|
Help with packet forwarding
Hello.
I am trying to run a firewall to separate two lans, but can't get traffic forwarded from lan to lan. Here's part of the iptables: I am using Lenny with the default kernel: 2.6.24-1-686 I have this set: net.ipv4.conf.default.forwarding=1 EXT_IFACE="eth0" LAN_IFACE="eth1" EXT_IP="192.168.1.2" LAN_IP="192.168.2.1" UNIVERSE="0.0.0.0/0" LAN_ADDRESSES="192.168.2.0/24" LAN_NETWORK="192.168.2.0" # Allow established and related connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Forward from and to the LAN iptables -A FORWARD -i $LAN_IFACE -o $EXT_IFACE -p tcp \ -s $LAN_ADDRESSES --sport $UNPRIVPORTS --dport 22 \ -m state --state NEW -j ACCEPT This is the routing table: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 That should be enough, I think, to forward from private lan to EXT. Do I need MASQ or what else? Thanks. |
Quote:
|
My confusion is if I really need to nat the traffic between the two lans. Would a simple FORWARDing work? I don't have any servers running that need to be accessed from the internet. Simple as:
internet ----------- router ------------ lan Thanks. |
Ok.
I finally got my script working by adding this: iptables -t nat -A POSTROUTING -o $EXT_IFACE -j MASQUERADE That was all I needed. Thank you. |
| All times are GMT -5. The time now is 03:06 AM. |