I’ve setup a router using OpenSuse 12.1. The Internal network has two computers connected to a switch, and the switch is connected to the Suse router’s Internal NIC. The Suse router’s External NIC is connected to the LAN. From the two Internal computers, I’m able to ping any IP address, but I’m not able to ping either of the two computers from the External LAN.
The router obviously is set to IP Forward, and is Masquerading.
What other considerations should I pursue?
THANKS!
On 2012-06-15 21:06, testingsuse111 wrote:
>
> I’ve setup a router using OpenSuse 12.1. The Internal network has two
> computers connected to a switch, and the switch is connected to the Suse
> router’s Internal NIC. The Suse router’s External NIC is connected to
> the LAN. From the two Internal computers, I’m able to ping any IP
> address, but I’m not able to ping either of the two computers from the
> External LAN.
> The router obviously is set to IP Forward, and is Masquerading.
> What other considerations should I pursue?
> THANKS!
Ok, lets graph it.
internal nw
— ]— PC1
—[SW]— PC2
|
| IP range?
|
int ]
[router ]
ext ]
|
| IP range?
|
external network.
What IP range have both internal and external networks?
What IP have both eth0,1 of the router?
What routing table have the external computer you are using to test ping to
PC1,2?
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
On Fri, 15 Jun 2012 19:06:02 +0000, testingsuse111 wrote:
> The router obviously is set to IP Forward, and is Masquerading.
If you’re using masquerading (NAT), then this is behaving as expected -
NAT doesn’t pass ping requests to the ‘internal’ network. You have to
explicitly forward ports from the external network to target machines on
the internal.
“Masquerading” means that the machines on the internal network appear to
be sending data as the external, hiding the internal addresses.
Almost by definition, that means that pinging from the outside back in is
going to result in no response.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 2012-06-16 01:23, Jim Henderson wrote:
> If you’re using masquerading (NAT), then this is behaving as expected -
You are right.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Hi Jim-
Well, they say there’s no “dumb” question… thanks for not letting me know you laughed so hard you fell out of your chair! Geez, “masquerading” is just that; hiding behind falsely.
Ok ~now~ I get it. I’ve read about port forwarding and I’ll experiment. I think I got confused because a lot of folks bring up masquerading right after allowing IP Forwarding.
Thanks again!
(and thanks Carlos… I’m sure you would’ve corrected my misunderstanding!, thanks)
On Sat, 16 Jun 2012 02:16:02 +0000, testingsuse111 wrote:
> Hi Jim-
> Well, they say there’s no “dumb” question… thanks for not letting me
> know you laughed so hard you fell out of your chair! Geez,
> “masquerading” is just that; hiding behind falsely.
Everyone has to start learning somewhere and sometime - we all were new
to this stuff at some point.
> Ok ~now~ I get it. I’ve read about port forwarding and I’ll experiment.
> I think I got confused because a lot of folks bring up masquerading
> right after allowing IP Forwarding.
> Thanks again!
Glad to help out.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 2012-06-16 04:16, testingsuse111 wrote:
> (and thanks Carlos… I’m sure you would’ve corrected my
> misunderstanding!, thanks)
I prefer to use real routers for routing, and in them the word “NAT” stands
out
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Hi Jim-
Well, heck, I don’t understand how to allow network traffic through Suse 12.1 (acting as a router).
I don’t mind re-installing Suse 12.1 to begin fresh (I’m going to anyway).
My goal is to simply use the Suse as a router and let the operating systems on the internal side use their firewalls for protection.
The reason for all this is the LAN is 100mbps and the Suse 12.1 machine has both 100mbps and 1000mbps NIC’s. The internal machines all connect to a 10/100/1000 switch and the switch is connected to the 1000mbps Suse 12 NIC.
A simple diagram is below:
INTERNAL servers SWITCH ROUTER
http > 10/100/1000 switch > 1000mbps NIC (Suse 12 ROUTER) 100mbps NIC >>> LAN
file > 10/100/1000 switch > 1000mbps NIC (Suse 12 ROUTER)
lic manager > 10/100/1000 switch > 1000mbps NIC (Suse 12 ROUTER)
Basically I would really like to send data around the internal network at 1000mbps, but still allow straight through (no denial or drop) from the external to the internal, as thought there was no router at all between the internal machines and the LAN network.
What do you suggest? I don’t mind reading and learning (I’m not asking for you to tell me what to do, but good sources for me to learn from). If you’d rather give me some instructions I’m eager… I just want to understand “Suse as a router” better.
Thanks!