Is there a way to configure Suse 12.1 to allow computers attached to a switch (which is attached to one NIC on a Suse 12.1 machine) to connect to the LAN/internet on the other NIC without masquerading/hiding/protection?
Below is a simple map of what I have going on:
Three various computers — SWITCH — NIC1 (Suse 12.1 machine) NIC2 — LAN/Internet
Suse (linux) has a lot of security features/capabilities, but what I’m looking for is a solution for the “various computers” to simply have their requests, or requests of them, routed through the Suse 12.1 machine without messing with their IP addresses or re-directing IP/ports; just as though the various computers, themselves, where attached directly to the LAN/internet.
FW_MASQUERADE = “no”
I’m new to this aspect of linux, so I may have used terminologies in accurately (sorry).
> Is there a way to configure Suse 12.1 to allow computers attached to a
> switch (which is attached to one NIC on a Suse 12.1 machine) to connect
> to the LAN/internet on the other NIC without
> Below is a simple map of what I have going on:
> Three various computers — SWITCH — NIC1 (Suse 12.1 machine) NIC2
> — LAN/Internet
There’s no technical problem with this arrangement. You just need to
enable forwarding and tell the firewall to get out of the way, as you
suggest. But it’s a rather unusual arrangement and if you explain why yu
think you need it like this, people may have a better idea. It’s unusual
(1) The opensuse box isn’t performing any function, apparently, but is
spending some (lots) of its time just forwarding network packets. That
will add latency and may limit bandwidth. Why not connect the
LAN/internet to the switch and so take the opensuse box out of the circuit.
(2) The arrangement apparently leaves the three other boxes with no
firewall protection. It’s generally a good idea to have a dedicated
firewall, optimised for the purpose and with clearly defined rules. One
exception might be if your three boxes are themselves firewalls under
test, but then you’re compromising their performance by putting the
opensuse box in circuit.
There are some details in the “map” I didn’t include, but here they are:
Three various computers (each have giga-bit NICs) — SWITCH (giga-bit) — NIC1 (giga-bit) (Suse 12.1 machine) NIC2 (fast ether-slow)— LAN/Internet
The “three various computers” will communicate with the Suse machine (Suse has NFS, and Samba services running) using giga-bit (fast for me transferring very large files). The LAN is heavily firewalled from the internet by the organization where these computers are used and the network is “policed” rigorously.
The switch simply can’t be connected to the LAN, nor can the “three various computers”… it’s just the way things are (or I would have smile)
Turning off Suse’s firewall doesn’t seem to be a solution.
Here’s some additional information:
The “three various computers” use these IP addresses - 10.8.8.131, 10,8,8,132, and 10,8,8,133, gateway for all three = 10.8.8.100, netmask for all three = 255.255.252.0
The Suse’s machine has these IP addresses - giga-bit NIC = 10.8.8.130, LAN/internet fast ether NIC = 10.8.8.100
Is there something (maybe a lot) that I’m not considering? THANKS!
Thanks for the help, but masquerading is the last thing I want for this arrangement. I don’t want the “three various computers” to be hidden at all. They have their own firewalls and the organization has extensive internet-firewall protection.
On 08/01/2012 11:16 AM, testingsuse111 wrote:
> Hi deano_ferrari-
> Thanks for the help, but masquerading is the last thing I want for this
> arrangement. I don’t want the “three various computers” to be hidden at
> all. They have their own firewalls and the organization has extensive
> internet-firewall protection.
> I’m still eager to try ideas. THANKS!
I do not understand why connecting the various computers and the organizational
network to a switch does not fit the requirements, but I will assume the reason
>Turning off Suse’s firewall doesn’t seem to be a solution.
>Here’s some additional information:
>The “three various computers” use these IP addresses - 10.8.8.131,
>10,8,8,132, and 10,8,8,133, gateway for all three = 10.8.8.100, netmask
>for all three = 255.255.252.0
>The Suse’s machine has these IP addresses - giga-bit NIC = 10.8.8.130,
>LAN/internet fast ether NIC = 10.8.8.100
>Is there something (maybe a lot) that I’m not considering? THANKS!
Perhaps. In General 10.X.X.X addresses are internal private class a
addresses. They do not appear in the public address space of Internet. It
seems that your company’s ISP is translating those (server / website)
addresses for you. It may actually be an IP instead of an ISP. You may
want simple bridging.
On 08/06/2012 03:46 PM, testingsuse111 wrote:
> Hi lwfinger-
> It worked! Thanks!
> I had tried many different ideas and didn’t trust the installation I
> had been working with, so I did a fresh install and used these commands
> (without setting up the NIC’s AT ALL);
> # su (and entered password)
> # ifconfig eth0 0.0.0.0
> # ifconfig eth1 0.0.0.0
> # brctl addbr mybridge
> # brctl addif mybridge eth0
> # brctl addif mybridge eth1
> # ifconfig mybridge 10.8.8.130 netmask 255.255.255.0
> Thank you, it works great! I rebooted the system and, as expected, the
> bridge stopped working. Is there a way to make the bridge permanent?
Add the commands you need to /etc/init.d/boot.local.