Suse 11 workstation as a router
My task was to connect to my office through VPN from a SUSE workstation and allow another Windows machine to use office network resources. In this scenario SUSE acts as a router forwarding ip packets from the Windows machine to the office network.
I am using NetworkManager for VPN on my SUSE machine. In one of the previous articles I wrote about establishing VPN connection to a windows server from SUSE.
IP forwarding is disabled by default. You can check it with the following command:
cat /proc/sys/net/ipv4/ip_forward
It returns either 1 or 0. 1 means IP forwarding is enabled. I suppose you will see 0. Otherwise you wouldn’t read this article. But use this command later to verify that ip forwarding is enabled.
In my configuration I need to change settings of the SUSE firewall to allow IP forwarding. The settings you see in YAST are not comprehensive and they are not enough for the task.
Instead open /etc/sysconfig/SuSEfirewall2 in gedit. Add your VPN network interface name (run/sbin/ifconfig after connecting to VPN to get all active interfaces) to FW_DEV_EXT. It will make your office network external for the SUSE router. Add your internal network (where the packets will be coming from) to FW_DEV_INT. As a result SUSE knows that your internal network is your home network and your office network is external.
Change FW_ROUTE to yes. This will allow IP forwarding. I also changed FW_MASQUERADE to yes. Not sure it was necessary for my task. By the way masquerading can be configured in YAST GUI tool unlike IP forwarding.
Now if you invoke cat /proc/sys/net/ipv4/ip_forward, you should see 1 returned.
Forwarding will be performed according to your routing table. To see the routing table invoke
/sbin/route -n
Now go to your Windows machine. Say your office network is 111.222.333.0 (255.255.255.0) and the SUSE machine IP address is 193.333.222.1.
route add 111.222.111.0 mask 255.255.255.0 193.123.222.1
This will send packets going to your office network to the SUSE router.
About
My interests are C++, Linux, .NET and algorithms. I write about awesome things that surprised me or I want to document something useful for me and others.
I am also a maintainer and developer of EncryptPad project – open source application for editing symmetrically encrypted text in OpenPGP format and also a tool for encrypting binary files on disk.
-
Recent
- OpenGL hardware acceleration through remote X11 SSH connection
- GDB: How do I set current source file for list and break commands
- How To Create and Seed a Torrent (Ubuntu server, Transmission)
- GIT TF: Undo shallow pull and pull squashed changeset
- Lynx on Windows 7 and lynx_bookmarks.html file problem
- Old MacBook Overheating and Installation of Mac OS 10.4 on New Hard Drives
- Memory Alignment Of Structures and Classes in C++
- Align label and input vertically
- Google Test Framework and Visual Studio 2010
- Convex Hull
- Run a bash script with sudo, nohup and in the background
- Contact database with web interface – EVPO Members
-
Links
-
Archives
- March 2017 (1)
- May 2015 (1)
- January 2015 (1)
- November 2014 (1)
- October 2014 (1)
- March 2014 (1)
- January 2014 (1)
- June 2013 (1)
- May 2013 (2)
- February 2012 (2)
- October 2010 (1)
- February 2010 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS
Evgeny Pokhilko's Weblog 