I am stumped about how to setup centOS 6.4 to route packets.
|Local Network| -eth0- |CentOS 6.4 box| -eth1- |Internet|
The centOS box has a dhcp server running. Currently it is handing out IP address on 192.168.3.0/24 but I don't think DNS is working correctly either. I have two boxes 192.168.3.5 and 192.168.3.6 that can ping each other all day but nslookup raid_array will not work. Here is my setup right now.
I want all 192.168.3.0/24 traffic to forward over eth0. Any traffic headed for the internet should be masqueraded as the 172.16.0.72 over eth1. Where does DNS fit into this?
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=ETHERNET
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.3.1
NETMASK=255.255.255.0
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
TYPE=ETHERNET
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=192.16.0.72
GATEWAY=172.16.0.1
/etc/sysconfig/network
NETWORKING=yes
GATEWAY=192.168.3.1
NOZEROCONF=true
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth1
iptables
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Best Answer
You will also need to add this to your
/etc/sysctl.conf
:and then run:
The default behavior for Red Hat is not to forward packets, but just to be an end point.
You are also going to want to accept traffic going through the box (or it won't work very well as a router)
You'll also want to add postrouting masquerade rules for the traffic.
BTW, in your
ifcfg-eth1
file, change the device name toeth1
, otherwise you may have problems.DNS is there to provide domain name <=> ip addressing, you might need to have your own DNS server if you have servers inside the 192.168.3.X network, so you do not have to remember IP addresses, though you will want to configure those machines with static IPs or set up DHCP to always assign them the same IP. If however you do not have a need for internal DNS, use the ones your ISP provides, or Google's (8.8.8.8).