Re: Debian router with iptables problem
Try this:
- at the prompt run as root:
route -n
you will see the routes that this machine knows.
you must add a route only when the route isn't at the route table.
Marcos.
On Fri, 2004-09-17 at 13:25, ISPM wrote:
> Thanks for the fast answer!
>
> The ip_forward is set (if I can trust the message when run
> /etc/init.d/networking :-)).
> I have just to network cards, because the https server will be in the
> internal net (I thought to do some routing to directy divert traffic
> from the alpha router to the https server.)
> Should I translate all the address from the internal network (say
> 192.28.10.0/127) to the the unic externa ip of the building gateway
> (say my network card in the alpha router with a ip 10.107.10.36) and
> then route with /sbin/route add this ip (10.107.10.36) to the main
> gateway?
>
> Thanks again!!!
>
>
> On Fri, 17 Sep 2004 10:14:23 -0400, Marcos Carneiro da Rocha
> <mcrocha@terra.com.br> wrote:
> > Hi Ivan,
> >
> > i think you have 3 network cards at the alpha router, doesn't it ???
> >
> > try this:
> >
> > 1- point lab computer to alpha router (default router)
> > 2- point https server to alpha router (default router)
> > 3- point alpha router to a router (default router)
> > 4- enable ip_forward:
> > - you can do this by changing ip_forward=yes at the options file int
> > the /etc/network directory
> > - or you can add the following line at the /etc/sysctl.conf file:
> > net.ipv4.ip_forward = 1
> >
> > now you can begin with iptables and nat.
> >
> > try to use:
> >
> > iptables -A FORWARD -s <source address> -d <destination address> -p
> > <protocol> -j ACCEPT
> >
> > to enable traffic to pass-thru the firewall router.
> >
> > iptables -A POSTROUTING -t nat -s <source address> -d <destination
> > address> -p <protocol> -j SNAT --to <source nat address translation>
> >
> > to change de source address using snat.
> >
> > anything else, just write.
> >
> > Marcos.
> >
> >
> >
> > On Fri, 2004-09-17 at 10:47, ISPM wrote:
> > > Hello all. I've been struggling to put together an alpha 164sx like a
> > > router to my lab using debian hardened. I have a internal network that
> > > have to acess the external world, and should be routed to the exterior
> > > by the alpha. The alpha should route then to the gateway of my
> > > building, a machine that i don't have acess. The debian have to
> > > network cards, one in the internal net and the other in the external
> > > (gateway) network. This is something like that:
> > >
> > >
> > > |-----(lab computers)
> > > (net)--(gateway)-------(alpha router)--|
> > > |-----(https server)
> > >
> > > The alpha should work like a firewall and a router. I've been trying
> > > to assemble by myself using iptables. The alpha cannot have X, so
> > > programs like firebuilder or firestarter can't be used.
> > > The debian is a sarge instalation with the 2.4.26-1-generic kernel
> > > from the netistaller, with most packages downgraded to stable and
> > > hardened using harden. There is plenty scripts in the internet, but
> > > none elucidated two things: how to use nat to route internal traffic
> > > to external world and vice versa, so the internal network can use the
> > > net and some services (ssh), and how to make the route to the gateway
> > > works (this is the hardest part for me). Just some help would be
> > > appreciated! I don't want to bother you all to give me the scripts.
> > >
> > > Very very thanks!
> > > -----------------------------------------------------------
> > > Ivan S. P. Marin
> > > Laboratório de Física Computacional
> > > Computacional Physics Laboratory
> > > lfc.ifsc.usp.br
> > > Instituto de Física de São Carlos - USP
> > > ----------------------------------------------------------
> > >
> > >
> >
> >
>
>
Reply to: