Evgeny Pokhilko's Weblog

Programmer's den

Suse 11 workstation as a router

My task was to connect to my office through VPN from a SUSE workstation and allow another Windows machine to use office network resources. In this scenario SUSE acts as a router forwarding ip packets from the Windows machine to the office network.

I am using NetworkManager for VPN on my SUSE machine. In one of the previous articles I wrote about establishing VPN connection to a windows server from SUSE.

IP forwarding is disabled by default. You can check it with the following command:

cat /proc/sys/net/ipv4/ip_forward

It returns either 1 or 0. 1 means IP forwarding is enabled. I suppose you will see 0. Otherwise you wouldn’t read this article. But use this command later to verify that ip forwarding is enabled.

In my configuration I need to change settings of the SUSE firewall to allow IP forwarding. The settings you see in YAST are not comprehensive and they are not enough for the task.

Instead open /etc/sysconfig/SuSEfirewall2 in gedit. Add your VPN network interface name (run/sbin/ifconfig after connecting to VPN to get all active interfaces) to FW_DEV_EXT. It will make your office network external for the SUSE router. Add your internal network (where the packets will be coming from) to FW_DEV_INT. As a result SUSE knows that your internal network is your home network and your office network is external.

Change FW_ROUTE to yes. This will allow IP forwarding. I also changed FW_MASQUERADE to yes. Not sure it was necessary for my task. By the way masquerading can be configured in YAST GUI tool unlike IP forwarding.

Now if you invoke cat /proc/sys/net/ipv4/ip_forward, you should see 1 returned.

Forwarding will be performed according to your routing table. To see the routing table invoke

/sbin/route -n

Now go to your Windows machine. Say your office network is 111.222.333.0 ( and the SUSE machine IP address is 193.333.222.1.

route add mask

This will send packets going to your office network to the SUSE router.

February 24, 2010 Posted by | Networking, SUSE | , | Leave a comment