want to Make software router having two nic cards using centos 6.4

domain-name-system nat centos6 gateway ip-routing

I'm new on CentOS. I have a CentOS 6.4 system having 2 NIC cards. I want to setup a gateway so I can get internet from public ip over 1st nic card (eth1) and forward the network over 2nd nic card (eth2) so it can be accessible to my local network. I made a DNS server in same system. my gateway system is able to ping to both DNS and google but my client systems are not.

I tried to set the iptables rules it works ping to local gateway but unable to ping to public DNS and www.google.com from client system..when I ping to google.com said that host is unreachable.

How can I implement this, please help me?

  • public ip is(eth1) : x.x.x.x
  • my local network is (eth2) : 192.168.x.x

I used this for setting up iptables:

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth2 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

Routing table:

Kernel IP routing table
Destination          Gateway             Genmask           Flags     Metric      Ref    Use Iface
local ip             0.0.0.0             255.255.255.0       U        0          0        0 eth2
public ip            0.0.0.0             255.255.255.0       U        0          0        0 eth1 
0.0.0.0         my local gateway         0.0.0.0             UG       0          0        0 eth2

Iptables:

Chain PREROUTING (policy ACCEPT 9761 packets, 1239K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 14666 packets, 1001K bytes)
 pkts bytes target     prot opt in     out     source               destination
  345 41722 MASQUERADE  all  --  *      Auto_eth1  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 15011 packets, 1043K bytes)
 pkts bytes target     prot opt in     out     source               destination

Please tell me what are changes I have to do in configuration.


Solution 1:

ip route del default
ip route add default via INTERNETGATEWAY dev eth2

There is something screwy with your route. the centos 'NAT' box needs to sit on two nets:

192.168.5.x/24 (Private eth2)
192.168.6.x/24 (Public eth1)  -- hypothetically

your route should be something like:

ip route add route 192.168.5.0/24 dev eth2
ip route add route 192.168.6.0/24 dev eth1
ip route add default via 192.168.6.1 dev eth1

Right now you are routing internet bound traffic out of your private facing NIC...

Solution 2:

Don't reinvent the wheel. Ditch trying to roll it by hand and use an appliance product such as pfSense that handles this very well.

Yes, it is possible, but if you're not familiar with how this all works it's not worth your time to try to build it by hand.

Related

How to migrate from Google Apps Mail
Server optimization for long running script [duplicate]
passenger is listing all the public folder files
Entries in `/etc/inittab` below last line - possible hack? [duplicate]
How can I see the response of the DNS requests that tcpdump is showing me?
Test virtual host configuration [closed]
RANCID, but for arbitrary server configuration files
Simple IP load balancer for web service that runs on Windows XP or Windows 7 Professional?
File base permissions are 666, why and is this a configurable value? [closed]
Forward localhost memcached server on port 12111 to domain.com memcached server
Is a web server required to run a mail server?
ubuntu distribution upgrade got corrupted [closed]