dumb question...route from local eth1 to eth2 and vice versa

dumb question...route from local eth1 to eth2 and vice versa

[Joel F]

eth0 - my WAN ip.

eth1 - 192.168.0.0  My kids network
eth2 - 192.168.1.0  My personal network

How can I route packets to and from my network of
192.168.1.x (eth2)
to my kids network 192.168.0.x (eth1) so that we can
all play
network games???

I know this is a really dumb quetion but I set up my
Linux server
and Netfilter firewall years ago....AND NEVER HAD TO
REBOOT IT
SINCE! MU HA HA HA HA. Linux rocks.

Thank you!


	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

Re: dumb question...route from local eth1 to eth2 and vice versa

[Jesse Gordon]

----- Original Message ----- 
From: "Joel F" <roadapathy@yahoo.com>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, November 30, 2005 6:43 PM
Subject: dumb question...route from local eth1 to eth2 and vice versa


> eth0 - my WAN ip.
>
> eth1 - 192.168.0.0  My kids network
> eth2 - 192.168.1.0  My personal network
>
> How can I route packets to and from my network of
> 192.168.1.x (eth2)
> to my kids network 192.168.0.x (eth1) so that we can
> all play
> network games???

You may get away with simply enabling forwarding between eth1 and eth2, 
something like this might allow both the *.1.x and the *.0.x networks to 
communicate with eachother:
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT  #Data going one way is 
allowed
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT #And data going other way is 
allowed.

Since both networks use the linux box as their gateway, I would guess that 
it'd work.

If you wish restrict your kids access to only one computer on your network 
(and only allow one computer on your network to reach their network)
you can add in -s source_ip and -d dest_ip to make the forward acceptance 
more strict. For example:

iptables -A FORWARD -i eth1 -o eth2 -s 192.168.0.1.24 -j ACCEPT   #Data 
coming from dad's .24 IP is allowed onto kids network.
iptables -A FORWARD -i eth2 -o eth1 -d 192.168.0.1.24 -j ACCEPT  #Data going 
to dad's .24 IP is allowed from kids network.

If you wish to restrict to a specific port, can specify -p tcp (or udp) and 
the --dport 3306 or --sport 5133.
like this:
iptables -A FORWARD -p tcp -i eth1 -o eth2 --dport 139  -j ACCEPT #Forward 
data coming from kids network to dad's network if it's destined for port 
139.

Of course if you have other policies or rules which would block this 
traffic, you'll have to remedy those as well.

Anyway, I'm in way over my head by now. I've been using iptables for years 
(ipchains before that), but like you, once I set it up, I mostly just ignore 
it.

If this doesn't help, just wait till another more experianced answers.

-Jesse


>
> I know this is a really dumb quetion but I set up my
> Linux server
> and Netfilter firewall years ago....AND NEVER HAD TO
> REBOOT IT
> SINCE! MU HA HA HA HA. Linux rocks.
>
> Thank you!
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> 

Re: dumb question...route from local eth1 to eth2 and vice versa

[Thomas Kuiper]

Jesse,

I think his problems has nothing to do with iptables but routing in general.

Joel,

I guess you want to ask your question (which is very basic) to a network 
related linux beginners groups (there are thousands of those), but you might 
find the one that is related to your linux distribution.

Or one of the linux network related usenet groups that you can simply browse 
at http://groups.google.com/

Best Regards,
Thomas



Jesse Gordon wrote:
> ----- Original Message ----- From: "Joel F" <roadapathy@yahoo.com>
> To: <netfilter@lists.netfilter.org>
> Sent: Wednesday, November 30, 2005 6:43 PM
> Subject: dumb question...route from local eth1 to eth2 and vice versa
> 
> 
>> eth0 - my WAN ip.
>>
>> eth1 - 192.168.0.0  My kids network
>> eth2 - 192.168.1.0  My personal network
>>
>> How can I route packets to and from my network of
>> 192.168.1.x (eth2)
>> to my kids network 192.168.0.x (eth1) so that we can
>> all play
>> network games???
> 
> 
> You may get away with simply enabling forwarding between eth1 and eth2, 
> something like this might allow both the *.1.x and the *.0.x networks to 
> communicate with eachother:
> iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT  #Data going one way is 
> allowed
> iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT #And data going other way 
> is allowed.

...

Re: dumb question...route from local eth1 to eth2 and vice versa

[Jesse Gordon]

Thomas Kuiper said:
> Jesse,
>
> I think his problems has nothing to do with iptables but routing in 
> general.
>

Thomas,

Ahh. I guess he did use the word "route" didn't he! I should pay more 
attention.

I just figured that since packets were going to be going in one eth and out 
another, that iptables had to be involved. :-)

Thanks!

Joel,

I also want to learn how to route packets as you describe. When you find 
your solution, perhaps you could email me privately and let me know what it 
turned out to be.

Thanks!

-Jesse

----- Original Message ----- 
From: "Thomas Kuiper" <tkuiper-netfilter@inxsoft.net>
To: "Jesse Gordon" <jesseg@nikola.com>
Cc: "Joel F" <roadapathy@yahoo.com>; <netfilter@lists.netfilter.org>
Sent: Wednesday, November 30, 2005 7:22 PM
Subject: Re: dumb question...route from local eth1 to eth2 and vice versa


> Jesse,
>
> I think his problems has nothing to do with iptables but routing in 
> general.
>
> Joel,
>
> I guess you want to ask your question (which is very basic) to a network 
> related linux beginners groups (there are thousands of those), but you 
> might find the one that is related to your linux distribution.
>
> Or one of the linux network related usenet groups that you can simply 
> browse at http://groups.google.com/
>
> Best Regards,
> Thomas
>
>
>
> Jesse Gordon wrote:
>> ----- Original Message ----- From: "Joel F" <roadapathy@yahoo.com>
>> To: <netfilter@lists.netfilter.org>
>> Sent: Wednesday, November 30, 2005 6:43 PM
>> Subject: dumb question...route from local eth1 to eth2 and vice versa
>>
>>
>>> eth0 - my WAN ip.
>>>
>>> eth1 - 192.168.0.0  My kids network
>>> eth2 - 192.168.1.0  My personal network
>>>
>>> How can I route packets to and from my network of
>>> 192.168.1.x (eth2)
>>> to my kids network 192.168.0.x (eth1) so that we can
>>> all play
>>> network games???
>>
>>
>> You may get away with simply enabling forwarding between eth1 and eth2, 
>> something like this might allow both the *.1.x and the *.0.x networks to 
>> communicate with eachother:
>> iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT  #Data going one way is 
>> allowed
>> iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT #And data going other way 
>> is allowed.
>
> ...
> 

RE: dumb question...route from local eth1 to eth2 and vice versa

[Rob Sterenborg]

> Thomas Kuiper said:
>> Jesse,
>> 
>> I think his problems has nothing to do with iptables but routing in
>> general. 
>> 
> 
> Thomas,
> 
> Ahh. I guess he did use the word "route" didn't he! I should pay more
> attention. 
> 
> I just figured that since packets were going to be going in
> one eth and out another, that iptables had to be involved. :-)

You are correct : if forwarding is not allowed between eth1 and eth2,
those networks can't communicate.
So this is Netfilter related.

>>>> eth0 - my WAN ip.
>>>> 
>>>> eth1 - 192.168.0.0  My kids network
>>>> eth2 - 192.168.1.0  My personal network
>>>> 
>>>> How can I route packets to and from my network of
>>>> 192.168.1.x (eth2)
>>>> to my kids network 192.168.0.x (eth1) so that we can all play
>>>> network games???
>>> 
>>> 
>>> You may get away with simply enabling forwarding between eth1 and
>>> eth2, something like this might allow both the *.1.x and the *.0.x
>>> networks to communicate with eachother:
>>> iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
>>> iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

Make sure that these rules are among of the first of your FORWARD chain,
so there's nothing that can block it anyhow.


Gr,
Rob

Re: dumb question...route from local eth1 to eth2 and vice versa

[Rudi Starcevic]

[-- Attachment #1: Type: text/plain, Size: 791 bytes --]

Hi,

I have two scripts I use to do something similar to this.

I figured this out just reading howto's on the web so
it could be fully wrong and I may get flamed for posting them.

What the scipts does is connect two networks and is
an internet gateway for both.

I think this setup should work OK for your gaming setup.
Just edit the networks to suit what you need.

The Linux router box has 2 NICs

eth0: 192.168.1.0/24
eth1: 192.168.3.0/24

The default gateway is the ADSL modem: 192.168.1.254

Both networks can see each other, the machines on the
192.168.3.0/24 network set their gateway as the Linux box
which in turn forwards their traffic to it default gw 192.168.1.254.

The script uses 'iproute' and 'iptables'.

Any feedback much appreciated.

Thanks.
Kind regards,
Rudi.


 




[-- Attachment #2: ip_b_firewall_1.sh --]
[-- Type: text/plain, Size: 4424 bytes --]

#!/bin/bash

echo "Firewall Setup Start"

## Our "die" function (think perl)
function die () { echo "$@" 1>&2 ; exit 1 ; }

## Test we have what we need
hash iptables date modprobe || die $0: required binaries not present

## Some key IP addresses
IMPIP1=220.245.105.25
IMPIP2=203.144.16.126

################################################################################
echo -n "Firewall: sysctl "

# Enable additional kernel security
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/eth1/bootp_relay
echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians

# ECN isn't handled correctly on the Internet.
echo 0 > /proc/sys/net/ipv4/tcp_ecn

# Activate window scaling according to RFC 1323
# Activate timestamps according to RFC 1323
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_timestamps

# Enable forwarding
echo "Enable Kernel Forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward

################################################################################
echo -n "reset "

for chain in INPUT FORWARD OUTPUT ; do
iptables --policy $chain DROP
done

for table in filter nat mangle ; do
iptables --table $table --flush
iptables --table $table --delete-chain
done

modprobe ip_nat_ftp

################################################################################
echo -n "INPUT "

# accept everything from ws202 box
iptables -A INPUT -i eth0 -s 192.168.3.110 -j ACCEPT

# allows HTTP connections from anywhere

#iptables -A INPUT -p tcp --syn --dport 80 -j ULOG
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s $IMPIP1 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s $IMPIP2 -j ACCEPT

# java cambozola web camera
#iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -s $IMPIP1 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -s $IMPIP2 -j ACCEPT

# allow FTP connections restricted by IP
#iptables -A INPUT -p tcp --dport 21 -s $IMPIP1 -j ACCEPT
#iptables -A INPUT -p tcp --dport 21 -s $IMPIP2 -j ACCEPT
#iptables -A INPUT -p tcp --dport 21 -s $IMPIP3 -j ACCEPT

# allows SSH connections restricted by IP

#iptables -A INPUT -p tcp --syn --dport 22 -j ULOG

#iptables -A INPUT -p tcp --dport 22 -s $IMPIP1 -j ACCEPT
#iptables -A INPUT -p tcp --dport 22 -s $IMPIP2 -j ACCEPT
#iptables -A INPUT -p tcp --dport 22 -s $IMPIP3 -j ACCEPT
#iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

# ssh access
iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

# bittorrent
iptables -A INPUT -i eth1 -p tcp --dport 6881 -j ACCEPT

# allows MYSQL connections restricted by IP
#iptables -A INPUT -p tcp --dport 3306 -s $IMPIP1 -j ACCEPT

# allows unrestricted connections over the local interface
# allows conections from lan
# allows established connections
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allows helpful ICMP packets (first four are really needed)
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

################################################################################
echo -n "FORWARD " 
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t mangle -A POSTROUTING -p tcp -s 192.168.3.110 -j CLASSIFY --set-class 1:10

################################################################################
echo -n "OUTPUT "

# allows unrestricted output from this machine
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT

################################################################################
echo done.

[-- Attachment #3: ip_a_route_1.sh --]
[-- Type: text/plain, Size: 982 bytes --]

#!/bin/sh

echo "Network Setup Start"

echo "Flushing NICs"
ip addr flush eth0
ip addr flush eth1

ip link set eth0 down
ip link set eth1 down

ip link set eth0 up
ip link set eth1 up

echo "Routing Tables:"
cat /etc/iproute2/rt_tables 
### example file ###
## reserved values
##
#255	local
#254	main
#253	default
#0	unspec
##
## local
##
##1	inr.ruhep
#200	implan
#201	inet
### example end ###

echo "Setup NIC 0"
ip addr add 192.168.3.10/24 dev eth0 brd +

echo "Setup NIC 1"
ip addr add 192.168.1.1/24 dev eth1 brd +

ip addr list
ip route list

echo "Setup Default Route [ inet table ]"
ip route add default via 192.168.1.254 proto static table inet

echo "Setup LAN Route [ implan table ]"
ip route add 192.168.3/24 via 192.168.3.10 proto static table implan

ip route list

echo "Setup LAN ip rule"
ip rule add to 192.168.3/24 prio 16000 table implan

echo "Setup Internet ip rule"
ip rule add to 0/0 prio 17000 table inet

echo "Flushing ip route cache"
ip route flush cache

Re: dumb question...route from local eth1 to eth2 and vice versa

[Rudi Starcevic]

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

Hi,

Eek .. let me try that again.
My earlier post has an old copy of the iptables
script. I've timmed it down so it should all work
with a simple default = ACCEPT iptables firewall.

