Resending packets (routing)

Barca · 11-08-2004, 11:14 AM

First I would say "hello" to everybody, it's my first post here

but I've read this forum many times already.
My Slack 10.0 is in LAN and have IP 192.168.0.100. I receive packets from 192.168.0.109 and I have to resend them to gateway (192.168.0.1). But, it's impossible to use "echo > 1 /proc/sys/net/ipv4/ip_forward" because packets from 192.168.0.109 as a destination IP haven't 192.168.0.1, but for example IP of google or any other place in the Internet.
So, I thought that iptables will be helpful. I tried many tricks with PREROUTING, REDIRECT etc. but no ones worked. Because I can't forward those packets to gateway, 192.168.0.109 hasn't access to the Internet.
Please, can you give me a iptables' rule or say why this for example doesn't work?

iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.0.109 -d 0/0 -j REDIRECT --to 192.168.0.1
iptables -t nat -A PREROUTING -i eth0 -p udp -s 192.168.0.109 -d 0/0 -j REDIRECT --to 192.168.0.1

I'm outta my mind already. Maybe you now some different solution, sth like fragrouter or what?

yours sincerely,
Barca

david_ross · 11-08-2004, 12:29 PM

Welcome to LQ.

You would find it easier if both ethernet cards were on different subnets, this makes the routing much easier to manage.

Barca · 11-08-2004, 12:54 PM

But the problem is, I have only one ethernet card (but I can change that if necessary) and I can't change subnet.

Thymox · 11-08-2004, 06:20 PM

You may not need to use two separate NICs. You can use multiple sub-interfaces. Certainly this is common practice on Cisco routers that connect to VLANs, but I believe the prinicple would work in this situation as well.

Code:

# ifconfig eth0:1 192.168.1.27 up

Not sure what the limit of sub-interfaces under Linux is.

Demonbane · 11-08-2004, 10:13 PM

IIRC -j REDIRECT can only redirect to the local machine, I'm not exactly sure what you're trying to achieve, but if changing the destination address is what you want then:

Code:

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.9/24 -j DNAT --to-destination 192.168.0.1

Barca · 11-10-2004, 03:45 AM

@Demonbane
root@mekka:/_maxtor/temp/icmp# ./iptables
Start
iptables: Invalid argument
Stop
?

@Thymox
Thanks for idea, I will be trying with that.

Do you think guys that command as "route" or "ip" will help me?

cbe · 11-12-2004, 09:03 PM

The iptables command is not executed like this: ./iptables

If the command isnt in your path, run the command "whereis iptables" to see if this is installed on your system or run "which iptables" to see if its in your path (you may have to be root or fix your path).

On my machine it looks like this:

Code:

mybox> which iptables
/sbin/iptables

mybox> whereis iptables
iptables: /sbin/iptables /lib/iptables


once you know the path (/sbin/iptables) to your iptables command you can execute it like this:


mybox> /sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.9/24 -j DNAT --to-destination 192.168.0.1

Hope this helps.

Barca · 11-13-2004, 03:24 PM

Hehe, it's my fault. I have script which names "iptables" - and that's the reason I wrote "./iptables". Problem isn't in running iptables, but in finding right rule for the job.