FirstServed Tech Blog - FirstServed and the Art of Server Tuning

Posts Tagged ‘network’

Iptables NAT

Tuesday, May 24th, 2011

Here is a quick and dirty iptables based NAT solution for linux servers:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 --source 192.168.0.1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j REJECT

Here we will provide internet access to the host 192.168.0.1 behind eth1 over our own internet connection on eth0.
The ip of eth0 can be dynamic. The host 192.168.0.1 will be using the ip of eth0 on the internet.

We only accept traffic from the ip 192.168.0.1, the rest is rejected.

Oh, and don’t forget to enable ipv4 forwarding in the kernel!
Add:

net.ipv4.ip_forward = 1

to /etc/sysctl.conf and run:

sysctl -p /etc/sysctl.conf

Or just run:

echo 1 > /proc/sys/net/ipv4/ip_forward

Your Milage May Vary…

Tags: , , ,
Posted in Hosting, Servers,... | No Comments »

Network Interface Bonding on Linux

Sunday, September 21st, 2008

This an easy to implement yet very usefull feature.
For instance, we use it to provide our dedicated servers with a redundant path to the network.

This small walkthrough is based on CentOS, but I’m sure you’ll be able to implement it in other distributions to after having read it.

First of all:
Enable the module in /etc/modprobe.conf and pass the necessary parameters:

alias bond0 bonding
options bond0 mode=balance-alb miimon=100

More information about these parameters and the module can be found here:
http://sourceforge.net/project/showfiles.php?group_id=24692&package_id=146474 (project documentation)
http://surfnet.dl.sourceforge.net/sourceforge/bonding/bonding.txt (direct link)

Now you have actually created your bonding device, the only thing left now is to configure it:

Change directory to the network configuration scripts:

[root@server ~]# cd /etc/sysconfig/network-scripts/

Change the scripts for the underlying interfaces, these should be slaves to the bond:

[root@server network-scripts]# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
[root@server network-scripts]# cat ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes

Now it is time to configure the bond itself, for this example I’ve chosen a DHCP configuration:

[root@server network-scripts]# cat ifcfg-bond0
DEVICE=bond0
BOOTPROTO=dhcp
ONBOOT=yes
[root@server network-scripts]#

You can now restart the network and your bond will be active:

service network restart

 

Greets,

Koen

Tags: , , ,
Posted in Hosting, Servers,... | No Comments »

Search

Categories

Tags

.NET framework Adobe Flex apache Blurry bonding CentOS citrix Citrix XenServer cloning dedicated hosting dell DNS Drawing DRBD drupal eaccelerator EDGE flash FTP GetText GPRS hosting IIS Jagged Lines Linux Mac mobile internet MySQL network PHP5 pi provisioning redundant path server servers sharepoint Skins SNMP SQL Server SSH virtualization Windows windows 2003 Xen
© 2011 FirstServed