Red Hat ENTERPRISE LINUX 4 System Administration Manual page 201
Hide thumbs
Also See for ENTERPRISE LINUX 4:
- Manual (410 pages) ,
- Administration manual (200 pages) ,
- Installation manual (110 pages)
Table of Contents
Advertisement
Administrators must, therefore, find alternative ways to share access to Internet services without giving
public IP addresses to every node on the LAN. Using private IP addresses is the most common way of
allowing all nodes on a LAN to properly access internal and external network services.
Edge routers (such as firewalls) can receive incoming transmissions from the Internet and route the
packets to the intended LAN node. At the same time, firewalls/gateways can also route outgoing
requests from a LAN node to the remote Internet service.
This forwarding of network traffic can become dangerous at times, especially with the availability of
modern cracking tools that can spoof internal IP addresses and make the remote attacker's machine
act as a node on your LAN.
To prevent this, iptables provides routing and forwarding policies that can be implemented to
prevent abnormal usage of network resources.
The FORWARD chain allows an administrator to control where packets can be routed within a LAN. For
example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal
IP address on eth1), use the following rules:
[root@myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
[root@myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT
This rule gives systems behind the firewall/gateway access to the internal network. The gateway
routes packets from one LAN node to its intended destination node, passing all packets through its
eth1 device.
Note
By default, the IPv4 policy in Red Hat Enterprise Linux kernels disables support for IP
forwarding. This prevents machines that run Red Hat Enterprise Linux from functioning as
dedicated edge routers. To enable IP forwarding, use the following command:
[root@myServer ~ ] # sysctl -w net.ipv4.ip_forward=1
This configuration change is only valid for the current session; it does not persist beyond
a reboot or network service restart. To permanently set IP forwarding, edit the /etc/
sysctl.conf file as follows:
Locate the following line:
net.ipv4.ip_forward = 0
Edit it to read as follows:
net.ipv4.ip_forward = 1
Use the following command to enable the change to the sysctl.conf file:
FORWARD and NAT Rules
183
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat ENTERPRISE LINUX 4
Related Products for Red Hat ENTERPRISE LINUX 4
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
Need help?
Do you have a question about the ENTERPRISE LINUX 4 and is the answer not in the manual?
Questions and answers