Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
- To: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
- Subject: [MLUG] Re: [MLUG - DISCUSSION] IPTABLES - Router help
- From: George Robb <EMAIL:PROTECTED>
- Date: Thu, 8 Mar 2007 13:14:17 -0600
- Cc: MLUG Members <EMAIL:PROTECTED>
- Delivery-date: Thu, 08 Mar 2007 13:15:31 -0600
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=HsSXY7N7fiGhoELYFQVzVSBbIHrYhfukH7lZdwy/6oLlrhL/7eNuTpdhiSGl6dJ9Cnu5AbRPPa+6zTdpgZijQqApCXIkst9IDLJUvUTi2Dx+/iNWKUWiF7dqncnm/J2C31og9pZIJNOaalOfqVtaKPMRcwPMTjg6eMGIAkm4QEo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=cGRm5n+tllxTTjC2jiEJ0VlrGBuZmns4sjmam5iT+cPJNLwvSnQqfgQxua6CDh4WBRvKWEB3B+YLw+beD43v6jDU4tP7Hibau1x+HJUWBInP0pKtr6FVEDRlBOtTOlWbIrwltY5Y7mx0W8/k3zZueBOSf8P64ZJIEGo0RVIAsLc=
- Envelope-to: EMAIL:PROTECTED
- In-reply-to: <EMAIL:PROTECTED>
- References: <EMAIL:PROTECTED> <EMAIL:PROTECTED> <EMAIL:PROTECTED>
- Reply-to: MLUG Members <EMAIL:PROTECTED>
- Sender: EMAIL:PROTECTED
I cc'd the members list too... (Get more eyes on the problem );)
Don't forget to flush before you insert tables (clear the cruft and
start with a clean slate each time). Your logic to me seems correct
in the statements.
Can you give it a safe test with out destroying your environment?
Here is a great reset script just in case:
http://www.faqs.org/docs/iptables/include.flushiptables.html
George
On Mar 8, 2007, at 12:35 PM, Brandon West wrote:
The problem with example 5.2 is that it's doing NAT routing. The
network I am using is standalone using private address space--
really nothing to do with "home networking" I want to route from
one subnet to another.
Might I use this?
iptables -I FORWARD -i 192.168.0.0/255.255.255.0 -d
192.168.1.0/255.255.255.0 -j ACCEPT
iptables -I FORWARD -i 192.168.1.0/255.255.255.0 -d
192.168.0.0/255.255.255.0 -j ACCEPT
--Brandon
Remembering you're not yourself is easy. Forgetting to remember
that you aren't remembering if you are yourself is slightly harder.
On Mon, 5 Mar 2007, George Robb wrote:
I was sure someone would beat me to this.
I'm using Gentoo and have a setup darn near identical to this:
http://www.gentoo.org/doc/en/home-router-howto.xml
Only difference is that I'm using it to be a bridge for my
wireless network in the house to a wired network out in the
garage... (yea, yea, I'm lazy for not stringing some cat-5 but,
it works and it is a P.O.S. laptop that I don't care if it gets
destroyed.) ;)
The iptables instructions are very well written in my opinion take
a look at code listing 5.2.
Hope this helps,
George
On Mar 5, 2007, at 1:45 PM, Brandon West wrote:
A re-send. I don't think it went through the first times. Sorry
in advance for a duplicate.
I knew how to configure a router via ipchains, but haven't used
iptables in the same manner to do this.
This is my setup: eth0 192.168.0.1
eth1 192.168.1.1
I have comptuers on the "0" subnet as well as the "1" subnet. So
I need to get linux to route the packets to/from the client
192.168.1.10 to the server on 192.168.0.10.
For example what I'd do in the past is this:
ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d
192.168.0.0/24 -b
That would allow the linux box to then allow data to be moved
across the two different subnets.
While this is a simple example of what I need to do, in reality,
I have 4 subnets that need to be routed, say 192.168.0.0,
192.168.1.0, 192.168.2.0 and 192.168.3.0.
So my ipchains commands to route this network would be:
#routes from 0 to 1
ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d
192.168.1.0/24 -b
#routes from 0 to 2
ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d
192.168.2.0/24 -b
#routes from 0 to 3
ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d
192.168.3.0/24 -b
#routes from 1 to 2
ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d
192.168.2.0/24 -b
#routes from 1 to 3
ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d
192.168.3.0/24 -b
#routes from 2 to 3
ipchains -I forward -j ACCEPT -s 192.168.2.0/24 -d
192.168.3.0/24 -b
Thus the above example allows all the subnets to talk to eachother.
Then back in the day of ipchains I used to setup a script of some
sort with the above info in it, so that when you rebooted your
router would work. Is there a way to write this to the default
table upon boot?
Thanks in advance,
Brandon
PS, I only need to know how to use iptables in the first example,
I can figure out everything else from there.
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact