Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Fedora machine set up with a wireless card that accesses wireless router. This ip address is 192.168.0.1 range. This machine also has a NIC with ip address range 172.16.0.0. This NIC is connected to a switch in which other Windows machines are connected with the 172.16.0.0 range. With ip masquerade/NAT set up these machines have no problem accessing the internet as well as machines on the 192.168.0.0 side. But I can't access the 172.16.0.0 machines from the 192.168.0.0 side.
So after reading some stuff about iptables and rules, with my limited knowledge of networking, I would like some help on how to allow only say 192.168.0.3 to access 172.16.0.6. Hopefully I am making some sense here.
On all your 192.168.0.0/24 machines (except wireless router and the fedora machine) make a route for the 172.16.0.0 network pointing to the fedora machine. Enable forwarding on the fedora machine. See if it works with flushed (clean slate) iptables. If so, see if it works with the current iptables. If not, post back with your iptables script, and we'll see what the problem is.
I should have mentioned that the 192.168.0.0 side has a route. I can ping 172.16.0.1 which is the internal NIC on the Fedora box. But I can't ping past it. So I figure the Fedora box is dropping those pings/packets that are outgoing from the 172.16.0.1 NIC. Anyway here's part of the script. Thanks for the help.
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
this should allow the boxes on 192.168.0.0/24 to connect to the boxes on 172.16.0.0/24, by having them connect to a respective 192.168.100.0/24 address, which would be an aliased IP on $EXTIF... the destination address of 192.168.100.0/24 on the packets coming from the 192.168.0.0/24 network would get *translated* (DNAT = destination network address translation) into destinations in the 172.16.0.0/24 network...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.