Help! Tring to set up a linux route
Hi, Im tring to set up one of my computers to be a Linux router. I am using iptables to do this.
Here is my setup eth0 - is my private network 192.168.0.200 mask 255.255.255.0 eth1 - The connection to my university (a public network) 172.22.85.144 255.255.252.0 The way I want it set up, is for it to do the address transaltions for eth0 only. The problem im having is that the gateway is acessible on eth1 and I had some people on eth1 side discover my gateway and use it. What I would like to do is only have it enabled on eth0 and block access to it on eth1 Here is the script I use to configre iptables: # Delete and flush. Default table is "filter". Others like "nat" must be explici tly stated. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain # Set up IP FORWARDing and Masquerading iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT The internet connection here at the dorms is very unstable, this is where I have a problem. Some people found out the I run a ppp (modem) connection when the internet goes down as backup. And they have been taking up my bandwidh. I would like to fix this so I do not have to keep shuting down eth1 everytime the modem starts up. This is the iptables script I use when Im on the modem: # Delete and flush. Default table is "filter". Others like "nat" must be explici tly stated. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain # Set up IP FORWARDing and Masquerading iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT Thanks, Marley GPN |
For your nat rule try setting the "--in-interface" as well as the "--out-interface"
|
This is what happens when I try that
iptables --table nat --append POSTROUTING --in-interface eth0 -j ACCEPT iptables v1.2.7a: Can't use -i with POSTROUTING |
Does anyone know how to do this?
|
Quote:
Is there just one machine you use? you could just only allow your machine's IP (or even MAC if your network uses DHCP) and reject everyone else use of your gateway. |
Here the problem with that. Im new to linux and can't figure out how to do that. If you have any example I would appriciate it if you could post them.
Thanks again |
http://www.netfilter.org/documentati...ing-HOWTO.html
that'll teach you how to filter based on IP and mac address. ifconfig <interface> to find out your mac address. |
here are the relevant parts of my firewall script, should keep people out of your local network. my network is set up with two internal interfaces eth0 & eth1 and ppp0 as the external interface.
Quote:
|
All times are GMT -5. The time now is 06:30 AM. |