[NTLUG:Discuss] pass all packets between two nics

Rob Apodaca rob.apodaca at attbi.com
Wed Jun 4 05:28:47 CDT 2003 

On Wed, 04 Jun 2003 03:08:48 -0500
severian at pobox.com wrote:

> Howdy,
>    I set up a SuSE 8.2 box that will be a VPN server, I hope.  I want to 
> prove to myself that having this box in the path between their internet 
> connection and the rest of the office will not cause any problems.  I think 
> I should start by connecting one nic to the Cisco router and the second nic 
> to the office switch that the router currently goes to.  I need to have my 
> new machine pass everyhing between the two nics.  This leads me to several 
> questions.
Let me see if I understand your proposed setup:

Internet --- Cisco Router --- Suse Router --- LAN

Is this correct?

>    1.  Is there a name for what I want the computer to do with the two 
> nics?  I ask because I have been searching for details on how to do this 
> without success.  If there is some term I should search on, maybe my luck 
> would be better.
It seems you want the Suse box to route IP traffice between the cisco router
and the LAN. I would start with the search term 'linux router'.  But, it is
really quite simple to do once the multiple interfaces are installed. Simple
type:
$ echo 1 > /proc/sys/net/ipv4/ip_forward
This tells the machine to forward any incoming packets which are destined for
another network to try to forward them on to an appropriate network. It looks
in its route tables to do this. Type 'route' to see your current route tables
However, this does require a kernel with routing enabled...I don't know if
stock Suse Kernels have it or not.

>    2. I was going to start by leaving ethereal running for a few days 
> monitoring one of the nics.  From reading the ethereal manual, I see this 
> is not the normal way people run ethereal.  The manual suggests plugging 
> the monitored nic into a hub(not a switch) that carries traffic you want to 
> monitor and I can see why this is the normal case.  My machine will need to 
> be in the middle to unencrypt and pass traffic to the internal network from 
> the insecure internet.  Is there a problem with what I propose?
The maching does not need to sit between the cisco and the LAN to do this.

>    3.  SuSE does not include the autologin package.  Is this just because 
> it is nrmally a security risk or is there something odd abut SuSE that 
> causes problems for autologin?  In the case of power failures, I need to 
> have this machine restart so the customer can still use the net.
> Your comments will be welcomed,
Why would you need the autologin feature? In the case of power failure, you
could use a battery backup.

After reading your questions, I'm not sure I understand what it is exactly you
are trying to do. You mention VPN, does that mean you intend to allow remote
computers or networks access to your LAN? If so, you can accomplish that
without the Suse box needing two nics. You will need to determine which type
of VPN you will want to run. Then, forward the applicable port(s) to from your
cisco router to your Suse box and set up route tables accordingly.

Maybe if you provide some more specifics about your network topology we can
help some more. If in fact you are trying to setup a VPN between two LAN's or
PC's or whatever, this is not an uncommon thing to do with Linux... you just
need to figure out which method you want to use.

Cheers,
-Rob

More information about the Discuss mailing list