Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have done some research and not finding much, at least not that I can understand. I am wanting to use IPTables to act as a firewall that has 1 lan connecting to 2 cable modems. I do not care about bridging them, although I guess that may be a +, but I assumed it would be easier to just worry about having the nix box use one or the other.
I want the linux box to route traffic from X IPs out one modem, while routing traffic from Y IPs out the other modem. Anyone have any suggestions? As of right now both cable modems use DHCP, and plug directly into the computer. So the nix box running iptables has 1 static ip for LAN on eth1, and eth0 & eth2 are dhcp wan IPs.
Thanks for your help & suggestions, I thought this was going to be easy, but after doing some playing around I am not having much luck getting it to work.
Also would this be easier if one of the modesm was static? and other DHCP? That may be the case soon when I get some static's assigned to one of the modems.
please post your iptables script, and i will tell you what i think will do it. send it to tyler0123@yahoo.com if want to keep somewhat secret. for one, does your iptables script dynamically grab your dhcp address for your external nics? and they are called like eth0 and eth1 in the script? then you need to check source of packets. if coming from computer 1, then send to nic handling it, etc. i have idea, and will help if i can.
I will send ya the script as soon as I can, but the way I have it setup is no it doesn't auto grab the dhcp IP. The IP rarely changes so I just hard code the WAN Ip as a variable of $wan_ip, I also do the same for other variables, setting up $wan_interface for eth0 and $lan_interface is setup for eth1. I also always use the $lan_network variable to list the IPs that my internal network uses. So before it send data out to the wan it must come in via $lan_interface from $lan_network in order to go out.
I am at work already, so I can send it currently but I think this kind of answers your questions....
I also tried simply moving things to go out modem 2 but using the same script Ideas and it didn't work. I was thinking it had something to do with the gateway configuration on the nix box getting confused or something.
I think the main problem I had when I modified my iptables script is that it still wanted to use the default gateway of eth0. I need to figure out how to have it setup, so there are 2 gateways on the box, and it defaults to eth0, while allowing specified data to go out eth2's gateway when it meets certain criteria, like certain ip address.
I wanted to thank you guys for all your help. I ended up getting it to work the way I wanted to tonight.
I have it setup so eth0 = DHCP WAN
eth1 = LAN
eth2 = static ip WAN
I then used iptables to direct traffic from x ip out eth2 by default (also the static ip has the static gateway set)
And I used iptables to then direct traffic from y ip out eth0 using eth0's ip for NAT.
Last thing I had to do was modify routing table and I used.
echo 200 parent-xp >> /etc/iproute2/rt_tables (only run once)
ip rule add from 192.168.28.200 table parent-xp
ip route add default via WANIP dev eth0 table parent-xp
And that was pretty much it, thought I would inform you of what my fix was, in case anyone else has an odd need like this. I really don't feel like bridging the 2 connections just because I want to always know I am using the slightly faster connection for my servers, and the slower one for my desktops.
I've been trying many different options to get the "ip route" and "ip rule" commands to integrate with my existing iptables firewall script. I have a local LAN interface and two inbound interfaces with static IP's. I need to NAT inbound traffic from both providers to the local LAN and back out the proper interface. The problem that I've been having since day one was that traffic comes into the new interface and NAT's properly to the local LAN, but then goes out the wrong interface.
Anyone who could post a properly configured example firewall script that allows inbound NAT using three interfaces would be greatly appreciated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
GOOD TO GO !!!!
