thr3ads.net - LARTC - Routing [Oct 2002]

If this information is useful, please help other people find it:
Share via:

Jose Sebastiao Martins

2002-Oct-30 12:57 UTC

Routing

Hi all,

I''m new to iproute2 and iptables. It''s a very simple topology:



world--a.b.c.d--|router|--x.y.z.10--x.y.z.8--|linux+iptables|
                                                             |
                                                        172.16.0.1
                                                             |
                                                            / \
                                                           / HUB
                                               linux1=172.16.0.200

I can ping  x.y.z.8 from privite net linux1 or $windows but not
the router interface x.y.z.10.
Here are my settings:

ip ro sh
200.179.120.0/23 dev eth1  scope link
172.16.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 200.179.120.10 dev eth1

ip ru sh
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup 253

If I try:
ip route add 172.16.0.0/16 via 200.179.120.10
ip route add 172.16.0.0/16 via 200.179.120.8
I get
File exists

I''m already setting the rules. For now it''s completly open.
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere           LOG level warning

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Please, what I''m missing?

TIA
Jose Sebastiao Martins
tiao@int.efoa.br




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/02

Martin A. Brown

2002-Oct-30 15:57 UTC

head link

Re: Routing

Jose,

You show your filters (iptables -t filter -nL), but you don''t show your
NAT tables.  You should probably be using NAT/masquerading on this 
machine, since it connects an RFC1918 network (172.16.0.0/xx) to the 
Internet.

Check the netfilter list, archives, and HOWTOs--LARTC isn''t the right 
forum for your question.

  http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
  http://iptables-tutorial.frozentux.net/

Nonetheless, you probably want to do something like this:

# iptables -t nat -A POSTROUTING -o $OUTSIDE_INTERFACE -j SNAT
\> --to-source x.y.z.8
Good luck,

-Martin

 : Hi all,
 : 
 : I''m new to iproute2 and iptables. It''s a very simple
topology:
 : 
 : world--a.b.c.d--|router|--x.y.z.10--x.y.z.8--|linux+iptables|
 :                                                              |
 :                                                         172.16.0.1
 :                                                              |
 :                                                             / \
 :                                                            / HUB
 :                                                linux1=172.16.0.200
 : 
 : I can ping  x.y.z.8 from privite net linux1 or $windows but not
 : the router interface x.y.z.10.
 : Here are my settings:
 : 

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Oct 2002 - Routing

Routing

Re: Routing