Hi All,

long time lurker, recent poster.

I'm currently trying to setup a network in the following configuration

a:
192.168.0.19 : 255.255.255.0
default gateway: 192.168.0.15
Box a has a web browser

b:
eth0 : 192.168.0.15 : 255.255.255.0
eth1 : 10.5.0.2 : 255.255.255.0
Box b has some net filter code i wrote and some iptable additions

c:
10.5.0.3 : 255.255.255.0
default gateway: 10.5.0.2
Box C has a web server

On box b there are 2 network cards.

On box b i am trying to intercept http traffic from box a going to box c.

On box a i have tried to ping box c but get no destination and vice versa.

when i enable IP Forwarding (sudo sysctl net.ipv4.ip_forward=1), the ping now work, but my filter on box b doesn't seem to work (it seems like anything i do with iptables is ignored). I would expect anything going from box a to box c to be logged in my interceptor, but alas its not ..

On box b i can startup a web browser and my filter works fine ...


I can only assume that the ip forwarding is bypassing the network filter and automatically forwarding on packets.

how would i get box a to see box c, without using ip forwarding, do i need to setup routes?

I've been looking but haven't found much good examples to get routing working well ...

as some additional info i am using:

iptables -A OUTPUT -p tcp -j NFQUEUE -d 10.5.0.3 --dport 80 --queue-num 0

which is effectively filtering all traffic to 10.5.0.3 on port 80 into my program where i can see it.

as i said, this all works fine if i browse on box b, but on box a its ignored with ip forwarding enabled ...

i resolved the issue,

for those facing similar problems:

i changed to this:
iptables -A FORWARD -p tcp -j NFQUEUE -d 10.5.0.3 --dport 80 --queue-num 0

basically i chnaged OUTPUT to FORWARD as the gateway forwards the packets to box c rather than outputs when using box b as a gateway

1 members found this post helpful.