Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
On the middleman machine when I analyse the traffic using Wireshark, I can only see the outbound traffic, I don't see any traffic from gateway->host only host-gateway
The traffic must be passing through both ways because the host has Internet access.
How can I modify the iptables rules to see the traffic both ways?
Two thoughts. Try using iftop, see what that reports.
I use firestarter for exactly the same kind of setup and see everything. It also adds so many more routing options without having to think about it.
Two thoughts. Try using iftop, see what that reports.
I use firestarter for exactly the same kind of setup and see everything. It also adds so many more routing options without having to think about it.
Thanks, I have installed firestarter, but I don't see any option to route traffic, how have you done it?
I think we would need more information to really be able to dig into this. To route traffic you really just need to set up the something like echo "1" > /proc/sys/net/ipv4/ip_forward. But, we need a clearer picture of your network like what is the gateways IP and a diagram of the network as far as connections. Is the host using the middleman as it's gateway? Is the Gateway on the same 192.168.0.x subnet?
At a quick glance it looks like you are attempting to do routing with DNAT and SNAT which shouldn't be necessary (depending on some of the missing info) and could be the cause of your issues with following traffic in wireshark.
I think we would need more information to really be able to dig into this. To route traffic you really just need to set up the something like echo "1" > /proc/sys/net/ipv4/ip_forward. But, we need a clearer picture of your network like what is the gateways IP and a diagram of the network as far as connections. Is the host using the middleman as it's gateway? Is the Gateway on the same 192.168.0.x subnet?
At a quick glance it looks like you are attempting to do routing with DNAT and SNAT which shouldn't be necessary (depending on some of the missing info) and could be the cause of your issues with following traffic in wireshark.
I do use ipforward this way, the command I use before the iptables rules is:
echo "1" > /proc/sys/net/ipv4/ip_forward
About the network: Everything is on the same subnet (192.168.0.x) gateway is 192.168.0.1, there is just one host besides the middle man, and yes the middleman uses the normal gateway directly. The host however, sees the middleman as its gateway (not 192.168.0.1).
Perfect. In that case I don't believe that you need to do the Natting as they are all on the same subnet anyway. Just make sure that iptables is set up to allow outgoing traffic coming from the 192.168.0.x subnet. In my own set up I use separate chains for traffic from the firewall itself and from traffic it is forwarding from the internal network.
You should be able to remove the PREROUTING and POSTROUTING all together. On my firewalls I use a separate chain for network traffic vs traffic originating or terminating at the firewall. The concept that needs to be understood is that routing is a separate thing from firewalling. Meaning that if you have forwarding set to 1 in ip_forward your middleman box will route the traffic even with the firewall turned off. IPTables doesn't do the routing for you.
Here is an example
$IPT -A FORWARD -i ethx -j OUT_NETWORK
$IPT -N OUT_NETWORK
$IPT -A OUT_NETWORK -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUT_NETWORK -m state --state NEW -p tcp --dport 80 -j ACCEPT # http
Without using the separate chains you would use OUTPUT
$IPT -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT # http
That will only allow port 80 through the firewall. To allow all traffic you'd need something like
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT or
Or alternatively if the gateway is already doing firewalling and there is no public (Internet IP's) on the the middleman you could turn off the firewall on the middleman entirely.
Ok, I have no firewall turned on and I have turned on ip_forward. I have not used any iptables rules. The host has full internet access through the middleman, but I have the same problem which is I can see outbound traffic, but I can't see inbound. When inbounc traffic occurs, Wireshark shows a 'ICMP REDIRECT' and does not let me see the contents.
After reading up a bit on ICMP Redirects, it looks like this is a message to the host telling it there is a more direct route to the real gateway. But this doesn't make sense because if that were true then I would not see the outgoing traffic.
Are the gateway middleman and host all connected to a router by chance? If that is the case you would see exactly what you are describing. Seeing as they are all on the same subnet they can route directly.
Are the gateway middleman and host all connected to a router by chance? If that is the case you would see exactly what you are describing. Seeing as they are all on the same subnet they can route directly.
Thanks for your help on this!
The gateway is the router. It's a Netgear DG834GT ADSL router. The host and middleman are connected to the router. The middleman sees the router as its gateway and the host sees the middleman as its gateway.
In that case what you are seeing is exactly how routing works. The gateway takes the most direct path to the host which in this case is directly connected to the router
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.