2gateways

gabsik · 06-30-2006, 09:35 AM

In my lan i have a front router netgear (192.168.0.1) and a linuxbox 2 ethernets(192.168.0.2,192.168.1.1) a switch and 3 other pcs(192.168.1.3,192.168.1.4,192.168.1.6).The front router has a switch 4 ports where i sometimes stick a laptop i want able to communicate with the insides servers.
i have this iptables on the gateway linuxbox:

Quote:

$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.0.2

to make network 192.168.1.0 reach 192.168.0.0
and :

Quote:

$IPT -t nat -A PREROUTING -s 192.168.0.0/24 -d 192.168.1.0/24 -j DNAT --to 192.168.1.1

The opposite way

I have default DROPS and also the forward chain accept the communication between the 2 networks.

Any advice to make network 192.168.1.0 reach 192.168.0.0 ?
Thanks !!

paulchin · 07-01-2006, 08:24 PM

Set the default gateway for the hosts in network 192.168.1.0/24 to point to the linux gateway:

route add default gw 192.168.1.1

Then, on the linux gateway allow forwarding policy to accept by default:

#Set policy to forward
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD

# Enable forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

Hope that works!
Paul

gabsik · 07-02-2006, 02:53 PM

Quote:

Originally Posted by paulchin

Set the default gateway for the hosts in network 192.168.1.0/24 to point to the linux gateway:

route add default gw 192.168.1.1

Offcourse i have set this gw on 192.168.1.0
For the iptables i prefer keeping the default DROP.
I 'll try to set a route on the front router ....

gabsik · 07-18-2006, 11:28 PM

Update
The fist iptables' rule stays the same of above

Code:

$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.0.2

The problem is to make network 192.168.0.0 reach 192.168.1.0
I'm trying with this code but ...

Code:

$IPT -t nat -A PREROUTING -s 192.168.0.0/24 -d 192.168.1.0/24 -j DNAT --to 192.168.0.2

this is the routing table in the inside network 192.168.1.0

Code:

root@mail:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

this the routing table on the linux gateway 2 eths

Code:

root@argo:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

Network 192.168.1.0 pings 192.168.1.0 not the opposite.

Code:

root@mail:~# ping mac
PING makintoxik (192.168.0.3) 56(84) bytes of data.
64 bytes from makintoxik (192.168.0.3): icmp_seq=1 ttl=63 time=0.677 ms
64 bytes from makintoxik (192.168.0.3): icmp_seq=2 ttl=63 time=0.496 ms
64 bytes from makintoxik (192.168.0.3): icmp_seq=3 ttl=63 time=0.487 ms

--- makintoxik ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.487/0.553/0.677/0.089 ms

Matir · 07-18-2006, 11:31 PM

You'll need to add at least specific forward routes, or how else will packets be forwarded between the two networks?

gabsik · 07-19-2006, 07:29 PM

I have default drop on all chains and offcourse , what you see accepted in the prerouting DNAT or postrouting SNAT is accepted in the forward chain ... what it does look strange to me is that network 192.168.1.0 SNATs his ip to 192.168.0.2 and manages to communicate with 192.168.0.0 but not the opposite way ,192.168.0.0 to 192.168.1.0 , which i make dnat is ip again to 192.168.0.2 ... i have looked and re-looked the iptables script and found nothing stopping 192.168.0.0 to communicate with 192.168.1.0 ... i hope it's clear !!!