LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-15-2005, 03:15 AM   #1
quazidaniel
LQ Newbie
 
Registered: Jun 2004
Location: Bangladesh
Posts: 2

Rep: Reputation: 0
how to route internal Networks by IP tables?


I have linux server with 2 NIC
eth0 is connected to the Internet
eth1 is to the internal network

I have 3 internal network connected to eth1

eth1 ip is 10.168.2.1/24
eth1:1 ip is 10.168.8.1/24
eth1 ip is 10.168.9.1/24

Can any one help what will be the iptable script considering the below points

All the network should go to Internet but through rc.allow
All the Internet connectivity should go through Proxy(transparent proxy)
For one Internal network request shold not go to the Internet

Internal Network should be routed internally
All network should be accessable to each other

Can any body help with a running iptables?

With thanks
Daniel
 
Old 09-15-2005, 07:02 AM   #2
pddm
Member
 
Registered: Sep 2005
Distribution: Mint 19.2
Posts: 112

Rep: Reputation: 15
1.
eth1 ip is 10.168.2.1/24
eth1:1 ip is 10.168.8.1/24
eth1 ip is 10.168.9.1/24

Does not look like a working configuration to me.
you should have eth0, and eth1. Usually eth1:1 means that you assign a 2nd IP address to eth1.

2.
assuming eth0 is external and eth1 internal
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG

3.
READ!
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
It gets really interesting for you in chapter 3.4
 
Old 09-15-2005, 07:54 AM   #3
dunamin
LQ Newbie
 
Registered: May 2004
Location: Austin, TX
Distribution: SUSE 9.1
Posts: 15

Rep: Reputation: 0
Writing an ip script can be tedious at best. I suggest FireHol for IP forwarding. It has a simpler scripting language that basically compiles down to an iptables script and can run as a daemon. (http://firehol.sourceforge.net) Also, squid may help detect any intruders.

HTH
 
Old 09-22-2005, 02:49 PM   #4
quazidaniel
LQ Newbie
 
Registered: Jun 2004
Location: Bangladesh
Posts: 2

Original Poster
Rep: Reputation: 0
Let me clear about the network structure

Dear All.

I have 2 cards card 1 eth0 is connected to the internet (Like 203.150.128.151)
Card 2 eth1 10.168.2.1 connected to 10.168.2.0 network
eth1:1 and eth1:2 are masquraded on eth1 with ip 10.168.8.1 and 1.168.9.1 respectively.
This was done to connect my 2 different WAN networks 10.168.8.X and 10.168.9.X and to use the server as a router.
My needs are
1)such a router script that can route 10.168.2.X network to 10.168.9.X and 10.168.8.X networks and vice versa.
2)for only Internet request packets should be go to eth0
3)for internal request it should go to respective Internal interfaces
4) Better would be to maintain aTransparent Proxy based on customized ACL

If any one got please let me know. I can send the Network Diagram bt this site does not support to sent such documents. by the way plz help me
With Thanks
Daniel
 
Old 10-12-2005, 10:32 AM   #5
pddm
Member
 
Registered: Sep 2005
Distribution: Mint 19.2
Posts: 112

Rep: Reputation: 15
quazidaniel,

First of all to your configuration:
If you have 3 networks that have to communicate in certain ways with each other, use 3 NICs(Network Interface Card).
This eases the script complexity. And the extra 15$ investment are nothing.

This is because if they are on the same NIC, rules you do card based will apply to both networks.
In other words: If you create a drop rule for eth1 it will apply to eth1:1 too.
So you have to be very systematic writing such rules.


Dunamin is right in one thing; writing routing-scripts can be tedious.
Nevertheless the top security people get their hands dirty doing it.
This requires that you know what you are doing.

If you read the how-to I recommended and it did not tel you anything then better look fr a solution.
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/

Maybe you are looking for a solution like Smoothwall:
which is a open-source Firewall Solution based on different Linux open-source technologies.
It allows the management of up to 4 (using mods) different NICs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IP Route/IP Tables depam Linux - Networking 2 10-12-2005 02:10 PM
route command help connecting two windows networks sra Linux - Networking 1 09-28-2005 03:15 PM
can't route/ping between networks ender03 Linux - Networking 21 02-01-2005 06:14 AM
Setting up Static Route for two Networks ctrylace Linux - Networking 2 07-23-2004 03:18 AM
Two networks - one route out diveguy Linux - Networking 5 08-29-2002 05:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration