ADSL, Proxy & Bridge

Jhon Ramawi Putra jhonrp at pamapersada.com
Mon Aug 1 01:34:13 UTC 2005 

redhat-install-list-bounces at redhat.com wrote on 07/26/2005 07:06:05 PM:

> On Tuesday 26 Jul 2005 02:49, Jhon Ramawi Putra wrote:
> > redhat-install-list-bounces at redhat.com wrote on 07/26/2005 12:45:52 
AM:
> > > Jhon Ramawi Putra wrote:
> > > > Dear Gurus...
> > > >
> > > > May be this is a beginner question, but any help will be 
appreciated.
> > > > This is existing my network diagram:
> > > >
> > > > (.....Internet.....) --- [ADSL MODEM]-----[LAN Switch] ---- 
Desktops
> > > > (192.168.0.1, etc....)
> > > >                       192.168.0.9
> > > >
> > > > The ADSL Modem act as gateway.
> > > >
> > > > Now i want to configure my network to be like this:
> > > >
> > > > (.....Internet.....) ---[ADSL MODEM]
> > > >                 ip : 10.0.0.1, net mask : 255.0.0.0
> > > >
> > > >
> > > >                 eth0: 10.0.0.2, net mask : 255.0.0.0
> > > >                 [Computer A]
> > > >                 eth1:192.168.0.10 netmask : 255.255.255.0
> > > >
> > > >
> > > >                 [LAN Switch] ----  Desktops (192.168.0.1, etc ... 
with
> > > >
> > > > netmask : 255.255.255.0)
> > > >
> > > > The ADSL Modem is attached to Computer A via eth0. Then my eth1 is
> > > > connected to LAN. I want to make Computer A as Proxy Server .
> > > >
> > > > Then i tried to make a  "bridge" using brctl, and followed every 
step
> >
> > in
> >
> > > > "How to" documents that i found from googling, but i got no 
success.
> > > > Computer A can ping to LAN Clients dan Browse to Internet. LAN 
Clients
> >
> > can
> >
> > > > ping Computer A, but they can't ping The ADSL Modem and browse
> >
> > internet.
> >
> > > > So, i assumed that the bridge didn't working well.
> > >
> > > You need to enable IP forwarding in computer-a to make it act as a
> > > router.  For that, either do this:
> > >
> > >    echo 1 >/proc/sys/net/ipv4/ip_forward
> > >
> > > or change the line in /etc/sysctl.conf that reads:
> > >
> > >    net.ipv4.ip_forward = 0
> > >
> > > to
> > >
> > >    net.ipv4.ip_forward = 1
> > >
> > > and either reboot or use "sysctl -w net.ipv4.ip_forward=1".  For 
proxy
> > > operations, you should install and configure squid.
> > > 
----------------------------------------------------------------------
> > > - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com 
-
> > > - VitalStream, Inc.                       http://www.vitalstream.com 
-
> > > - -
> > > -    Admitting you have a problem is the first step toward getting -
> > > -    medicated for it.      -- Jim Evarts (http://www.TopFive.com) -
> > > 
----------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Redhat-install-list mailing list
> > > Redhat-install-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/redhat-install-list
> > > To Unsubscribe Go To ABOVE URL or send a message to:
> > > redhat-install-list-request at redhat.com
> > > Subject: unsubscribe
> >
> > Thanks Rick,
> >
> > I did this:
> > >    echo 1 >/proc/sys/net/ipv4/ip_forward
> >
> > but i didn't do this one:
> > > and either reboot or use "sysctl -w net.ipv4.ip_forward=1".
> >
> > Before i configured the bridge, i assigned each NIC card with IP. Then 
i
> > read this in
> > 
http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
> >
> > "But now they became part of the logical bridge device and therefore 
need
> > no IP configuration any longer"
> >
> > and another tutorial said that i should not assigned IP address first 
to
> > the NICs card before configure the bridge nor set DHCP for it. So, may 
be
> > that was my fault :)
> >
> > Ok, i'll try to set it up again (end of this week...). Thanks 
Rick....!
> >
> > Best Regards,
> > Jhon Ramawi Putra
> >
> 
> In your case you need Computer A to act as a router, not a bridge. A 
bridge 
> sits between different segments of the *same* subnet, and provides a 
> transparent link between the two. It may, or may not, have an IP address 

> which is part of the same subnet.
> 
> In your case you have two different networks on either side of Computer 
A, 
> 10/8 on one side and 192.168.0/24 on the other side, so the machine 
needs to 
> act as a router between these networks. Eth0 and eth1 are already setup 
to be 
> part of each network, so all you need is to configure routing to route 
> packets between eth0 and eth1 for these two networks.
> 
> -- 
> Nigel Wade, System Administrator, Space Plasma Physics Group,
>             University of Leicester, Leicester, LE1 7RH, UK 
> E-mail :    nmw at ion.le.ac.uk 
> Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe

Hello Nigel....

Finally, i followed your advice and ... the "computer a" now is a router 
and run perfectly.

So, my step are:
(1) Reinstall Fedora Core 3
(2) Set eth0 192.168.0.9 netmask 255.255.255.0 and eth1 10.0.0.1 netmask 
255.0.0.0
(3) Edit rc.local , add these lines:
        DEVICE=eth1
        iptables -A FORWARD -o $DEVICE -i ! $DEVICE -j ACCEPT
        iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A FORWARD -f  -j ACCEPT
        iptables -t nat -A POSTROUTING -o $DEVICE -j MASQUERADE
        echo "1" > /proc/sys/net/ipv4/ip_forward
(4) Set gateway on eth1 = 10.0.0.2 (ADSL Modem IP)
(5) Restart
(6) Set Gateway IP on LAN Clients to 10.0.0.1
(7) Browse internet!!

May be this is a simple configuration, but i hope this would be usefull. 
Now, ready to install Squid and friends.. :)

Thanks Rick and Nigel for the advices!

Best Regards,
Jhon Ramawi Putra

More information about the Redhat-install-list mailing list