Re: Debian router with iptables problem
Thanks for the fast answer!
The ip_forward is set (if I can trust the message when run
/etc/init.d/networking :-)).
I have just to network cards, because the https server will be in the
internal net (I thought to do some routing to directy divert traffic
from the alpha router to the https server.)
Should I translate all the address from the internal network (say
192.28.10.0/127) to the the unic externa ip of the building gateway
(say my network card in the alpha router with a ip 10.107.10.36) and
then route with /sbin/route add this ip (10.107.10.36) to the main
gateway?
Thanks again!!!
On Fri, 17 Sep 2004 10:14:23 -0400, Marcos Carneiro da Rocha
<mcrocha@terra.com.br> wrote:
> Hi Ivan,
>
> i think you have 3 network cards at the alpha router, doesn't it ???
>
> try this:
>
> 1- point lab computer to alpha router (default router)
> 2- point https server to alpha router (default router)
> 3- point alpha router to a router (default router)
> 4- enable ip_forward:
> - you can do this by changing ip_forward=yes at the options file int
> the /etc/network directory
> - or you can add the following line at the /etc/sysctl.conf file:
> net.ipv4.ip_forward = 1
>
> now you can begin with iptables and nat.
>
> try to use:
>
> iptables -A FORWARD -s <source address> -d <destination address> -p
> <protocol> -j ACCEPT
>
> to enable traffic to pass-thru the firewall router.
>
> iptables -A POSTROUTING -t nat -s <source address> -d <destination
> address> -p <protocol> -j SNAT --to <source nat address translation>
>
> to change de source address using snat.
>
> anything else, just write.
>
> Marcos.
>
>
>
> On Fri, 2004-09-17 at 10:47, ISPM wrote:
> > Hello all. I've been struggling to put together an alpha 164sx like a
> > router to my lab using debian hardened. I have a internal network that
> > have to acess the external world, and should be routed to the exterior
> > by the alpha. The alpha should route then to the gateway of my
> > building, a machine that i don't have acess. The debian have to
> > network cards, one in the internal net and the other in the external
> > (gateway) network. This is something like that:
> >
> >
> > |-----(lab computers)
> > (net)--(gateway)-------(alpha router)--|
> > |-----(https server)
> >
> > The alpha should work like a firewall and a router. I've been trying
> > to assemble by myself using iptables. The alpha cannot have X, so
> > programs like firebuilder or firestarter can't be used.
> > The debian is a sarge instalation with the 2.4.26-1-generic kernel
> > from the netistaller, with most packages downgraded to stable and
> > hardened using harden. There is plenty scripts in the internet, but
> > none elucidated two things: how to use nat to route internal traffic
> > to external world and vice versa, so the internal network can use the
> > net and some services (ssh), and how to make the route to the gateway
> > works (this is the hardest part for me). Just some help would be
> > appreciated! I don't want to bother you all to give me the scripts.
> >
> > Very very thanks!
> > -----------------------------------------------------------
> > Ivan S. P. Marin
> > Laboratório de Física Computacional
> > Computacional Physics Laboratory
> > lfc.ifsc.usp.br
> > Instituto de Física de São Carlos - USP
> > ----------------------------------------------------------
> >
> >
>
>
--
-----------------------------------------------------------
Ivan S. P. Marin
Laboratório de Física Computacional
lfc.ifsc.usp.br
Instituto de Física de São Carlos - USP
----------------------------------------------------------
Reply to: