LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-26-2003, 02:51 PM   #1
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Rep: Reputation: 15
Help! Tring to set up a linux route


Hi, Im tring to set up one of my computers to be a Linux router. I am using iptables to do this.

Here is my setup

eth0 - is my private network 192.168.0.200 mask 255.255.255.0
eth1 - The connection to my university (a public network) 172.22.85.144 255.255.252.0

The way I want it set up, is for it to do the address transaltions for eth0 only. The problem im having is that the gateway is acessible on eth1 and I had some people on eth1 side discover my gateway and use it. What I would like to do is only have it enabled on eth0 and block access to it on eth1

Here is the script I use to configre iptables:

# Delete and flush. Default table is "filter". Others like "nat" must be explici
tly stated.
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT


The internet connection here at the dorms is very unstable, this is where I have a problem. Some people found out the I run a ppp (modem) connection when the internet goes down as backup. And they have been taking up my bandwidh. I would like to fix this so I do not have to keep shuting down eth1 everytime the modem starts up.

This is the iptables script I use when Im on the modem:
# Delete and flush. Default table is "filter". Others like "nat" must be explici
tly stated.
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Thanks,
Marley GPN
 
Old 08-26-2003, 03:06 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
For your nat rule try setting the "--in-interface" as well as the "--out-interface"
 
Old 08-26-2003, 03:11 PM   #3
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Original Poster
Rep: Reputation: 15
This is what happens when I try that

iptables --table nat --append POSTROUTING --in-interface
eth0 -j ACCEPT

iptables v1.2.7a: Can't use -i with POSTROUTING
 
Old 08-27-2003, 01:56 PM   #4
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Original Poster
Rep: Reputation: 15
Does anyone know how to do this?
 
Old 08-27-2003, 02:04 PM   #5
Blindsight
Member
 
Registered: Mar 2003
Distribution: Slackware
Posts: 234

Rep: Reputation: 30
Quote:
Some people found out the I run a ppp (modem) connection when the internet goes down as backup. And they have been taking up my bandwidh.
that's outstanding, heh.

Is there just one machine you use? you could just only allow your machine's IP (or even MAC if your network uses DHCP) and reject everyone else use of your gateway.
 
Old 08-27-2003, 02:28 PM   #6
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Original Poster
Rep: Reputation: 15
Here the problem with that. Im new to linux and can't figure out how to do that. If you have any example I would appriciate it if you could post them.

Thanks again
 
Old 08-27-2003, 04:03 PM   #7
Blindsight
Member
 
Registered: Mar 2003
Distribution: Slackware
Posts: 234

Rep: Reputation: 30
http://www.netfilter.org/documentati...ing-HOWTO.html

that'll teach you how to filter based on IP and mac address. ifconfig <interface> to find out your mac address.
 
Old 08-27-2003, 04:37 PM   #8
tommyj27
Member
 
Registered: May 2003
Distribution: Ubuntu, Slackware
Posts: 43

Rep: Reputation: 15
here are the relevant parts of my firewall script, should keep people out of your local network. my network is set up with two internal interfaces eth0 & eth1 and ppp0 as the external interface.

Quote:
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
echo " Configuring eth0 <-> ppp0"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

echo " Configuring eth1 <-> ppp0"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT

echo " Configuring eth0 <-> eth1"
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT

# This Option should be disabled, it logs all packets in the system log
# $IPTABLES -A FORWARD -j LOG --log-prefix iptables: --log-level notice

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pppd connects and route set up, but cannot resolve detly Linux - Networking 12 02-25-2008 10:16 PM
default route has to be set evey reboot? lucktsm Linux - Networking 3 11-28-2005 05:07 PM
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 04:34 AM
have navidia g force 2 intergrated video , and tring to install linux 8.0 , and the s RAhdin Linux - Newbie 3 03-19-2004 11:06 PM
how do you set up your Linux box to route secure wifi? richard3403 Linux - Wireless Networking 0 11-15-2003 02:40 PM


All times are GMT -5. The time now is 01:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration