[LARTC] Router serving several inet ips

[LARTC] Router serving several inet ips

[Carlos L]

Hi all,

i have a router with debian 3.0 kernel 2.4.20, working with htb quite well,
limiting bandwidth and doing port and ip priorizations.

Now i want to server more than 1 internet ip, later i will do priorizations
on each ip.. but.. i can´t manage yet the first thing.
The idea is that it works as a "dhcp server", assigning the ips.. but the
traffic must go through the linux box (so i can priorize and limit
bandwidth).
i have set up the second internet ip with ipalias in eth1:0, and it is
active, i get ping from internet.. no problem.. but it does not work fine
when i try to assign it to a private ip

The idea is assigning 192.168.0.3 to eth1:0 (no natting, .. just the entire
ip)

The iptables after '#' is what i tried.. but it did not work, it gave me
this message:
debian:/etc/init.d# sh nat.sh
Warning: weird character in interface `eth1:0' (No aliases, :, ! or *).
Warning: weird character in interface `eth1:0' (No aliases, :, ! or *).
iptables v1.2.7a: multiple -j flags not allowed

Thanks in advance,
Carlos

The script, below..

#!/bin/sh

echo "AthoS LaN Generando iptables..." > /dev/tty12

#limpiamos las tablas de iptables
iptables -F
iptables -t nat -F
iptables -t filter -F

#eth1 sera la interfaz de internet
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

#eth0 la interfaz de la red local
iptables --append FORWARD --in-interface eth0 -j ACCEPT

#iptables -t nat -F PREROUTING
#iptables -t nat -P PREROUTING  ACCEPT
#iptables -t nat -F POSTROUTING
#iptables -t nat -P POSTROUTING ACCEPT
#iptables -t nat -A POSTROUTING -o eth1:0
#iptables -A FORWARD -i eth0 -j ACCEPT -m state --state
NEW,ESTABLISHED,RELATED
#iptables -A FORWARD -i eth1:0 -j ACCEPT -m state --state
ESTABLISHED,RELATED  -j MASQUERADE

#activamos el forward
echo 1 > /proc/sys/net/ipv4/ip_forward


#reglas para enrutado de paketes...

#1.- redirecciona las peticiones del puerto 21 a mi pc
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168
.0.2:21

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Router serving several inet ips

[Damion de Soto]

Hi Carlos,
> The iptables after '#' is what i tried.. but it did not work, it gave me
> this message:
> debian:/etc/init.d# sh nat.sh
> Warning: weird character in interface `eth1:0' (No aliases, :, ! or *).
> Warning: weird character in interface `eth1:0' (No aliases, :, ! or *).
> iptables v1.2.7a: multiple -j flags not allowed
> 
> #iptables -t nat -A POSTROUTING -o eth1:0
> #iptables -A FORWARD -i eth0 -j ACCEPT -m state --state
> NEW,ESTABLISHED,RELATED
> #iptables -A FORWARD -i eth1:0 -j ACCEPT -m state --state
> ESTABLISHED,RELATED  -j MASQUERADE

You need to fix those 3 lines just like the error messages say.
Iptables uses the real interface (eth1) not the aliased one.
and you can't combine two -j flags ACCEPT and MASQUERADE.  I assume the -j MASQUERADE 
option is a mistake and should belong elsewhere.



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/