Re: virtual router running Debian - add gateway to LAN

To: motty cruz <motty.cruz@gmail.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: virtual router running Debian - add gateway to LAN
From: Vicios <fernando.vicios@gmail.com>
Date: Fri, 21 Feb 2014 00:58:05 +0100
Message-id: <[🔎] 5306968D.6080107@gmail.com>
In-reply-to: <[🔎] CALoOYy71P2cDwYPLXEVMkuWM6qLWZRtth4xWjhZyiTvMku-aPw@mail.gmail.com>
References: <[🔎] CALoOYy5-MKr5QMAaQbEvQ8_1oTs0giA=dDtkpJicUjMBOSRx7A@mail.gmail.com> <[🔎] 530673A4.9000204@gmail.com> <CALoOYy5N2N4SeOoEroumDi2_EJsUOSn3QAxtLe5s9704GZ+SOA@mail.gmail.com> <[🔎] 53067CC7.5040707@gmail.com> <[🔎] CALoOYy71P2cDwYPLXEVMkuWM6qLWZRtth4xWjhZyiTvMku-aPw@mail.gmail.com>

El 21/02/14 00:23, motty cruz escribió:

Hi, I apologize, but I don't understand this very well.

If i'm on a Machine with IP 10.5.0.32 and want to sent a packet to
10.6.0.20, I don't want the packet to go out to the public but to
10.5.0.6 because that is my gateway to 10.6.0.0/24 <http://10.6.0.0/24>.

I am not filtering traffic or do any port forwarding. I want to add a
route to 10.6.0.0/24 <http://10.6.0.0/24> on 10.5.0.1 gateway.

my understand was to do something like this:

cat /etc/network/interfaces

  iface eth0 inet static
              address 10.5.0.1
              netmask 255.255.255.0
              gateway public IP
              up route add -net 10.6.0.0 netmask 255.0.0.0 gw 10.5.0.6 dev eth0


this does not work because then all traffic gets routed to that interface, 10.5.0.6 including public traffic.


Thanks,






On Thu, Feb 20, 2014 at 2:08 PM, Vicios <fernando.vicios@gmail.com
<mailto:fernando.vicios@gmail.com>> wrote:

    El 20/02/14 22:47, motty cruz escribió:

        Thank you for your reply,

        default gateway for 10.75.0.0/24 <http://10.75.0.0/24>
        <http://10.75.0.0/24> is 10.75.0.1


        if I ran the following command on gateway machine (10.5.0.1)

        ip route add 10.6.0.0/24 <http://10.6.0.0/24>
        <http://10.6.0.0/24> via 10.5.0.6 dev eth0

        any traffic bound for 10.6.0.0/24 <http://10.6.0.0/24>
        <http://10.6.0.0/24> gets re-directed

        to 10.5.0.6, but only that machine. I have not configure iptables or
        port forwarding. can you point a direction on how to accomplish
        that step?

        Thanks,


        On Thu, Feb 20, 2014 at 1:29 PM, Vicios
        <fernando.vicios@gmail.com <mailto:fernando.vicios@gmail.com>
        <mailto:fernando.vicios@gmail.__com
        <mailto:fernando.vicios@gmail.com>>> wrote:

             El 20/02/14 22:03, motty cruz escribió:

                 Hi All,

                 I'm new to this list, I want to thank you all for
        support in
                 advance.

                 I have a router running Debian with one interface
        facing public
                 and 2nd
                 interface to a LAN 10.5.0.0/24 <http://10.5.0.0/24>
        <http://10.5.0.0/24>
                 <http://10.5.0.0/24>.

