more details. > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 > > > clients get ip adresses from dhcp server, and there's no other dhcp > server on the lan. > > But clients cannot ping the public internet, e.g. 8.8.8.8 > > the only EM I'm seeing is when executing command : > > [root at centoshofkwartier ~]# sysctl -p /etc/sysctl.conf > net.ipv4.ip_forward = 1 > net.ipv4.conf.default.rp_filter = 1 > net.ipv4.conf.default.accept_source_route = 0 > kernel.sysrq = 0 > kernel.core_uses_pid = 1 > net.ipv4.tcp_syncookies = 1 > error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key > error: "net.bridge.bridge-nf-call-iptables" is an unknown key > error: "net.bridge.bridge-nf-call-arptables" is an unknown key > kernel.msgmnb = 65536 > kernel.msgmax = 65536 > kernel.shmmax = 68719476736 > kernel.shmall = 4294967296 > > I switched the cables and switches, and changed the connection with the > public internet. > > Can anybody offer some advise on this? > > Greetings, J. > > > > -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com