[CentOS] Using a CentOS 6 Machine as a gateway/router/home server
Max Pyziur
pyz at brama.com
Sun Jun 28 22:49:27 UTC 2015
On Sun, 28 Jun 2015, Brian Miller wrote:
> On Sun, 2015-06-28 at 14:50 -0400, Max Pyziur wrote:
>
>> I haven't setup the firewall yet (dangerous, I know) until I get the
>> connectivity working.
>>
>> I'm obviously overlooking some other configuration settings required for
>> machines inside the network being able to connect through the
>> gateway/router.
>
> As others have pointed out, you're either missing a NAT layer or you got
> a large enough IP allocation to subnet and you haven't set up routing.
> Probably safe to assume it's NAT.
>
> I'd suggest at a minimum you install something like shorewall to assist
> in managing your firewall and IP masquerading tasks. It's available in
> EPEL, is very well documented, and provides enough built in sanity
> checks to protect you against making some silly (and some not so silly)
> mistakes in your firewall management.
Thanks to all for pointing me in the direction of iptables and IP
masquerading.
>From several sources, code, the stock CentOS iptables I've cobbled the
following
/etc/sysconfig/iptables; while it works, I suspect that there are holes:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
COMMIT
I also seem to need to load
iptable_nat
nf_nat_ftp
via rc.local
Is this correct?
Thank you again,
Max
More information about the CentOS
mailing list