I have two scripts I use to do something similar to this.

I figured this out just reading howto's on the web so
it could be fully wrong and I may get flamed for posting them.

What the scipts does is connect two networks and is
an internet gateway for both.

I think this setup should work OK for your gaming setup.
Just edit the networks to suit what you need.

The Linux router box has 2 NICs

eth0: 192.168.1.0/24
eth1: 192.168.3.0/24

The default gateway is the ADSL modem: 192.168.1.254

Both networks can see each other, the machines on the
192.168.3.0/24 network set their gateway as the Linux box
which in turn forwards their traffic to it default gw 192.168.1.254.

The script uses 'iproute' and 'iptables'.

Any feedback much appreciated.

Thanks.
Kind regards,
Rudi.



[-- Attachment #2: ip_a_route_1.sh --]
[-- Type: text/plain, Size: 982 bytes --]

#!/bin/sh

echo "Network Setup Start"

echo "Flushing NICs"
ip addr flush eth0
ip addr flush eth1

ip link set eth0 down
ip link set eth1 down

ip link set eth0 up
ip link set eth1 up

echo "Routing Tables:"
cat /etc/iproute2/rt_tables 
### example file ###
## reserved values
##
#255	local
#254	main
#253	default
#0	unspec
##
## local
##
##1	inr.ruhep
#200	implan
#201	inet
### example end ###

echo "Setup NIC 0"
ip addr add 192.168.3.10/24 dev eth0 brd +

echo "Setup NIC 1"
ip addr add 192.168.1.1/24 dev eth1 brd +

ip addr list
ip route list

echo "Setup Default Route [ inet table ]"
ip route add default via 192.168.1.254 proto static table inet

echo "Setup LAN Route [ implan table ]"
ip route add 192.168.3/24 via 192.168.3.10 proto static table implan

ip route list

echo "Setup LAN ip rule"
ip rule add to 192.168.3/24 prio 16000 table implan

echo "Setup Internet ip rule"
ip rule add to 0/0 prio 17000 table inet

echo "Flushing ip route cache"
ip route flush cache

Re: dumb question...route from local eth1 to eth2 and vice versa

[Rudi Starcevic]

[-- Attachment #1: Type: text/plain, Size: 125 bytes --]

Hi,

Oh man .. it's just too late in my day ....

Let me try one more time to attach these 2 scripts ..

Doh .. sorry .....


[-- Attachment #2: ip_b_firewall_1._b.sh --]
[-- Type: text/plain, Size: 1088 bytes --]

#!/bin/bash

echo "Firewall Setup Start"


################################################################################
echo -n "Firewall: sysctl "

# Enable forwarding
echo "Enable Kernel Forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward

################################################################################
echo -n "reset "

for table in filter nat mangle ; do
iptables --table $table --flush
iptables --table $table --delete-chain
done

modprobe ip_nat_ftp

################################################################################
echo -n "FORWARD " 
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


################################################################################
echo -n "OUTPUT "

# allows unrestricted output from this machine
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT

################################################################################
echo done.

[-- Attachment #3: ip_a_route_1.sh --]
[-- Type: text/plain, Size: 982 bytes --]

#!/bin/sh

echo "Network Setup Start"

echo "Flushing NICs"
ip addr flush eth0
ip addr flush eth1

ip link set eth0 down
ip link set eth1 down

ip link set eth0 up
ip link set eth1 up

echo "Routing Tables:"
cat /etc/iproute2/rt_tables 
### example file ###
## reserved values
##
#255	local
#254	main
#253	default
#0	unspec
##
## local
##
##1	inr.ruhep
#200	implan
#201	inet
### example end ###

echo "Setup NIC 0"
ip addr add 192.168.3.10/24 dev eth0 brd +

echo "Setup NIC 1"
ip addr add 192.168.1.1/24 dev eth1 brd +

ip addr list
ip route list

echo "Setup Default Route [ inet table ]"
ip route add default via 192.168.1.254 proto static table inet

echo "Setup LAN Route [ implan table ]"
ip route add 192.168.3/24 via 192.168.3.10 proto static table implan

ip route list

echo "Setup LAN ip rule"
ip rule add to 192.168.3/24 prio 16000 table implan

echo "Setup Internet ip rule"
ip rule add to 0/0 prio 17000 table inet

echo "Flushing ip route cache"
ip route flush cache

Re: dumb question...route from local eth1 to eth2 and vice versa

[Rob Sterenborg]

On Thu, December 1, 2005 07:59, Rudi Starcevic wrote:
> Hi,
>
> I have two scripts I use to do something similar to this.

