Hello,
I have a routing configuration that I''ve been working on
and seems to be working well for me.
I''d like to ask for some peer review.
If your interested and can take a moment to consider this
I could use some advice on if this correct. I''m still very
much learning, sorry if this email is off topic or too long or anything.
I want to route a wireless network through my Linux box
and out a Broadband gateway.
The wireless network is 192.168.3.0/24
The Linux machine has eth0 for the wireless network
and eth1 for the Broadband gateway.
Here is a text diagram:
http://www.informationobject.com/iproute/c_schema.txt
Thus a PC can be added to the wireless work
and set it''s default gateway to 192.168.3.10.
I have two scripts to configure the Linux machine to
forward/route traffic from eth0 to eth1 and out the Broadband gateway.
One script for route config. and one script for firewall/iptables config.
They are listed here and also at:
http://www.informationobject.com/iproute/a_route.txt
http://www.informationobject.com/iproute/b_firewall.txt
Would you say this is the correct way to go about doing this routing
configuration?
Thank you.
echo "Route Setup"
echo "Flushing NICs"
ip addr flush eth0
ip addr flush eth1
ip link set eth0 down
ip link set eth1 down
ip link set eth0 up
ip link set eth1 up
echo "Routing Tables:"
cat /etc/iproute2/rt_tables
### example rt_tables ###
## reserved values
##
#255 local
#254 main
#253 default
#0 unspec
##
## local
##
##1 inr.ruhep
#200 wireless
#201 internet
### example end ###
echo "Setup NIC 0"
ip addr add 192.168.3.10/24 dev eth0 brd +
echo "Setup NIC 1"
ip addr add 192.168.1.1/24 dev eth1 brd +
echo "Setup Default Route [ internet table ]"
ip route add default via 192.168.1.254 proto static table internet
echo "Setup LAN Route [ wireless table ]"
ip route add 192.168.3/24 via 192.168.3.10 proto static table wireless
echo "Setup Internet ip rule"
ip rule add to 0/0 prio 17000 table internet
echo "Setup LAN ip rule"
ip rule add to 192.168.3/24 prio 16000 table wireless
echo "Flushing ip route cache"
ip route flush cache
echo "Firewall Setup"
################################################################################
# Enable forwarding
echo "Enable Kernel Forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward
################################################################################
echo -n "reset "
for chain in INPUT FORWARD OUTPUT ; do
iptables --policy $chain DROP
done
for table in filter nat mangle ; do
iptables --table $table --flush
iptables --table $table --delete-chain
done
modprobe ip_nat_ftp
################################################################################
echo -n "INPUT "
# accept everything from wireless
iptables -A INPUT -i eth0 -s 192.168.3.0/24 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
################################################################################
echo -n "FORWARD "
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
################################################################################
echo -n "OUTPUT "
# allows unrestricted output from this machine
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
################################################################################
echo done.
Kind regards,
Rudi.
