From: "Jesse Gordon" <jesseg@nikola.com>
To: Joel F <roadapathy@yahoo.com>, netfilter@lists.netfilter.org
Subject: Re: dumb question...route from local eth1 to eth2 and vice versa
Date: Wed, 30 Nov 2005 19:13:27 -0800 [thread overview]
Message-ID: <08c101c5f625$3318e6e0$5e00800a@printserver> (raw)
In-Reply-To: 20051201024311.18382.qmail@web54602.mail.yahoo.com
----- Original Message -----
From: "Joel F" <roadapathy@yahoo.com>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, November 30, 2005 6:43 PM
Subject: dumb question...route from local eth1 to eth2 and vice versa
> eth0 - my WAN ip.
>
> eth1 - 192.168.0.0 My kids network
> eth2 - 192.168.1.0 My personal network
>
> How can I route packets to and from my network of
> 192.168.1.x (eth2)
> to my kids network 192.168.0.x (eth1) so that we can
> all play
> network games???
You may get away with simply enabling forwarding between eth1 and eth2,
something like this might allow both the *.1.x and the *.0.x networks to
communicate with eachother:
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT #Data going one way is
allowed
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT #And data going other way is
allowed.
Since both networks use the linux box as their gateway, I would guess that
it'd work.
If you wish restrict your kids access to only one computer on your network
(and only allow one computer on your network to reach their network)
you can add in -s source_ip and -d dest_ip to make the forward acceptance
more strict. For example:
iptables -A FORWARD -i eth1 -o eth2 -s 192.168.0.1.24 -j ACCEPT #Data
coming from dad's .24 IP is allowed onto kids network.
iptables -A FORWARD -i eth2 -o eth1 -d 192.168.0.1.24 -j ACCEPT #Data going
to dad's .24 IP is allowed from kids network.
If you wish to restrict to a specific port, can specify -p tcp (or udp) and
the --dport 3306 or --sport 5133.
like this:
iptables -A FORWARD -p tcp -i eth1 -o eth2 --dport 139 -j ACCEPT #Forward
data coming from kids network to dad's network if it's destined for port
139.
Of course if you have other policies or rules which would block this
traffic, you'll have to remedy those as well.
Anyway, I'm in way over my head by now. I've been using iptables for years
(ipchains before that), but like you, once I set it up, I mostly just ignore
it.
If this doesn't help, just wait till another more experianced answers.
-Jesse
>
> I know this is a really dumb quetion but I set up my
> Linux server
> and Netfilter firewall years ago....AND NEVER HAD TO
> REBOOT IT
> SINCE! MU HA HA HA HA. Linux rocks.
>
> Thank you!
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
>
next prev parent reply other threads:[~2005-12-01 3:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-01 2:43 dumb question...route from local eth1 to eth2 and vice versa Joel F
2005-12-01 3:13 ` Jesse Gordon [this message]
2005-12-01 3:22 ` Thomas Kuiper
2005-12-01 3:36 ` Jesse Gordon
2005-12-01 6:44 ` Rob Sterenborg
2005-12-01 6:59 ` Rudi Starcevic
2005-12-01 8:49 ` Rob Sterenborg
2005-12-01 7:05 ` Rudi Starcevic
2005-12-01 7:08 ` Rudi Starcevic
-- strict thread matches above, loose matches on Subject: below --
2005-12-01 10:18 Rudi Starcevic
2005-12-01 21:04 ` Anthony Sadler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='08c101c5f625$3318e6e0$5e00800a@printserver' \
--to=jesseg@nikola.com \
--cc=netfilter@lists.netfilter.org \
--cc=roadapathy@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.