Re: Debian router with iptables problem

To: ISPM <ispmarin@gmail.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Debian router with iptables problem
From: Marcos Carneiro da Rocha <mcrocha@terra.com.br>
Date: Fri, 17 Sep 2004 10:14:23 -0400
Message-id: <[🔎] 1095430463.808.12.camel@localhost>
In-reply-to: <[🔎] 751c63ee040917074727020a65@mail.gmail.com>
References: <[🔎] 751c63ee040917074727020a65@mail.gmail.com>

Hi Ivan,

i think you have 3 network cards at the alpha router, doesn't it ???

try this:

1- point lab computer to alpha router (default router)
2- point https server to alpha router (default router)
3- point alpha router to a router (default router)
4- enable ip_forward:
   - you can do this by changing ip_forward=yes at the options file int
the /etc/network directory
   - or you can add the following line at the /etc/sysctl.conf file:
     net.ipv4.ip_forward = 1

now you can begin with iptables and nat.

try to use:

iptables -A FORWARD -s <source address> -d <destination address> -p
<protocol> -j ACCEPT

to enable traffic to pass-thru the firewall router.

iptables -A POSTROUTING -t nat -s <source address> -d <destination
address> -p <protocol> -j SNAT --to <source nat address translation>

to change de source address using snat.


anything else, just write.

Marcos.

On Fri, 2004-09-17 at 10:47, ISPM wrote:
> Hello all. I've been struggling to put together an alpha 164sx like a
> router to my lab using debian hardened. I have a internal network that
> have to acess the external world, and should be routed to the exterior
> by the alpha. The alpha should route then to the gateway of my
> building, a machine that i don't have acess. The debian have to
> network cards, one in the internal net and the other in the external
> (gateway) network. This is something like that:
> 
> 
>                                                    |-----(lab computers)
> (net)--(gateway)-------(alpha router)--|
>                                                    |-----(https server)
>  
> The alpha should work like a firewall and a router. I've been trying
> to assemble by myself using iptables. The alpha cannot have X, so
> programs like firebuilder or firestarter can't be used.
> The debian is a sarge instalation with the 2.4.26-1-generic kernel
> from the netistaller, with most packages downgraded to stable and
> hardened using harden. There is plenty scripts in the internet, but
> none elucidated two things: how to use nat to route internal traffic
> to external world and vice versa, so the internal network can use the
> net and some services (ssh), and how to make the route to the gateway
> works (this is the hardest part for me). Just some help would be
> appreciated! I don't want to bother you all to give me the scripts.
> 
> Very very thanks!
> -----------------------------------------------------------
> Ivan S. P. Marin
> Laboratório de Física Computacional
> Computacional Physics Laboratory
> lfc.ifsc.usp.br
> Instituto de Física de São Carlos - USP
> ----------------------------------------------------------
> 
>

Reply to:

Follow-Ups:
- Re: Debian router with iptables problem
  - From: ISPM <ispmarin@gmail.com>

References:
- Debian router with iptables problem
  - From: ISPM <ispmarin@gmail.com>

Prev by Date: Debian router with iptables problem
Next by Date: Re: Debian router with iptables problem
Previous by thread: Debian router with iptables problem
Next by thread: Re: Debian router with iptables problem
Index(es):
- Date
- Thread