Re: Routing problem with 2 ethernet cards - adsl router on first and localnet on second
- From: "D.Campagna" <ynnadrebyc@xxxxxxxxxxxxx>
- Date: Fri, 26 Oct 2007 18:57:40 +0200
Ignoramus7291 ha scritto:
You do not need two cards to do firewalling. You could have done it
with one card, if Windows boxes are on a private subnet like 10.0.0.*
or whatever.
Here's how I do it with one card.
######################################################################
Home firewall $IPTABLES -F
$IPTABLES --delete-chain
$IPTABLES --table net --flush $IPTABLES --table nat --delete-chain
# Set up IP FORWARDing and Masquerading $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE # Comp 1
$IPTABLES --append FORWARD -s 10.0.0.3 -j ACCEPT # Comp 2
$IPTABLES --append FORWARD -s 10.0.0.4 -j ACCEPT
On 2007-10-26, D.Campagna <ynnadrebyc@xxxxxxxxxxxxx> wrote:Hi all gurus,
I have the following configuration:
internet|---| u.s. robotics router|---|switch|---|linux box eth0|
adsl | | (192.168.1.98) | |------| |--------------|
|---------------------| | | |
| | |----------- | |------------- [win boxes]
|---------------
Linux is acting as web and SMB server, all works fine and I can connect
the Internet from any of the win machines and the Linux box.
Now in order to have some packet filtering and firewalling made by the
Linux box I want to change to:
internet|---| u.s. robotics router|---|eth1 of linux box |
adsl | | (192.168.1.98) | |------------------|
|---------------------| |
|------------------|
|eth0 of linux box |
|------------------|
| |------|
|switch|
|------|
| | |----------- | |------------- [win boxes]
|---------------
I tried the above but from the win boxes I cannot ping the router.
IP Forwarding is ON. I issued:
route add 192.168.0.98 eth1 (the router)
route add default gw 192.168.0.98 eth1
The result is, the Linux box connects to the Internet and I can
navigate, but still from the win boxes I cannot ping the router, nor
access the Internet.
Before posting all my experiments with iptables, SNAT, MASQUERADING et
al. I would understand why the packets from the router are not
propagated back to the win boxes, while I'm quite sure they reach the
router. The router is doing his NAT, provided the first configuration
works fine. Is perhaps this the problem? I ask this because trying to
replicate the situation I put in place of the router another Linux box
with a bogus 'external' address and with the command:
iptbles -t nat -A POSTROUTING -j SNAT --to-source 192.168.0.97 -o eth1
or
iptbles -t nat -A POSTROUTING -j MASQUERADE -o eth1
the win machines (setting the correct gateway 192.168.0.97) were able to
navigate the bogus 172.168.0.44 of the 2nd Linux box.
I achieved the same result not issuing any iptables command but just
instructing the 2nd Linux box about the route to the first:
route add 192.168.0.0 netmask 255.255.255.0 eth0
So It seems the NATed packets from the router cannot reach the win
boxes. How do I can solve the problem?
I am sorry for the stupid question but I am not an expert of IP and
would greatly appreciate any hints.
Best regards
D. Campagna
Thank you for your answer. So it 's not a better choice to have 2 network cards and separate the internet traffic from the local one?
.
- Follow-Ups:
- References:
- Prev by Date: Routing problem with 2 ethernet cards - adsl router on first and localnet on second
- Next by Date: Re: Routing problem with 2 ethernet cards - adsl router on first and localnet on second
- Previous by thread: Re: Routing problem with 2 ethernet cards - adsl router on first and localnet on second
- Next by thread: Re: Routing problem with 2 ethernet cards - adsl router on first and localnet on second
- Index(es):
Relevant Pages
|
