Iptables command for allowing traffic across two subnets

tazschic · 08-28-2009, 04:21 PM

Understanding that for any competent linux user this is likely an easy question.

Need to add a firewall rule to allow all traffic between two subnets:

Src=192.168.4.0/24, Dst=192.168.1.0/24 srcport=ANY, dstport=ANY ALLOW
Src=192.168.1.0/24, Dst=192.168.4.0/24 srcport=ANY, dstport=ANY ALLOW

I am wondering if someone would be so kind to provide the exact command line syntax to make this above happen.

Thanks in advance.

Tazschic

NOTE: 192.168.1.1 is on eth0 and 192.168.4.1 is on eth2

fotoguy · 08-29-2009, 02:52 AM

First of all, can you give us more information on what you are trying to do, a quick scenario will help us understand what you are trying to achieve.

What distro are you using? Are there any rules or scripts that you are currently using? without knowing this, you can run into all sorts of problems trying to trouble shoot, the more information you can give, the better we can help.

To help with you question, When you have 2 network cards you need to turn port-forwarding on in the kernel, most distro will have this turned off be default, try:

Quote:

echo "1" > /proc/sys/net/ipv4/ip_forward

Then you need to add some forwarding rules

Quote:

iptables -A FORWARD -i eth0 -o eth2 -s 192.168.1.0/24 -d 192.168.4.0/24 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -s 192.168.4.0/24 -d 192.168.1.0/24 -j ACCEPT

chrism01 · 08-30-2009, 08:54 PM

You'll need to make that a permanent setting or it'll disappear at next boot.
Edit /etc/sysctl.conf

net.ip4.ip_forward = 1