WAP11 host behind Netfilter Router

All of lore.kernel.org
 help / color / mirror / Atom feed

* WAP11 host behind Netfilter Router
@ 2002-09-18 20:44 Ryan Beisner
  2002-09-18 21:20 ` Antony Stone
  0 siblings, 1 reply; 3+ messages in thread
From: Ryan Beisner @ 2002-09-18 20:44 UTC (permalink / raw)
  To: netfilter

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]

Hi All!

I have a Linksys WAP11 behind a high speed connection.

Currently doing simple NAT with:

    iptables -t nat -A POSTROUTING -o $extdev -j MASQUERADE
        (other rules to accept certain protocols for ssh, webmin, etc)
        and then:
    iptables -A INPUT -i $extdev -m state --state NEW,INVALID -j DROP
    iptables -A FORWARD -i $extdev -m state --state NEW,INVALID -j DROP
        as a simple block to unwanted traffic on an already protected ext. network

Here's the scenario:

    INT (eth0) IP Range ( 192.168.168.1 class C )
    EXT (eth1) IP Range also private ( 10.20.0.3 class B )
    EXT (eth1:1) Virtual IP is 10.20.0.4

I want to map everything from Virt IP (Eth1:1) 10.20.0.4 (all ports) to internal 192.168.168.178 (the Linksys WAP 11).  FYI this is for remote management of my access point.

Where in the world do I start? All help is appreciated in advance.

Here was my first attempt, which did not work.  I explicitly allow all traffic in/out/fwd for 10.20.0.4 to make sure I wasn't kicking myself here.  Still no go.  Suggestions?

    ""iptables -A PREROUTING -t nat -d 10.20.0.4 -j DNAT --to 192.168.168.178""

-Ryan Beisner

ryanb -at-nosp@m- thedataarc () com

[-- Attachment #2: Type: text/html, Size: 2927 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: WAP11 host behind Netfilter Router
  2002-09-18 20:44 WAP11 host behind Netfilter Router Ryan Beisner
@ 2002-09-18 21:20 ` Antony Stone
  0 siblings, 0 replies; 3+ messages in thread
From: Antony Stone @ 2002-09-18 21:20 UTC (permalink / raw)
  To: netfilter

On Wednesday 18 September 2002 9:44 pm, Ryan Beisner wrote:

> Hi All!
>
> I have a Linksys WAP11 behind a high speed connection.
>
> Here's the scenario:
>
>     INT (eth0) IP Range ( 192.168.168.1 class C )
>     EXT (eth1) IP Range also private ( 10.20.0.3 class B )
>     EXT (eth1:1) Virtual IP is 10.20.0.4
>
> I want to map everything from Virt IP (Eth1:1) 10.20.0.4 (all ports) to
> internal 192.168.168.178 (the Linksys WAP 11).  FYI this is for remote
> management of my access point.
>
> Here was my first attempt, which did not work.  I explicitly allow all
> traffic in/out/fwd for 10.20.0.4 to make sure I wasn't kicking myself here.
>  Still no go.  Suggestions?
>
>     ""iptables -A PREROUTING -t nat -d 10.20.0.4 -j DNAT --to
> 192.168.168.178""

The PREROUTING rule looks good.

However, remember that by the time packets reach the FORWARD chain, the 
PREROUTING rule has already NATted them, so you need to allow packets for 
192.168.168.178 through netfilter, not packets for 10.20.0.4.....

Also, you say you want to do this for "remote management of the access 
point", so why do you want to map *all* ports ?   Surely there's only a very 
few ways of managing the AP: telnet, snmp, http - any others ?

Antony.

-- 

If at first you don't succeed, destroy all the evidence that you tried.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* WAP11 host behind Netfilter Router
@ 2002-09-18 20:58 Ryan Beisner
  0 siblings, 0 replies; 3+ messages in thread
From: Ryan Beisner @ 2002-09-18 20:58 UTC (permalink / raw)
  To: netfilter

[-- Attachment #1: Type: text/plain, Size: 1242 bytes --]

Hi All!

I have a Linksys WAP11 behind a high speed connection.

Currently doing simple NAT with:

    iptables -t nat -A POSTROUTING -o $extdev -j MASQUERADE
        (other rules to accept certain protocols for ssh, webmin, etc)
        and then:
    iptables -A INPUT -i $extdev -m state --state NEW,INVALID -j DROP
    iptables -A FORWARD -i $extdev -m state --state NEW,INVALID -j DROP
        as a simple block to unwanted traffic on an already protected ext. network

Here's the scenario:

    INT (eth0) IP Range ( 192.168.168.1 class C )
    EXT (eth1) IP Range also private ( 10.20.0.3 class B )
    EXT (eth1:1) Virtual IP is 10.20.0.4

I want to map everything from Virt IP (Eth1:1) 10.20.0.4 (all ports) to internal 192.168.168.178 (the Linksys WAP 11).  FYI this is for remote management of my access point.

Where in the world do I start? All help is appreciated in advance.

Here was my first attempt, which did not work.  I explicitly allow all traffic in/out/fwd for 10.20.0.4 to make sure I wasn't kicking myself here.  Still no go.  Suggestions?

    ""iptables -A PREROUTING -t nat -d 10.20.0.4 -j DNAT --to 192.168.168.178""

-Ryan Beisner

ryanb -at-nosp@m- thedataarc () com

[-- Attachment #2: Type: text/html, Size: 3021 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2002-09-18 21:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-18 20:44 WAP11 host behind Netfilter Router Ryan Beisner
2002-09-18 21:20 ` Antony Stone
  -- strict thread matches above, loose matches on Subject: below --
2002-09-18 20:58 Ryan Beisner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.