Re: iptables: just a simple routing rule
On Sat, Dec 27, 2003 at 02:31:31PM +0100, Pierre-Vincent Ledoux wrote:
> I just want that this debian box route everything form 10... to the
> wireless router 192.168.0.254 and everything that come form 192.
> route to 10.
> internet
> |
> router(192.168.0.254)
> /(wireless)
> deb box(192.168.0.253/10.0.0.254)
> |
> subnetwork(10.0.0.*)
(Here, 10... isn't really a subnetwork of 192..., it is just a
connected network.)
Machines on 10.../24 have deb box as their gateway, and deb box
has router as its gateway.
deb box will need something like these: (but someone correct me!)
# enable ip_forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
IPTABLES=/usr/sbin/iptables
GREENIF=eth0
GREEN=10.0.0.0/24
ORANGEIF=eth1
ORANGE=192.168.0.0/24
# Then you can allow all forwarding (just forward anything)
# allow all forwarding
$IPTABLES -A FORWARD -j ALLOW
# or more specific forwarding
# allow all forwarding from GREEN to ORANGE and ORANGE to GREEN
# $IPTABLES -A FORWARD -i $GREENIF -o $ORANGEIF -d $ORANGE -j ACCEPT
# $IPTABLES -A FORWARD -i $ORANGEIF -o $GREENIF -d $GREEN -j ACCEPT
You can be even more specific by setting --protocol, --sport,
--dport specific rules etc, or matching on state
e.g. only allow established and related tcp packets from orange to
green but allow any (e.g. new) packets from green to orange etc.
HTH
Patrick Lesslie
Reply to: