Omv: two interfaces as gateway.

  • Hi!


    My office moved the file server to OpenMediaVault: I found it very clear and responsive.
    I would like to configure two interfaces, so that I can make the server acting as gateway for all the clients inside the office.


    This is my configuration:


    eth0 : external
    ip 192.168.1.1
    gateway 192.168.1.254
    dns 62.101.93.101 (from isp)


    eth1 : internal
    ip 192.168.0.1
    gateway 192.168.0.1
    dns 192.168.1.1 (from isp)


    Dhcp
    range 192.168.0.10, 192.168.0.20
    gateway 192.168.0.1
    dns 192.168.1.1


    Is it possible to configure ip fowarding to reach internet from internal network?


    Thank you,
    Riccardo

  • Thank you Sc0rp,


    will /etc/sysctl.conf be overwritten during updates?


    Why should this solution be weaker than a network where the server and clients are on an equal level, just behind the router?
    You mean a dual-nic to directly forward the traffic for the internal network?


    Riccardo

  • Re,


    i'll not make a complete documentation over network security at all - sry, no time for that ;).


    Just take my complains and check what is more important for you: simpliness or security.
    - Best construct for security is a dedicated Dual-NIC in a vm-environment (kvm preferred).
    - The easiest way for your issue, is to split the NIC into logical units - making at least an eth0.1 device, which transports the traffic upstream. Then you have only to NAT (or technically correct PAT) your office lan via iptables to the upstream-interface. (in this case you don't need a second NIC, but you can of course upgrade my suggestion with that :D).


    will /etc/sysctl.conf be overwritten during updates?

    Afaik only in special cases, not normally while "apt-get update" ... but i never edited this file :P


    Sc0rp

  • Easy solution at commandline:

    Code
    sysctl -w net.ipv4.ip_forward=1


    Permanent - edit /etc/sysctl.conf.


    I would like to make this setting via switch within webif, but don't know about the level of risk manegement.


    regards

    Auch das geht vorbei ...

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!