Jump to content

CentOS on Intranet and Internet (2 NIC)


wildweaselmi
 Share

Recommended Posts

To make a connection between two NIC's (one being local intranet and the other being on the internet), you need to setup NAT by using iptables (linux firewall)



Run these commands to achieve NAT



eth0 is internet eth1 is local




yum install iptables

iptables --flush

iptables --table nat --flush

iptables --delete-chain

iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

service iptables restart



Link to comment
Share on other sites

For some reason I had to type the path in front of iptables in CentOS 5.5



yum install iptables



/sbin/iptables --flush



/sbin/iptables --table nat --flush



/sbin/iptables --delete-chain



/sbin/iptables --table nat --delete-chain



/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE



/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT



echo 1 > /proc/sys/net/ipv4/ip_forward



service iptables restart



/etc/init.d/iptables restart





Link to comment
Share on other sites

Here is a better explanation







To accept all packets incoming on a particular interface, in this case the localhost interface:



iptables -A INPUT -i lo -j ACCEPT










Suppose we have 2 separate interfaces, eth1 which is our internal LAN connection and eth0 which is our external internet connection. We may want to allow all incoming packets on our internal LAN but still filter incoming packets on our external internet connection. We could do this as follows:






iptables -A INPUT -i lo -j ACCEPT


iptables -A INPUT -i eth1 -j ACCEPT














But be very careful - if we were to allow all packets for our external internet interface (for example, eth0 internet connection):



iptables -A INPUT -i eth0 -j ACCEPT



we would have effectively just disabled our firewall!



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...