NetMAXFAQ : Routing / Fire Wall / Proxy Cache :
I have more than one NIC in my NetMAX machine, how do I enable routing between them?
address-suppressed
L2.2Pv2.1
There is a problem with NetMAX Fire Wall/Professional version L2.2Pv2.1 where routing between networks is disabled by default, not allowing NetMAX to act as a router.
To enable routing (if your route table allows it), type the following command at the command line:
echo 1 > /proc/sys/net/ipv4/ip_forward
You can also ensure that this is enabled whenver your NetMAX machine is rebooted by adding this command to your /etc/start_if.generic file. Make sure that you enter the command below the line containing the command "/usr/netmax/etc/rc.d/natd.sh restart". Routing will then be enabled whenever you reboot the NetMAX server. This problem only applies to NetMAX L22Pv2.1 and can also be resolved by installing the L22Pv2.2 upgrade which is available at http://www.netmax.com/support/downloads.html
L2.2Pv3.x
In the interest of security, NetMAX FireWall/Professional version L2.2Pv3.1 and later only forwards traffic between "known" network interfaces (by default). This means that routing between all network interfaces will work fine; however, traffic with a source or destination address not on any of those known networks will not be forwarded (routed). This means that if you are using your NetMAX as a gateway to the Internet, more than likely you will be able to route traffic from your internal network to your ISP's network, but not past your ISP's network.
Although this is intended, it is was not documented in the manual.
The easy way to do this is to change your default forward policy to accept which will allow all traffic (traffic with a source or destination address on other networks) to use your router, you will want to issue the following commands from the command line, logged in as root:
echo /sbin/ipchains -P forward ACCEPT >> /etc/rc.firewall.local chmod +x /etc/rc.firewall.local /etc/rc.firewall.local
The more secure method would be to add custom firewall forward rules to each interface that will statically allow the routing between the two network cards for all traffic.
If you are doing NAT, no forward rules are created by default. So if you have more than one internal network interface, routing between the internal networks will not be allowed, by default. So you will have to manually create custom forward rules, or change the default forward policy, same as above.
L2.4Pv4.0x
In the interest of security, NetMAX FireWall/Professional version L2.2Pv3.1 and later only forwards traffic between "known" network interfaces (by default). This means that routing between all network interfaces will work fine; however, traffic with a source or destination address not on any of those known networks will not be forwarded (routed). This means that if you are using your NetMAX as a gateway to the Internet, more than likely you will be able to route traffic from your internal network to your ISP's network, but not past your ISP's network.
Although this is intended, it is was not documented in the manual.
The easy way to do this is to change your default forward policy to accept which will allow all traffic (traffic with a source or destination address on other networks) to use your router, you will want to issue the following commands from the command line, logged in as root:
NetMAX 4.x uses iptables instead of ipchains, so the command to change the default forward policy is slightly different from L2.2Pv3.x. Please note that we strongly recommend creating custom firewall rules for forwarding instead of changing the default forward policy. Custom firewall rules are more secure, will be backed up with the NetMAX configuration backup, do not require command line access, and will be retained during upgrades.
echo /sbin/iptables -P FORWARD ACCEPT >> /etc/rc.firewall.local chmod +x /etc/rc.firewall.local /etc/rc.firewall.local
The more secure method would be to add custom firewall forward rules to each interface that will statically allow the routing between the two network cards for all traffic.
If you are doing NAT, no forward rules are created by default. So if you have more than one internal network interface, routing between the internal networks will not be allowed, by default. So you will have to manually create custom forward rules, or change the default forward policy, same as above.
address-suppressed
How do I enable NAT?