replacing an old Slackware "router" with a new one

apolinsky · 06-20-2024, 04:07 PM

For many years, my small home Lan has had an old dual processor 386 as my server. It runs Slackware 15. It has FINALLY reached the end of its seviceable life. I purchased a more modern (used) Pentium machine, put in a second NIC card, and tried to use it. Each machine runs BIND to throw out local addresses. In each case, I use the Arno configuration tool to hopefully set up Masquerading and filtering Internet traffic. To make sure I have not made any spelling or configuration errors I have copied the firewall configuration file from the old to the new machine. On the new server, I can mount my two NASes on different local addresses, 192.168.0.252 and 192.168.1.252. Computers connecting to the new server get and appropriate address, but only the NAS on the "0" network gets attached. They cannot go onto the Internet. Perhaps someone can offer a suggestion as to what I have mis-configured on the new machine, or what I might have missed. Thank you.

yvesjv · 06-20-2024, 04:19 PM

Can you upload your config files for us to review?

On another tangent that is not related to your post, you could install a third NIC (aka eth2) and make that management.
If your new Intel machine supports virtualisation, then create a VM to load your Slackware into.
If that works, bridge eth0 (make it WAN) and bridge eth1 (make it LAN).

apolinsky · 06-20-2024, 04:38 PM

I have tried to attach the configuration file, but somehow have seemingly been unsuccessful. (I have even renamed it as firewall.txt instead of firewall.conf)

yvesjv · 06-20-2024, 09:48 PM

You are Alan Polinsky of AP3D Consulting?

apolinsky · 06-21-2024, 02:27 AM

BrunoLafleur · 06-21-2024, 04:46 AM

Quote:

Originally Posted by apolinsky

For many years, my small home Lan has had an old dual processor 386 as my server. It runs Slackware 15. It has FINALLY reached the end of its seviceable life. I purchased a more modern (used) Pentium machine, put in a second NIC card, and tried to use it. Each machine runs BIND to throw out local addresses. In each case, I use the Arno configuration tool to hopefully set up Masquerading and filtering Internet traffic. To make sure I have not made any spelling or configuration errors I have copied the firewall configuration file from the old to the new machine. On the new server, I can mount my two NASes on different local addresses, 192.168.0.252 and 192.168.1.252. Computers connecting to the new server get and appropriate address, but only the NAS on the "0" network gets attached. They cannot go onto the Internet. Perhaps someone can offer a suggestion as to what I have mis-configured on the new machine, or what I might have missed. Thank you.

Why have you that adresse : 192.168.1.252 ?

You local network is for 192.168.0. in your config file.

henca · 06-21-2024, 05:26 AM

What is the netmask of your machines in your LAN? Are 192.168.1.252 and 192.168.0.252 supposed to be on the same subnet?

As BrunoLafleur wrote, there is no mention of any 192.168.1.* subnet in your firewall.conf.

regards Henrik

apolinsky · 06-21-2024, 07:00 AM

netmask is 255.255.255.0 on each network. The two NASes are on different addresses, sequestered from one another. The 192.168.1.0 network is the zone that most wifi uses, while the 192.168.0.0 network is restricted to just a few locally connected machines. The Slackware "router with two NICS has two dedicated addresses, 192.168.0.1 and 192.168.1.2 which controls the routing between the two networks.

HQuest · 06-21-2024, 09:41 AM

If your problems are around Internet access for clients on the 192.168.1.x subnet that have to cross the Slackware router to leave via 192.168.0.x subnet, make sure you have enabled ip_forward (check if "sysctl -a | grep net.ipv4.ip_forward" if is set to 1) on your Slackware router, you have allowed/configured your modem to NAT 192.168.1.x devices towards the external world, and you have a return route added at your modem to the 192.168.1.x subnet, using your Slackware router IP address as next hop.