At 13:11 2002/10/08 -0400, you wrote: >Can someone please tell me the easiest way to route all traffic through a >RedHat Linux box. I would like to pass all data transparently from eth1 >(inside) to eth0 (outside) and vice versa.
Actually the problem you have with documentation is probably a result of a minor language problem. When you talk about "routing" you are dealing with fairly high-level non-transparent handling of packets. If you want to pass traffic transparently you should either operate the system as a network bridge (which will handle all protocols) or, if you want to work at the IP level (e.g. so that you can do a bit of filtering as well) you should use proxy ARP. Both of these topics are covered in HOWTO documents on tldp.org, although the proxy ARP documentation is a bit lacking: Last time I looked it only dealt with 2.0 and 2.2 series kernels. There is information on doing proxy ARP in the actual kernel documentation though (and it's gotten easier rather than more complex since earlier versions). Simply enabling forwarding between your interfaces will sort of work, it will allow machines to use your box as a router, but it will not be transparent (your box would need to be listed correctly in the routing table on every machine that was supposed to route through it). Since you describe interfaces in terms of "inside" and "outside" I'd suggest that proxy ARP is the logical way to go if you have "real" IP addresses for all the machines on the "inside". If you want to connect machines using a reserved ip space (like most consumer grade "broadband router" products do) and just one IP address visible from the "ouside" then what you actually want is probably one to many NAT (Network Address Translation) which is still covered under the IP Masquerade howto. This approach is also non-transparent, but can be very simple to configure if you just setup a DHCP server on your "inside" network and have it specify your NAT box as the default gateway for all the "inside" machines. Good resources in addition to the routing/advanced routing documents: For proxy ARP have a look at http://www.tldp.org/HOWTO/mini/IP-Subnetworking.html and also http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/index.html , but keep in mind that the second document is obsolete in its description of the actual software (i.e. ignore section 4). http://www.tldp.org/HOWTO/mini/Bridge/index.html deals with ethernet bridging (AFAIK the most transparent method). Lastly http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html and http://www.tldp.org/HOWTO/Masquerading-Simple-HOWTO/index.html Are good resources for filtering and NAT. I'd suggest you not bother with the Firewall HOWTO for the time being as the current version doesn't appear to have been updated for use with kernel 2.4. For security purposes your best bet for a first NAT setup is probably to copy (with the minimum necessary modifications to make it work on your network) the sample iptables configuration script in section 6.4.1 of the IP-Masquerade HOWTO. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