                 I have a 2nd router one interface on 10.5.0.0/24
        <http://10.5.0.0/24>
                 <http://10.5.0.0/24> <http://10.5.0.0/24>

                 and 2nd interface facing another LAN 10.6.0.0/24
        <http://10.6.0.0/24>
                 <http://10.6.0.0/24> <http://10.6.0.0/24>.
                 So I want 10.5.0.0/24 <http://10.5.0.0/24>
        <http://10.5.0.0/24> <http://10.5.0.0/24>

                 to be able to access
        10.6.0.0/24 <http://10.6.0.0/24> <http://10.6.0.0/24>
        <http://10.6.0.0/24>. I did the

                 following for a temporary
                 work around.

                 ip route add 10.6.0.0/24 <http://10.6.0.0/24>
        <http://10.6.0.0/24>
                 <http://10.6.0.0/24> via 10.5.0.6 dev eth0


                 this works fine but if I log in to another machine in
        10.5.0.0/24 <http://10.5.0.0/24> <http://10.5.0.0/24>
                 <http://10.5.0.0/24> network, I'm unable to access
        10.6.0.0/24 <http://10.6.0.0/24>
                 <http://10.6.0.0/24>
                 <http://10.6.0.0/24>


                 can you please help? I have Linux 3.2.0-4-686 Debian 3.2

                 Thanks in advance!

             Hi!

             What is the default gateway for the network 10.5.X.X? The
        default
             gateway of 10.5.X.X known the route for the 10.6.X.X network?

             Some iptables rules are applied? Port forwarding has
        configured?

             Regards. Fernando.


             --
             To UNSUBSCRIBE, email to
        debian-firewall-REQUEST@lists.____debian.org <http://debian.org>
             <mailto:debian-firewall-__REQUEST@lists.debian.org
        <mailto:debian-firewall-REQUEST@lists.debian.org>>

             with a subject of "unsubscribe". Trouble? Contact
        listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
        <mailto:listmaster@lists.__debian.org
        <mailto:listmaster@lists.debian.org>>
             Archive:
        http://lists.debian.org/____530673A4.9000204@gmail.com
        <http://lists.debian.org/__530673A4.9000204@gmail.com>
             <http://lists.debian.org/__530673A4.9000204@gmail.com
        <[🔎] 530673A4.9000204@gmail.com">http://lists.debian.org/[🔎] 530673A4.9000204@gmail.com>>


    Hi!

    You only need configure port forwarding in the default gateway of
    10.5.X.X because it is the bridge between boths networks. Clients of
    boths without routes of the other, send thats packets to the default
    gateways.

    If all is right, both networks are connected and you can use
    iptables o whatever to filter any traffic or configure NAT between
    networks.

    You can find a lot of information of port forwarding in google[1],
    for example[2]

    Regards. Fernando.

    1 - https://www.google.es/search?__q=port+forwarding
    <https://www.google.es/search?q=port+forwarding>
    2 -
    http://www.ducea.com/2006/08/__01/how-to-enable-ip-__forwarding-in-linux/
    <http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/>



    --
    To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.__debian.org
    <mailto:debian-firewall-REQUEST@lists.debian.org>
    with a subject of "unsubscribe". Trouble? Contact
    listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
    Archive: http://lists.debian.org/__53067CC7.5040707@gmail.com
    <[🔎] 53067CC7.5040707@gmail.com">http://lists.debian.org/[🔎] 53067CC7.5040707@gmail.com>


Sorry, I don't read well your previous message.

You have this stage?

Router1: ISP + 10.5.0.1/24 <-LAN1-> Router2 10.5.0.6/24 + 10.6.0.1/24<-LAN2-> ...


and Router2 is Debian?

If yes, in Router2 you need configure port forwarding and if you wontInternet for 10.6.0.0/24 you need a firewall too like iptables on it.


King regards. Fernando.

Reply to:

References:
- virtual router running Debian - add gateway to LAN
  - From: motty cruz <motty.cruz@gmail.com>
- Re: virtual router running Debian - add gateway to LAN
  - From: Vicios <fernando.vicios@gmail.com>
- Re: virtual router running Debian - add gateway to LAN
  - From: Vicios <fernando.vicios@gmail.com>
- Re: virtual router running Debian - add gateway to LAN
  - From: motty cruz <motty.cruz@gmail.com>

Prev by Date: Re: virtual router running Debian - add gateway to LAN
Next by Date: Re: virtual router running Debian - add gateway to LAN
Previous by thread: Re: virtual router running Debian - add gateway to LAN
Index(es):
- Date
- Thread