configure openSuse 12.1 as a "simple" router

Hi-

I’m looking for a solution to use openSuse as a router, without firewall security enforced by the machine that is routing.

My goal is to simply use the openSuse as a router and let the operating systems on the internal side use their firewalls for protection.
The LAN is 100mbps and the Suse 12.1 machine has a fast-ethernet (10/100mbps) NIC and a 10/100/1000mbps NIC. The internal machines all connect to a 10/100/1000 switch and the switch is connected to the 1000mbps Suse 12 NIC. A simple diagram of the cabling is below:

INTERNAL machines (three servers) >>> 10/100/1000 SWITCH > (10/100/1000mbps NIC) openSuse ROUTER (10/100mbps NIC) > LAN

Basically I would really like to send data around the internal network at 1000mbps, but still allow straight through (no denial or drop) from the external to the internal.

I’ll explore any ideas. Thanks!

If you just want to have a linux based router I would really suggest vyatta :
Vyatta.org | The Open Source Networking Community

It’s free to use, based on debian and has a very nice cisco/juniper like CLI.

Thanks for the suggestion Greg, but there are some advantages to openSuse that I really like. I know there are some benefits to using Vyatta and other similar varieties of linux “only routing” derivatives, but the robust nature of openSuse has more advantages.

I’m still looking for openSuse ideas and suggestions…

Thanks!

On 2012-06-25 05:16, testingsuse111 wrote:
>
> Thanks for the suggestion Greg, but there are some advantages to
> openSuse that I really like. I know there are some benefits to using
> Vyatta and other similar varieties of linux “only routing” derivatives,
> but the robust nature of openSuse has more advantages.

Frankly, a Linux built for routers is more robust than a general purpose Linux.

Look for another excuse than robustness ;-p


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

so, testingsuse111](http://forums.opensuse.org/members/testingsuse111.html) , what the problem in?

Just go to yast → User&Security → Masquerading-> Allow masquerading networks…
Before it just set up (set IP addresses) your network adapters in yast.

Or you have some other problem?

>
> I’ll explore any ideas. Thanks!

maybe this guy was finally successful:

http://forums.opensuse.org/english/get-technical-help-here/network-internet/420873-configure-opensuse-11-1-router.html


dd

You can also use this as a reference :
Cool Solutions: HOW-TO: Set Up a SUSE 10 Machine As a Router

It’s for the non free SUSE and quite old but things look very similar in openSUSE and not much has changed in the way it does networking.

A few weeks ago I found the link above and dug through my DVD collection to find SUSE10; I didn’t download it when it was “out there” and I couldn’t find a site that still has it available. Thanks!

Thanks Carlos. Ok… I like SUSE. I’m actually looking for solutions, not looking to chat online. You and Greg have given me an idea though; I think I’ll try a linux router distro and see what happens. If it works the way I want it to, then take some notes and apply them to OpenSUSE 12.

On 06/25/2012 08:06 PM, testingsuse111 wrote:
>
> A few weeks ago I found the link above and dug through my DVD
> collection to find SUSE10; I didn’t download it when it was “out there”
> and I couldn’t find a site that still has it available. Thanks!
>
>

do NOT use SUSE 10 as a router…it has not been security patched in
years

instead, use the tutorial to set up openSUSE 12.1…

of course, changes will be needed…which ones, i don’t know and
suggest if you get lost then (as said before) use a tool designed for
the job…


dd

On Mon, 25 Jun 2012 18:18:35 +0000, dd wrote:

> do NOT use SUSE 10 as a router…it has not been security patched in
> years

Depending on what’s meant by “SUSE 10” - if this is the predecessor to
openSUSE 11.0, then yes, that’s true.

But if it’s SLE[S|D], then it has continued to receive security patches
as part of the enterprise SLE product, which is still supported and
patched.

It’s reasonable to assume the article is geared towards SLE as Cool
Solutions articles are about the products that are sold (or in this case,
were sold) by Novell.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 06/25/2012 08:49 PM, Jim Henderson wrote:
> It’s reasonable to assume the article is geared towards SLE as Cool
> Solutions articles

you are right! i didn’t even think about that…

testingsuse111, you can use SUSE Linux Enterprise version 10, and it is
still available (i think) from suse.com

but that would be a pretty big investment for just a router.


dd

Am 25.06.2012 21:49, schrieb dd@home.dk:
> On 06/25/2012 08:49 PM, Jim Henderson wrote:
>> It’s reasonable to assume the article is geared towards SLE as Cool
>> Solutions articles
>
> you are right! i didn’t even think about that…
>
> testingsuse111, you can use SUSE Linux Enterprise version 10, and it is
> still available (i think) from suse.com
>
> but that would be a pretty big investment for just a router.
>
I read now completely through the article and can really find absolutely
nothing which should be different when simply doing exactly the same
steps with openSUSE 12.1.
I guess I will test it now in a virtual machine.


PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10

Am 25.06.2012 21:58, schrieb Martin Helm:
> Am 25.06.2012 21:49, schrieb dd@home.dk:
>> On 06/25/2012 08:49 PM, Jim Henderson wrote:
>>> It’s reasonable to assume the article is geared towards SLE as Cool
>>> Solutions articles
>>
>> you are right! i didn’t even think about that…
>>
>> testingsuse111, you can use SUSE Linux Enterprise version 10, and it is
>> still available (i think) from suse.com
>>
>> but that would be a pretty big investment for just a router.
>>
> I read now completely through the article and can really find absolutely
> nothing which should be different when simply doing exactly the same
> steps with openSUSE 12.1.
> I guess I will test it now in a virtual machine.
>
The difference I found is only marginal since there is no “DNS and
Hostnames” entry in yast in openSUSE, it is just a tab in the usual
network settings in yast. Beside that the SLES 10 article works as
advertised in openSUSE 12.1.


PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10

Can you tell me; does the “internal” network subnet have to be remarkably different from the “external” (examples, INTERNAL IP = 10.8.9.0/24, EXTERNAL IP = 10.8.9.0/24 or INTERNAL IP = 10.8.8.0/24, EXTERNAL IP = 10.8.9.0/24)?

Thank you!

Am 26.06.2012 17:16, schrieb testingsuse111:
>
> Can you tell me; does the “internal” network subnet have to be
> remarkably different from the “external” (examples, INTERNAL IP =
> 10.8.9.0/24, EXTERNAL IP = 10.8.9.0/24 or INTERNAL IP = 10.8.8.0/24,
> EXTERNAL IP = 10.8.9.0/24)?
>
> Thank you!
>
>
Since you use /24 that should be different enough, I am no expert with
the 10...* nets, I just used the 192.168 subnets, my main (external)
one is 192.168.178 (comes from my main router as default) and used the
192.168.0 for the openSUSE routers (internal) subnet.


PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10

On Tue, 26 Jun 2012 15:16:03 GMT, testingsuse111
<testingsuse111@no-mx.forums.opensuse.org> wrote:

>
>Can you tell me; does the “internal” network subnet have to be
>remarkably different from the “external” (examples, INTERNAL IP =
>10.8.9.0/24, EXTERNAL IP = 10.8.9.0/24 or INTERNAL IP = 10.8.8.0/24,
>EXTERNAL IP = 10.8.9.0/24)?
>
>Thank you!

Please see rfc 1918, available at:

http://www.ietf.org/rfc/rfc1918.txt

For a reasonable discussion of internal subnets and some aspects of
network address translation (NAT). Well it is actually the standard.

?-)