From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?UTF-8?Q?Remzi_AKY=c3=9cZ?= <linuxliste@gmail.com>
Subject: Re: NTP forwarding
Date: Mon, 7 Mar 2016 05:49:27 +0200
Message-ID: <56DCFA47.2080809@gmail.com>
References: <56DAEA15.409@gmx.de> <56DC9631.7010702@plouf.fr.eu.org>
 <56DC9E12.6050705@gmx.de>
Mime-Version: 1.0
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <netfilter-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding;
        bh=QNUCqi2TvfDa27TQlSypEHAO8xyhyTPtKsvQnHecY1c=;
        b=lI9+IxDMceYMNo0F9dcIXGlV7ZdvrgNvsj/OGMxNZrdR8kOpjOv1F11kD90I/bA/GY
         POcvHEmbH0ns9HbS1TAU/rrNuadZAWmr/UD4o9OtEPmfNyMy2GzbFA5OFXyztctqAt0K
         4sviJJguw0r2OKFiFQ4P2oND5wpHIUBGA00OX0ESVN59vBY1tOrC1zjAwWXTObJn5bEP
         8JlTM5+7LJmmk1CQVMtvKCDhS3powCgbsmbobLcsKk9yHwsTIqnzKkKHvAYcZi31gJ2X
         6FTfCCJvamUXMqCqBaaYJVdo9y6XP6t29T0pyYLzyTgPPafh0DattFc6ia6qbY0LzSel
         ZzNw==
In-Reply-To: <56DC9E12.6050705@gmx.de>
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="utf-8"
To: Tobias Andresen <tobiasarp@gmx.de>, Pascal Hambourg <pascal@plouf.fr.eu.org>, netfilter@vger.kernel.org

Hi,

I am thinking this is enough f for you.

At Embedded board :

iptables  -A FORWARD -p udp --dport 123  -s 192.168.31.96/30 -j ACCEPT

iptables  -A FORWARD   -s 192.168.31.96/30 -j DROP

iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE

sysctl -w net.ipv6.conf.all.forwarding=3D1

After that please check your all ip tables rules like as;

iptables-save

iptables -L   -vnx --line-numbers

iptables -L -t nat  -vnx --line-numbers


03/06/2016 11:16 PM tarihinde Tobias Andresen yazd=C4=B1:
> Am 06.03.2016 um 21:42 schrieb Pascal Hambourg:
>> Tobias Andresen a =C3=A9crit :
>>> i have following network structure:
>>>
>>>
>>>       NTP-Server (62.214.6.29)
>>>                 |
>>>                 |
>>>                 |
>>>        (eth0: 10.0.0.95)
>>>          Embedded board
>>>      (eth1: 192.168.31.95)
>>>                 |
>>>                 |
>>>                 |
>>>          Ethernet-Switch
>>>           |        |    |
>>>           |        |    |
>>>          PC1       |   PC3 (192.168.31.98)
>>> (192.168.31.96)  |
>>>                    |
>>>                   PC2
>>> (192.168.31.97)
>>>
>>>
>>> The 3 PCs shall be able to connect to the NTP server (62.214.6.29)
>>> to update their time but i cannot figure out how to configure the
>>> iptables rules
>>> on the embedded board to achieve this.
>> Why do you think you need iptables rules ? Isn't plain routing enoug=
h ?
> The PCs should only be able use NTP (Port 123). They should not be
> able tohave full access (i.e. internet, ...)
>>
>>> I have tried to forward port 123 but it does not work.
>> This statement does not contain any useful information. It does not
>> describe what you did and what happened.
>
> I tried following rule for one PC:
>
> iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT
> --to-destination 192.168.31.96:123
> iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE
>
> I know this would work only for one client but it was for testing
> purposes.
>
>
>
>
>> --=20
>> To unsubscribe from this list: send the line "unsubscribe netfilter"=
 in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
> --=20
> To unsubscribe from this list: send the line "unsubscribe netfilter" =
in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html