Gateway problems
Hi, I've been trying to configure a computer as a gateway for my home network for a few days now, and I finally got most of it to work, except for one thing.
My setup is like this: The gateway box that I'm currently configuring is connected to my DSL modem with eth0 and its two other NICs (eth1 & eth2) are connected to two workstations which have both been configured to use my gateway for their internet access. It all works great when any one of the workstations are connected to eth1. The gateway can reach the workstation and vice versa, and the workstations can reach the internet. However, All About ADHD as soon as I try to connect a workstation to eth2 I get "Destination Host Unreachable" when trying to ping the workstation from the gateway box. From the messages I'm getting, it seems that the gateway box tries to reach both workstations (192.168.0.5 and 192.168.0.10) from eth1 which is set to IP 192.168.0.1. What I want to do is that when any contact to 192.168.0.5 is being made, the gateway should use eth1, and eth2 for 192.168.0.10. I hope this isn't confusing anyone. :) Could this problem be solved by adding a few iptables rules? I'm not sure how to tell the computer to connect through both NICs when trying to connect to a workstation in my local network. Any help would be really appreciated. I'm pulling my hair here. ;) |
i suggest you set eth1 subnet to 192.168.0.x and eth2 to 192.168.1.x
if you have 2 nics on the same subnet, i don't know how it would route traffic back to the client machine having 2 paths to go down. |
Hi,
I have never done it the way you are, and would do as mike suggests, having eth1 set to 192.168.1.1 and eth2 to 192.168.2.1 or similar. But i think it might be possible to set up a route on the gateway machine, something like: route add -net 192.168.1.1 netmask 255.255.255.0 dev eth1 route add -net 192.168.1.2 netmask 255.255.255.0 dev eth2 You shouldnt have to do to much in iptables, just have the NAT masquerading on eth0 as iptables should know what ethernet card the requests come from, and let both eth1 and eth2 make requests. I would do my iptables something like below, just a basic setup: #Remove all default rules iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain #Set default as DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #Forward everything from inside to outside iptables -A FORWARD -i eth1 -j ACCEPT iptables -A FORWARD -i eth2 -j ACCEPT #let smtp and pop through from outside iptables -A FORWARD -i eth0 -p tcp --sport 25 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --sport 110 -j ACCEPT #HTTP iptables -A FORWARD -i eth0 -p tcp --sport 80 -j ACCEPT #Secure connect pages - https: iptables -A FORWARD -i eth0 -p tcp --sport 443 -j ACCEPT #DNS iptables -A FORWARD -i eth0 -p udp --sport 53 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --sport 53 -j ACCEPT #FTP iptables -A FORWARD -i eth0 -p tcp --sport 20 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --sport 21 -j ACCEPT #Masquerade inside requests iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Anyways give that a go and let me know what happens. |
All times are GMT -5. The time now is 06:20 AM. |