Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-22-2004, 12:19 PM   #1
LQ Newbie
Registered: Feb 2004
Posts: 16

Rep: Reputation: 0
Building a Linux Router With Fedora

Hi i am having some problems with iptables i think they are loading my shell scripts as when i do iptables -L it comes up with some text that bares a resemblance to my script but what i am trying to do is have 3 computer networks

eth0 being the INTERNET address assigned by a dhcp server built into a ADSL Router that gives my network card an address of subnet

eth1 being an internal nic with the address of subnet

eth2 being internal network two with the address of subnet

eth 3 being internal network three with the address of subnet

i want network one eth one to have access to the other two networks on eth2 and 3 and the INTERNET

i want network two to be able to have access to network three but not one and still be able to go on the INTERNET

and i want network three to be stand alone just with INTERNET access

i managed to get Windows xp to share the INTERNET for me and i turned off its file sharing and clients for Microsoft networking which just gave me the INTERNET on to the second network but i am still a new to linux and unfortunately and very new to iptables and masquerading nating and other names for it i would be gratefully for any help possible
Old 02-29-2004, 09:43 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
To get all internal networks internet access you'll have to do masquerading on all packets going out the external interface:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

to allow the various networks to connect to each other, you'll have to allow forwarding of packets from one internal NIC to the other. So to allow network 1 to "talk" to network 2:

iptables -A FORWARD -i eth1 -o eth2 -d -j ACCEPT

Repeat for each network you want to allow communication (don't forget to allow the target networks to communicate back). You can also explicit deny networks from communicating. For example if you don't want network 2 to communicate with network 1:

iptables -A FORWARD -i eth2 -o eth1 -j REJECT

Also remember that you will probably have to modify your routing table, so that the Linux box will know where to route packets. If you need some more specific info, check out the NAT howto at and the iptables and route man pages.
Old 03-02-2004, 01:50 PM   #3
LQ Newbie
Registered: Feb 2004
Posts: 16

Original Poster
Rep: Reputation: 0

Thanks Capt_Caveman for your help i will give it a go and let you know how i get on thanks again it is much appreciated nobody yet has made it sound so simple

Old 03-02-2004, 01:58 PM   #4
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Trust me, it's not that simple and will take some work to get tweaked properly. Talking from experience, I would try to get one segment of the LAN working at a time, instead of trying to get it working all at once. Start with just getting the internal hosts out to the internet, then work on allowing cross-communication going between the segements. All I gave you was a rough guide on the basic rules to do that.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Building a Debian router silver05 Linux - Networking 7 12-22-2005 12:56 AM
Building a router... THE RADICAL Linux - Networking 10 11-21-2005 07:33 PM
Problem with building a linux router with guidedog Jan567 Linux - Networking 0 08-27-2005 02:55 PM
Building a router, need to buy a little router case. gian2oo1 Linux - Hardware 4 04-22-2005 02:18 PM
Building a linux router ra5467 Linux - Networking 1 09-17-2003 05:22 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:07 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration