I have a debian server with 3 NICs: eth0, eth1 and eth2
- eth0: outside world
- eth1: inside private network
- eth2: inside public network
The idea is to provide internet with networking on eth1 (domain setup). eth2 is for public wireless access so that guests can come and use the internet, but not be able to get on the private network.
The dhcp setup is:
- eth0: dhcp assigned
- eth1: 192.168.100.1
- eth2: 192.168.101.1
I am getting DNS lookups, DHCP assignments all working great from both the 100 and 101 subnets. The problem is that eth2 packets (101 subnet) are not being routed to eth0. eth1 / 100subnet is working fine.
here is the "route -N" ouput:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
I added these iptables rules:
Code:
iptables -A FORWARD -i eth2 -j LOG --log-prefix "IPTABLES FORWARD: " --log-level 6
iptables -A INPUT -i eth2 -j LOG --log-prefix "IPTABLES INPUT: " --log-level 6
I get the "IPTABLES INPUT:" rules, but there is never any activity on the FORWARD chain for eth2 (eth1 does show up with this rule).
I am at a loss to why eth1 internet traffic is correctly routed through eth0, but eth2 is not.
Here is some of my iptables setup:
Code:
echo "Allowing localhost"
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A FORWARD -i eth2 -j LOG --log-prefix "IPTABLES FORWARD: " --log-level 6
iptables -A INPUT -i eth2 -j LOG --log-prefix "IPTABLES INPUT: " --log-level 6
#iptables -t nat -A PREROUTING -i eth2 -s 192.168.100.0/24 -j DNAT --to-destination 192.168.7.2
## INTRANET
# allow unlimited traffic on the intranet
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -A INPUT -j ACCEPT -i eth1
iptables -A INPUT -j ACCEPT -i eth2
iptables -A OUTPUT -j ACCEPT -o eth0
iptables -A FORWARD -j ACCEPT -i eth1
iptables -A FORWARD -j ACCEPT -i eth2
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Any ideas?
Thanks for any help