...

> Any feedback much appreciated.

This is about ip_a_route_1.sh and ip_b_firewall_1._b.sh from your last
post.

I think ip_a_route_1.sh is way too difficult for this setup. I didn't
even read it all through (saw something about tables, rules and
prio)..
This can simply be done using the old "ifconfig" and "route" commands
(although the new "ip" command seems to be preferred by some people).

ifconfig eth0 192.168.3.10 netmask 255.255.255.0 up
ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up
route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.3.254

The two ifconfig rules should already add the routes for these
interfaces. Only need to add the default route.

========

Disable forwarding in the top of your script.
Enable forwarding when you finished the FORWARD chain, when you know
all rules are in place.

========

You did not set the policy of FORWARD to DROP. It will DROP nothing.

iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Maybe some things stop work after this, which means you need
additional rules to allow what you need.

========

You did not set the policy of OUTPUT to DROP. The OUTPUT rules are
useless because everything will be accepted, even without these rules.

========

Actually, I started commenting both scripts, and then I realised you
were trying to answer the OP's question instead of asking your own.
(Or it's too early for me and I don't understand what this post is
about).

The OP was asking about letting packets be routed between to LAN
interfaces, not LAN to internet (NAT). He just needs to allow
forwarding between these to interfcaes and let routing do the rest.
Your scripts are doing something different.


Gr,
Rob

Re: dumb question...route from local eth1 to eth2 and vice versa

[Rudi Starcevic]

Hi,

>> I think ip_a_route_1.sh is way too difficult for this setup. I didn't
>> even read it all through (saw something about tables, rules
>> and prio)..
Very true, but it's the only way I know.

>> ifconfig eth0 192.168.3.10 netmask 255.255.255.0 up
>> ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up
>> route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.3.254
Nice one .....

>> You did not set the policy of FORWARD to DROP. It will DROP
>> nothing.
>> You did not set the policy of OUTPUT to DROP. The OUTPUT >> rules are
useless because everything will be accepted, even
>>  without these rules.
Yes sorry. I didn't cut'n'paste that part of the script in.
It's my fault for trying to hurry out a quick post just before I left work.

>>  He just needs to allow
>> forwarding between these to interfcaes and let routing do the
>>  rest.
>> Your scripts are doing something different.
Yes ... but I thought it would be handy to have net too so
all the boys and girls and play online together as well :-)

Using things like tables, rules and prio also puts one in place
to do QOS on the network traffic with the tc command.

Don't want those pesky emails, downloads and other important
stuff to lag out the gaming connection ... :-) lol .....

Cheers,
Rudi

RE: dumb question...route from local eth1 to eth2 and vice versa

[Anthony Sadler]

Keep in mind that if you want network games across a router, you will lose your broadcast packets unless you do something funky (unless its built in which I don't think it is). If you select the LAN option in a multiplayer game, 9 times out of 10 they use broadcast I've found. Use direct IP if you can.  


Anthony Sadler
Far Edge Technology
w: (02) 8425 1400
 
-----Original Message-----
From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Rudi Starcevic
Sent: Thursday, 1 December 2005 21:18 
To: netfilter@lists.netfilter.org
Subject: Re: dumb question...route from local eth1 to eth2 and vice versa

Hi,

>> I think ip_a_route_1.sh is way too difficult for this setup. I didn't
>> even read it all through (saw something about tables, rules
>> and prio)..
Very true, but it's the only way I know.

>> ifconfig eth0 192.168.3.10 netmask 255.255.255.0 up
>> ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up
>> route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.3.254
Nice one .....

>> You did not set the policy of FORWARD to DROP. It will DROP
>> nothing.
>> You did not set the policy of OUTPUT to DROP. The OUTPUT >> rules are
useless because everything will be accepted, even
>>  without these rules.
Yes sorry. I didn't cut'n'paste that part of the script in.
It's my fault for trying to hurry out a quick post just before I left work.

>>  He just needs to allow
>> forwarding between these to interfcaes and let routing do the
>>  rest.
>> Your scripts are doing something different.
Yes ... but I thought it would be handy to have net too so
all the boys and girls and play online together as well :-)

Using things like tables, rules and prio also puts one in place
to do QOS on the network traffic with the tc command.

Don't want those pesky emails, downloads and other important
stuff to lag out the gaming connection ... :-) lol .....

Cheers,
Rudi