Re: NEWBIE: ipchains/route problem
On Thu, Apr 05, 2001 at 12:49:43PM +0100, Nick Porter wrote:
>
> I think this is probably not the correct list to send this to but I can't
> find one specifically for routing and it is sort of a firewall question.
>
> I'm currently trying to learn how to configure a firewall/router and have
> become confused about the way the routing table and the forwarding table
> coexists.
>
> This is what I have;
>
> Internet connection
> |
> |
> -------------
> | router/ |
> | firewall |
> WAN Link---| |-------Private net
> -------------
>
> IC = 192.168.0.1 eth0
> WAN = 192.168.1.1 eth1
> PN = 192.168.2.1 eth2
>
> Now, if I wanted to route all traffic intended for the WAN link from the
> private net do I need to add a route to that link in the routing table...
>
> route add -net 192.168.1.0 dev eth1
You must specify netmask bradcast... etc. look at route(8)
But you are in the right way
>
> ...or do I just add statements to the ipchains forwarding table...
>
> ipchains -A forward -i eth1 -d $WAN -j MASQ
In the -d option you must specify networks/netmask or hosts/32
so if your netmask is 255.255.255.0 you will do:
ipchains -A forward -i eth1 -d $WAN/24 -j MASQ
you also probably want:
ipchains -A forward --bidirectional -s PN/24 -d WAN/24 -j ACCEEPT ( I'm not sure if the syntax is correct, because now I use iptables and don't have the man of ipchains around)
and for security reasons:
ipchains -P forward DENY
>
> ...or do I need both?
>
> What is the relationship between these two tables?
One is the routing table. And in the other you specify chains to tell the kernel what to do with some packets. The are both related. You will probably find interesting the NET howto and IPCHAINS howto.
>
> TIA
> --
> NP
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Pedro Larroy Tovar. PiotR | http://omega.resa.es/personales/piotr/
piotr@omega.resa.es
Reply to: