Two network cards - routing and iptables

All of lore.kernel.org
 help / color / mirror / Atom feed

* Two network cards - routing and iptables
@ 2005-08-26 14:55 Clemens Eisserer
  0 siblings, 0 replies; 4+ messages in thread
From: Clemens Eisserer @ 2005-08-26 14:55 UTC (permalink / raw)
  To: netfilter

Hi there,

I've just discovered the power of iptables and it just works well in
my selfbuilt isdn router. However now I also want to route between two
subnets and it just does not work.

I've two network cards in the pc:
eth0 - 192.168.0.1
eth1 - 192.168.1.2

when I try to ping another computer connected to 192.168.0.0/24
everything works fine, however I cannot ping my access-point in
192.168.1.0/24 (which works from a stand-alone computer withought any
problems).

This are my routes:
LKLET021.highwa *               255.255.255.255 UH    0      0        0 ippp0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
default         LKLET021.highwa          UG    0      0        0 ippp0
m

Furthermore it would be great if I could use this computer as a
gateway for all computers in 192.168.0.0/24 and 192.168.1.0/24 so that
each computer in this net could reach each other. I tried to configure
iptables a bit, but withought any success :-(

It would be great if anybody could help me, I know those are
newbie-questions, sorry.

Thank you in advance, lg Clemens

^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: Two network cards - routing and iptables
@ 2005-08-26 15:24 Harrison, Bruce (CXO)
  2005-08-26 15:31 ` Clemens Eisserer
  0 siblings, 1 reply; 4+ messages in thread
From: Harrison, Bruce (CXO) @ 2005-08-26 15:24 UTC (permalink / raw)
  To: Clemens Eisserer; +Cc: netfilter

Hello Clemens,

    For issue 1, perhaps you are blocking ICMP traffic on eth1?
    For issue 2, ip_forward needs to be set to a 1 (not part of
iptables).

Take Care!

Bruce...

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Clemens
Eisserer
Sent: Friday, August 26, 2005 8:56 AM
To: netfilter@lists.netfilter.org
Subject: Two network cards - routing and iptables

Hi there,

I've just discovered the power of iptables and it just works well in
my selfbuilt isdn router. However now I also want to route between two
subnets and it just does not work.

I've two network cards in the pc:
eth0 - 192.168.0.1
eth1 - 192.168.1.2

when I try to ping another computer connected to 192.168.0.0/24
everything works fine, however I cannot ping my access-point in
192.168.1.0/24 (which works from a stand-alone computer withought any
problems).

This are my routes:
LKLET021.highwa *               255.255.255.255 UH    0      0        0
ippp0
192.168.1.0     *               255.255.255.0   U     0      0        0
eth1
192.168.0.0     *               255.255.255.0   U     0      0        0
eth0
default         LKLET021.highwa          UG    0      0        0 ippp0
m

Furthermore it would be great if I could use this computer as a
gateway for all computers in 192.168.0.0/24 and 192.168.1.0/24 so that
each computer in this net could reach each other. I tried to configure
iptables a bit, but withought any success :-(

It would be great if anybody could help me, I know those are
newbie-questions, sorry.

Thank you in advance, lg Clemens

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Two network cards - routing and iptables
  2005-08-26 15:24 Two network cards - routing and iptables Harrison, Bruce (CXO)
@ 2005-08-26 15:31 ` Clemens Eisserer
  2005-08-31 18:37   ` Clemens Eisserer
  0 siblings, 1 reply; 4+ messages in thread
From: Clemens Eisserer @ 2005-08-26 15:31 UTC (permalink / raw)
  To: netfilter

Hello again and thanks a lot for answering me,

>    For issue 1, perhaps you are blocking ICMP traffic on eth1?
No, I do not block anything as far as I know regarding ICMP.

This configuration I use for iptables:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
iptables -t filter -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport \! 8901 -j DROP

btw. do you know why I cannot connect to the internet from localhost
if I set the last line?
I tried to set -s !127.0.0.1 but this also seems to not work :-(

>    For issue 2, ip_forward needs to be set to a 1 (not part of
> iptables).
> 
> Take Care!
Is this really anything I need to do since I already set it to 1

Hope I am not nerving,

thank you in advance, lg Clemens


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Two network cards - routing and iptables
  2005-08-26 15:31 ` Clemens Eisserer
@ 2005-08-31 18:37   ` Clemens Eisserer
  0 siblings, 0 replies; 4+ messages in thread
From: Clemens Eisserer @ 2005-08-31 18:37 UTC (permalink / raw)
  To: netfilter

Strange thing ... the access point (Belkin) was not compatible with
the first card in the server (RTL8139D) but with the second (RTL8139D)
;-)
Strange thing, however after all it took  me 2 days since I always
thought its my fault.

Can't believe how easily Linux can be used as Router+Firewall.

Thanks for all the patience and help, lg Clemens

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-08-31 18:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-26 15:24 Two network cards - routing and iptables Harrison, Bruce (CXO)
2005-08-26 15:31 ` Clemens Eisserer
2005-08-31 18:37   ` Clemens Eisserer
  -- strict thread matches above, loose matches on Subject: below --
2005-08-26 14:55 Clemens Eisserer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.