LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   how to make forward between two network cards in the same pc (https://www.linuxquestions.org/questions/linux-networking-3/how-to-make-forward-between-two-network-cards-in-the-same-pc-744698/)

hdinn 08-03-2009 03:49 AM
how to make forward between two network cards in the same pc
 
hello everybody,
Actually i've a pc with two network cards and i want to make my pc as a netfilter firewall ,thus a packet enters in the NIC A and goes out from the NIC B and with the IP address i can filter so i can ACCEPT or DROP from the IP addresses and when a packet is accepted it passes from A card to B using Iptables.

thank you very match.

zhjim 08-03-2009 04:03 AM
Heres an article on how to setup a "gateway".

http://www.linuxjournal.com/article/3866

This will be a very good thing learning wise. If you just prefere a out of the box solution there are linux firewall distribution. check out endian, shorewall, ipcop. There sure are more.

hdinn 08-03-2009 04:31 AM
Quote:
Originally Posted by zhjim (Post 3629303)
Heres an article on how to setup a "gateway".

http://www.linuxjournal.com/article/3866

This will be a very good thing learning wise. If you just prefere a out of the box solution there are linux firewall distribution. check out endian, shorewall, ipcop. There sure are more.
thank you zhjim for your answer,but if i want to forward a packet do i have to mention the IP address of card IN and then the card OUT????or when I put the rule in the FORWARD chain it will be automatically done.
because as I read in documents when a packet arrives not destined to the card A(IN) it will be routed ,but routed where?? so i have to mention the out IP address

zhjim 08-04-2009 06:42 AM
Quote:
Originally Posted by hdinn
or when I put the rule in the FORWARD chain it will be automatically done.
As you normal define some condition witht the -s option of iptables. So to have all the ip's in the 192.168.0.0/24 range to be masqueraded you would do:

Code:
iptables -A PREROUTING -s 192.168.0.0/24 -j MASQUERADE
If you leave out the source option all the packages that arrive would match this rule.
I think what you are looking for is the -i option. This can be used to tell iptables to match on a certain incoming interface.
Example for eth0 as interface to local network
Code:
iptables -A PREROOUTING -i eth0 -s 192.168.0.0/24 -j MASQUERADE
This would bring all the packets which match the ip('s) and the incoming interface to be masqueraded and forwarded to the internet. To match on the outgoing interface use -o.


So how or where something is routed depends on the rules and the according matches you setup.

*Sidenote*
I guess that if you just would do a
Code:
iptables -A PREROUTING -j MASQUERAD
all packages coming into the machine would be masqueraded.


Quote:
Originally Posted by hdinn
because as I read in documents when a packet arrives not destined to the card A(IN) it will be routed ,but routed where?? so i have to mention the out IP address
Totaly right on that one. You can use the -o options to tell where you want the packets to leave the machine.
I just read up on the tutorial link I gave you. It's neither clear nor suiting your needs (I just used the first link that came up from google). Here is a better one which just describes how to setup a linux gateway to connect your local network to the world wide web.

http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

Taken from netfilter.org


take a look at the link below to get some more inside into iptables and a bit of networking with linux.
http://www.netfilter.org/documentati...umentation-faq


All times are GMT -5. The time now is 05:26 AM.