[NTLUG:Discuss] pass all packets between two nics

Jack Snodgrass jack+ntlug at mylinuxguy.net
Wed Jun 4 07:26:07 CDT 2003 

On Wed, 04 Jun 2003 03:08:48 -0500, severia wrote:

> Howdy,
>    I set up a SuSE 8.2 box that will be a VPN server, I hope.  I want to 
> prove to myself that having this box in the path between their internet 
> connection and the rest of the office will not cause any problems.  I think 
> I should start by connecting one nic to the Cisco router and the second nic 
> to the office switch that the router currently goes to.  I need to have my 
> new machine pass everyhing between the two nics.  This leads me to several 
> questions.
>    1.  Is there a name for what I want the computer to do with the two 
> nics?  I ask because I have been searching for details on how to do this 
> without success.  If there is some term I should search on, maybe my luck 
> would be better.

Are you replacing an existing service or adding something new? 

I've got this setup at home, and I think it's what you want to do:

linux router 
eth0: dsl: public IP Address
eth1: internal network: private IP Address. 

I use iptables to setup the firewall between eth0 and eth1. 

Any traffic going from the private network to the public ( Internet ) 
use iptables MASQUERADE and use the public IP Address. 

for VPN, I use vtund but there are other linux VPN packages 
out there.  Basically, an outside user connects to your 
linux router/vpn box using the public IP, signs in, and gets
assigned a private ip address on your network. 

>    2. I was going to start by leaving ethereal running for a few days 
> monitoring one of the nics.  From reading the ethereal manual, I see this 
> is not the normal way people run ethereal.  The manual suggests plugging 
> the monitored nic into a hub(not a switch) that carries traffic you want to 
> monitor and I can see why this is the normal case.  My machine will need to 
> be in the middle to unencrypt and pass traffic to the internal network from 
> the insecure internet.  Is there a problem with what I propose?

you don't need this. 

>    3.  SuSE does not include the autologin package.  Is this just because 
> it is nrmally a security risk or is there something odd abut SuSE that 
> causes problems for autologin?  In the case of power failures, I need to 
> have this machine restart so the customer can still use the net.

you don't need this either. I'm not 100% sure how it's set up on susie but
generally, you have startup scrips that run when the box boots. You don't 
run things when your 'userid' logs in. So you set up any special
networking or VPN stuff in the startup scripts. on RedHat, it's in 
/etc/rc.d/rc.local

jack 



> Your comments will be welcomed,
> Ralph

More information about the Discuss mailing list