LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help! Tring to set up a linux route (https://www.linuxquestions.org/questions/linux-networking-3/help-tring-to-set-up-a-linux-route-85972/)

MarleyGPN 08-26-2003 02:51 PM
Help! Tring to set up a linux route
 
Hi, Im tring to set up one of my computers to be a Linux router. I am using iptables to do this.

Here is my setup

eth0 - is my private network 192.168.0.200 mask 255.255.255.0
eth1 - The connection to my university (a public network) 172.22.85.144 255.255.252.0

The way I want it set up, is for it to do the address transaltions for eth0 only. The problem im having is that the gateway is acessible on eth1 and I had some people on eth1 side discover my gateway and use it. What I would like to do is only have it enabled on eth0 and block access to it on eth1

Here is the script I use to configre iptables:

# Delete and flush. Default table is "filter". Others like "nat" must be explici
tly stated.
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT


The internet connection here at the dorms is very unstable, this is where I have a problem. Some people found out the I run a ppp (modem) connection when the internet goes down as backup. And they have been taking up my bandwidh. I would like to fix this so I do not have to keep shuting down eth1 everytime the modem starts up.

This is the iptables script I use when Im on the modem:
# Delete and flush. Default table is "filter". Others like "nat" must be explici
tly stated.
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Thanks,
Marley GPN

david_ross 08-26-2003 03:06 PM
For your nat rule try setting the "--in-interface" as well as the "--out-interface"

MarleyGPN 08-26-2003 03:11 PM
This is what happens when I try that

iptables --table nat --append POSTROUTING --in-interface
eth0 -j ACCEPT

iptables v1.2.7a: Can't use -i with POSTROUTING

MarleyGPN 08-27-2003 01:56 PM
Does anyone know how to do this?

Blindsight 08-27-2003 02:04 PM
Quote:
Some people found out the I run a ppp (modem) connection when the internet goes down as backup. And they have been taking up my bandwidh.
that's outstanding, heh.

Is there just one machine you use? you could just only allow your machine's IP (or even MAC if your network uses DHCP) and reject everyone else use of your gateway.

MarleyGPN 08-27-2003 02:28 PM
Here the problem with that. Im new to linux and can't figure out how to do that. If you have any example I would appriciate it if you could post them.

Thanks again

Blindsight 08-27-2003 04:03 PM
http://www.netfilter.org/documentati...ing-HOWTO.html

that'll teach you how to filter based on IP and mac address. ifconfig <interface> to find out your mac address.

tommyj27 08-27-2003 04:37 PM
here are the relevant parts of my firewall script, should keep people out of your local network. my network is set up with two internal interfaces eth0 & eth1 and ppp0 as the external interface.

Quote:
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
echo " Configuring eth0 <-> ppp0"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

echo " Configuring eth1 <-> ppp0"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT

echo " Configuring eth0 <-> eth1"
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT

# This Option should be disabled, it logs all packets in the system log
# $IPTABLES -A FORWARD -j LOG --log-prefix iptables: --log-level notice

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE


All times are GMT -5. The time now is 06:30 AM.