Bastion Host

Printable View

10-24-2012
ek192010

Bastion Host

I am having some issues with a project that I was assigned I have an OPEN BSD system that's my Bastion Host and I have another system that has Fedora I've manage to get Fedora to ping the Bastion host. The bastion host can ping fedora back and can ping the internet (ex.google.com) I have my dhcp setup as well. My problem is that my bastion host is suppose to provide my Fedora system with internet but I can't ping google.com or any other site from my fedora but I can do it from my bastion host. :confused:
10-24-2012
atreyu

Hello and welcome,

Is the OpenBSD box set up to act as a router? I.e., is it doing IP Forwarding? I'm not sure how to do it in BSD, but in Linux, it is trivial, something like this:

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

then possibly also a route command, to add a rule to the routing table to forward traffic to another network, if you have multiple networks.

You could also forward the packets using iptables/firewall (again, not sure on BSD how to do that).

On the Fedora side, you would need to set up the BSD box as your default router. If the BSD box has ip address 192.168.1.1, then on the Fedora box, you'd manually test it like this:

Code:

route add default gw 192.168.1.1

you'd also need to add the DNS servers to the Fedora box. If your BSD box is a proxy DNS server, you could use the BSD IP address. Otherwise, use the DNS ip addresses that the BSD box uses to get onto the internet. In either case, once you have the DNS ip addresses, put them in /etc/resolv.conf on the Linux box, e.g.:

Code:

nameserver 123.123.123.123 nameserver 124.124.124.124

To make the default gw setting permanent, you can add it to your networking config file, e.g.: look at these files:

/etc/sysconfig/network-scripts/ifcfg-*

The setting would be:

Code:

GATEWAY=192.168.1.1
10-24-2012
ek192010

That might be my problem I didn't set it up as a router yet I've only done the dhcp do you think that might be why the fedora one can't ping google.com?
10-24-2012
atreyu

What is your Fedora box's NIC plugged into? A 2nd NIC on the BSD box? A switch?

So the BSD box is a DHCP server, and the Fedora box is a DHCP client? Have you verified that the Fedora box is getting an ip address assigned to it? Is it also getting DNS settings from the BSD box?
10-24-2012
ek192010

Yes, I verified that the Fedora box is getting an ip address assigned. We haven't gotten to the DNS point yet that's the step after we figure out how to get the Fedora to obtain internet through the bastion host (BSD). And we have a switch
10-25-2012
atreyu

Quote:

Originally Posted by ek192010

We haven't gotten to the DNS point yet that's the step after we figure out how to get the Fedora to obtain internet through the bastion host (BSD).

actually, it is the same step, at least theoretically. Getting DNS (resolving of domain names like google.com to ip addresses) is basically all you need to surf the net, apart from your own ip address and a way to get there (a router, etc.).

I assume you have basic network connectivity working as you say you've verified DHCP.

So do you have DNS server ip address info on your BSD box?

Is your BSD box forwarding IP?

In my mind, your next step are to ensure that the BSD box will forward packets, that the Fedora box has DNS name server info, and that the Fedora box is using the BSD box as its default gateway.
10-25-2012
ek192010

Thank you so much I will incorporate all this info to see if it fixes the problem thanks =)