Router issue (network settings)

[JavaWannabe]

Hi,

I'm hoping someone can help.

I am running suse 11.2 with plans of making it a firewall (Goal)!

I have an interface which will not connect to the internet when I statically config it network settings, either via Yast or in the sysconfig/network/ifcfg-eth file.

It will however connect to the Internet If i let it grab a dhcp address from the wireless router closest to the public Internet.

What am i missing here? or any should I be looking somewhere else?

I manually put in the following: these do have settings, i just didn't write them in here.
GATEWAY
IPADDR
DNS
BROADCAST
NETWORK


Thanks in advance

[jr0sco]

So whats not working?

If you don't want the manually configured interface to connect to another network other then the network the system is on, you do not need a gateway. Also your configuration will need a NETMASK

[JavaWannabe]

I am setting up a dual homed firewall device running suse 11.2. It has two nic cards.

-one interface for private lan (172.16.0.0) - eth0
-one interface towards to public Internet (192.168.1.0) - eth1


When I let the eth1 nic receive a dhcp address I can then access the Internet.
If I statically assign eth1 with an address via setting using YAST or the sysconfig/network/ifcfg-eth1 file then I have a NO GO.

I did manually add a NETMASK /24. same result though.
And I did comment out the GATEWAY statement.

I'm not sure why this is happening. There has to be some setting somewhere coming from dhcp that I am not entering in manually.

Any advice or tips?

[Segfault]

First, 192.168.1.0 is not a public address.
Second, you are supposed to use DHCP to get proper settings from your ISP. Unless you are in static IP range.

[jr0sco]

The NETMASK would be 255.255.255.0

Post the results of:

Code:

ifconfig -a

Code:

route -n

when configured via DHCP and the same two commands without DHCP configured. I assume the DHCP settings are coming from your modem/router?

[Segfault]

What's the point setting up another NAT router if you already have one? Want to increase network lag?
Most cheap routers cannot handle advanced needs. If this is the case, why don't you put your existing router in bridge mode?

[JavaWannabe]

First, 192.168.1.0 is not a public address.
Second, you are supposed to use DHCP to get proper settings from your ISP. Unless you are in static IP range.

Yes, I do know this.

The only difference I see when issuing these two commands for both a static & dhcp configured address is the inclusion of a 0.0.0.0. - default gateway route - this is seen when using the issued dhcp address only. AND the inclusion of the 169.254.0.0 network - I believe this is only if the nic doesn't receive a dhcp defined address it will fall to this network address as in microsoft handles dhcp.

These are the only differences.
The ipconfig -a shows the same whether dhcp or static configured. (2 nic cards and a local loopback)

I will statically try to add the default gw of 0.0.0.0 and see if any luck and get back with any results.

[JavaWannabe]

What's the point setting up another NAT router if you already have one? Want to increase network lag?
Most cheap routers cannot handle advanced needs. If this is the case, why don't you put your existing router in bridge mode?

The objective is to have finer traffic control and monitoring/auditing than the crappy dlink can provide.

I'm not sure if there will be an issue with possilbly having to double nat or not. I am working ad hoc right now and my first problem is the static nic address assignment on the soon to be linux firewall device.

I want to protect the private network behind the Firewall and have the wireless dlink used for guests and other wireless devices I don't care about protecting being able to access the Internet.

First things first though.

[JavaWannabe]

Thanks for the help.

I decided to use Fedora and ditch Opensuse. I have it working now.

Now on to iptables so you guys will hear from me soon!



Thanks again for input.

[jr0sco]

There is a distro called smoothwall that has a nice web gui on top of iptables or if you stick with fedora you could run shorewall as a service. Shorewall makes it easier to configure iptables using configuration files.

These maybe worth a look at.