FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two subnets. There is a machine with two NICs which should act as a router by forwarding packets between its two NICs. The router's first NIC has an IP 10.1.0.10 and the second NIC's IP is 192.168.13.254 (it works as a gateway for the second subnet). I put all the necessary rules in the "iptables" like
These rules should allow HTTP and SSH to connect the 192.168.13.0 net. I also set both /etc/sysctl.conf's "ip_forwarding" and /proc/sys/net/ipv4/ip_forward to 1.
The ping from second subnet's machine (192.168.13.1) to the rounter's both IPs works. That is:
ping from 192.168.13.1 to 192.168.13.254 works
ping from 192.168.13.1 to 10.1.0.10 works
But pinging does not work the same way when I do it from the first's subnet machine. That is:
ping from 10.1.0.1 to 10.1.0.10 works
ping from 10.1.0.1 to 192.168.13.254 fails
Probably I miss some configuration in the router which as a results allows packet forwarding only in one direction (from second subnet to the first one but not the opposite).
As a results the machines in these two subnets cannot see each other (ping fails).
Making SSH from both subnets to the router works.
Does anyone know how can I make the forwarding to work equally between two NIC ? Can it be that the problem relates to the NICs ? The first NIC is mounted on the PCI slot while the second one is onboard.
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
IP forwarding or MAsquerading in its basic a one way gateway. Easy to go from one to the other but not the other because it is acting as a firewall in the oppisite direction. There a few ways back through. The only one I know of and used is DNAT.
Example /sbin/iptables -t nat -A PREROUTING -i xxx.xxx.xxx.xxx -p tcp -d 22 --dport 22 -j DNAT --to-destination 192.168.69.69:22
This is forwarding external IP xxx.xxx.xxx.xxx port 22 to and internal IP port 22.
Now this might work as a fully open DNAT. Not sure though. It will problaby be similiar to this but I may have the options wrong.
/sbin/iptables -t nat -A PREROUTING -i 0.0.0.0 -j DNAT --to-destination 192.168.13/24
or maybe
/sbin/iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination eth1
iptables -A FORWARD -s 10.1.0.0/24 -d 0.0.0.0 -j ACCEPT
is that initially I wanted to forward only HTTP and SSH connections from 10.1.0.0 to 192.168.13.0 and drop all the others. On the other hand I wanted to allow all the protocoles that would go from 192.168.13.0 to 10.1.0.0 (that is why I placed the first three explicit rules).
I tried the rules with DNAT as well but without success. My confusing is how the router decides what direction to forward the packets if it does not look at the iptables rules ? Becuase it is clearly said to forward it both ways with some restrictions. If we cannot rely on iptables how can we manage the router at all ? Consequently it becomes impossible to make two machines in different subnets to see each other.
Thank you very much for your support.
Here is the output of the "route -n" command
[HTML]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.13.0 0 0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1[/HTML]
It's strange but I do not know where the last line with IP 169.254.0.0 came from. Can it be the source of the problem ?
The 10.1.0.1 is a Windows machine (WinXP installed). I do not know if this is of any help but below you can find the output of "route PRINT" command issued on this machine.
the ping worked from 10.1.0.1 to 192.168.13.254 together with SSH. I could hardly think that this problem could be from the routing settings of the Windows machine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.