need to force seperate subnets out via different gateways on debian 6.0.1 iptables

Zagaz · 12-22-2012, 06:41 PM

hey Guys,

I have a box running debian 6 with 3 NICs
192.168.52.0/24 --> etho --> debian-|
|--> eth2--> net
192.168.1.0/24 --> eth1 --> debian-|

the eth2 interface has 2 ip adresses both 172.16.1.2(gw 172.16.1.1) and 10.10.10.2(gw 10.10.10.1)

# The tertiary network interface - Outside interface
allow-hotplug eth2
iface eth2 inet static
address 172.16.1.2
netmask 255.255.255.252
network 172.16.1.0
broadcast 172.16.1.3
gateway 172.16.1.1
dns-nameservers 8.8.8.8

iface eth2:0 inet static
address 10.10.10
netmask 255.255.255.252
network 10.10.10.0
broadcast 10.10.10.3
gateway 10.10.10.1
dns-nameservers 8.8.8.8

id like to have an iptables firewall and have the 192.168.52.0 range on the net via 172.16.1.1 dsl router and the 192.168.1.0 range via the 10.10.10.1 isdn router. is this purely an iptables job or will there be some other stuff involved too? - im new to iptables

Envite · 12-23-2012, 12:29 PM

You are talking about routing, not firewalling.

You'll need some routing tables and routing rules.

As for the routing table, something like
ip route add table 1 192.168.52.0/24 dev eth2 proto kernel scope link src 172.16.1.2
ip route add table 1 default via 172.16.1.1 dev eth2

And as for the routing rule, something like
ip rule add from 172.16.1.2 lookup 1

Regards

Zagaz · 12-23-2012, 04:31 PM

ill give it a shot, but then how do i firewall these two conncetions?

Envite · 12-26-2012, 05:13 AM

You firewall them as usual, with iptables. You only need to be sure to put correct source or destination address in the rules to avoid them catch all connections.