From: "Matthew Simpson" <matthew@txlink.net>
To: netfilter@lists.netfilter.org
Subject: using iptables to route between public networks
Date: Mon, 22 Dec 2003 22:30:48 -0600 [thread overview]
Message-ID: <00ca01c3c90d$8aafa2f0$6600a8c0@KARI> (raw)
I'm having trouble adjusting to using iptables instead of Cisco IOS.
I have a "router" linux box with a very simple ruleset, I'm accepting INPUT,
OUTPUT, and FORWARD chains.
I have two ethernet cards in this box. One card has a public IP going to my
internet provider [255.255.255.252 subnet]. The other card also has a
public IP that is routed to me by my Internet provider [255.255.255.240
subnet].
Right now with my simple ruleset, packets forward properly. If I ping a box
that is connected behind the "router", it works. If I change the FORWARD
accept policy to deny the packets, then it quits working.
My first question, however... if I do a traceroute to a box connected behind
the router, the "router" interface IP address does not show up in the
traceroute. It skips directly from my internet provider's gateway address
to the final destination address. Why? How can I make my router IP show up
in the traceroute?
Second question, it's not a good idea to blindly forward all packets is it?
I tried to set up an append rule to the FORWARD chain to drop all packets
that did not have a destination of $myiprange/28, but iptables seems to
ignore the rule [it doesn't work and it doesn't show up in an iptables -L]
Unless forwarding all packets is okay, what should I do to fix this?
Thanks,
Matthew
next reply other threads:[~2003-12-23 4:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-23 4:30 Matthew Simpson [this message]
2003-12-23 10:53 ` using iptables to route between public networks Chris Brenton
-- strict thread matches above, loose matches on Subject: below --
2003-12-23 9:09 Antony Stone
2003-12-23 15:32 Matthew Simpson
2003-12-23 15:42 ` Antony Stone
2003-12-23 17:16 ` Chris Brenton
2003-12-23 17:24 Matthew Simpson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00ca01c3c90d$8aafa2f0$6600a8c0@KARI' \
--to=matthew@txlink.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.