NetMAXFAQ: I have more than one NIC in my NetMAX machine, how do I enable routing between them?

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
I have more than one NIC in my NetMAX machine, how do I enable routing between them?

Applies to: NetMAX Fire Wall and Professional L2.2Pv2.1 & L2.2Pv3.x
address-suppressed

L2.2Pv2.1

There is a problem with NetMAX Fire Wall/Professional version L2.2Pv2.1 where routing between networks is disabled by default, not allowing NetMAX to act as a router.

To enable routing (if your route table allows it), type the following command at the command line:

echo 1 > /proc/sys/net/ipv4/ip_forward

You can also ensure that this is enabled whenver your NetMAX machine is rebooted by adding this command to your /etc/start_if.generic file. Make sure that you enter the command below the line containing the command "/usr/netmax/etc/rc.d/natd.sh restart". Routing will then be enabled whenever you reboot the NetMAX server. This problem only applies to NetMAX L22Pv2.1 and can also be resolved by installing the L22Pv2.2 upgrade which is available at http://www.netmax.com/support/downloads.html

L2.2Pv3.x

In the interest of security, NetMAX FireWall/Professional version L2.2Pv3.x only forwards traffic between "known" network interfaces (by default). This means that routing between all network interfaces will work fine; however, traffic with a source or destination address not on any of those known networks will not be forwarded (routed). This means that if you are using your NetMAX as a gateway to the Internet, more than likely you will be able to route traffic from your internal network to your ISP's network, but not past your ISP's network.

Although this is intended, it is was not documented in the manual.

The easy way to do this is to change your default forward policy to accept which will allow all traffic (traffic with a source or destination address on other networks) to use your router, you will want to issue the following commands from the command line, logged in as root:

echo /sbin/ipchains -P forward ACCEPT >> /etc/rc.firewall.local

chmod +x /etc/rc.firewall.local

/etc/rc.firewall.local

The more secure method would be to add custom firewall forward rules to each interface that will statically allow the routing between the two network cards for all traffic.

If you are doing NAT, no forward rules are created by default. So if you have more than one internal network interface, routing between the internal networks will not be allowed, by default. So you will have to manually create custom forward rules, or change the default forward policy, same as above.
address-suppressed

Previous:	Why do my Windows users get "invalid password" errors when attempting to fileshare?
Next:	Troubleshooting VPN client connections

This document is: http://www.netmax.org/cgi-bin/fom.cgi?file=430

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.

This FAQ administered by ...Cybernet Systems Corp.