From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vigneswaran R Subject: Re: NTP forwarding Date: Mon, 07 Mar 2016 14:54:12 +0530 Message-ID: <56DD48BC.4020907@atc.tcs.com> References: <56DAEA15.409@gmx.de> <56DC9631.7010702@plouf.fr.eu.org> <56DC9E12.6050705@gmx.de> <56DCFA47.2080809@gmail.com> <56DD2D0C.3000603@gmx.de> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <56DD2D0C.3000603@gmx.de> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="utf-8"; format="flowed" To: Tobias Andresen , =?UTF-8?B?UmVtemkgQUtZw5xa?= , Pascal Hambourg , netfilter@vger.kernel.org On 03/07/2016 12:56 PM, Tobias Andresen wrote: > Am 07.03.2016 um 04:49 schrieb Remzi AKY=C3=9CZ: >> Hi, >> >> I am thinking this is enough f for you. >> >> At Embedded board : >> >> iptables -A FORWARD -p udp --dport 123 -s 192.168.31.96/30 -j ACCE= PT >> >> iptables -A FORWARD -s 192.168.31.96/30 -j DROP >> >> iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE >> >> sysctl -w net.ipv6.conf.all.forwarding=3D1 >> >> After that please check your all ip tables rules like as; >> >> iptables-save >> >> iptables -L -vnx --line-numbers >> >> iptables -L -t nat -vnx --line-numbers > Thanks for your help but it seems not to work. Please try the following commands too (besides the above ones). At Embedded board: (enable ipv4 forwarding) sysctl -w net.ipv4.conf.all.forwarding=3D1 At the PCs: (set default gateway, if not done already) ip route add default via 192.168.31.95 Vignesh > > >> 03/06/2016 11:16 PM tarihinde Tobias Andresen yazd=C4=B1: >>> Am 06.03.2016 um 21:42 schrieb Pascal Hambourg: >>>> Tobias Andresen a =C3=A9crit : >>>>> i have following network structure: >>>>> >>>>> >>>>> NTP-Server (62.214.6.29) >>>>> | >>>>> | >>>>> | >>>>> (eth0: 10.0.0.95) >>>>> Embedded board >>>>> (eth1: 192.168.31.95) >>>>> | >>>>> | >>>>> | >>>>> Ethernet-Switch >>>>> | | | >>>>> | | | >>>>> PC1 | PC3 (192.168.31.98) >>>>> (192.168.31.96) | >>>>> | >>>>> PC2 >>>>> (192.168.31.97) >>>>> >>>>> >>>>> The 3 PCs shall be able to connect to the NTP server (62.214.6.29= ) >>>>> to update their time but i cannot figure out how to configure the >>>>> iptables rules >>>>> on the embedded board to achieve this. >>>> Why do you think you need iptables rules ? Isn't plain routing=20 >>>> enough ? >>> The PCs should only be able use NTP (Port 123). They should not be >>> able tohave full access (i.e. internet, ...) >>>>> I have tried to forward port 123 but it does not work. >>>> This statement does not contain any useful information. It does no= t >>>> describe what you did and what happened. >>> I tried following rule for one PC: >>> >>> iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT >>> --to-destination 192.168.31.96:123 >>> iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE >>> >>> I know this would work only for one client but it was for testing >>> purposes. >>> >>> >>> >>> >>>> --=20 >>>> To unsubscribe from this list: send the line "unsubscribe=20 >>>> netfilter" in >>>> the body of a message to majordomo@vger.kernel.org >>>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> --=20 >>> To unsubscribe from this list: send the line "unsubscribe netfilter= " in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > > --=20 > To unsubscribe from this list: send the line "unsubscribe netfilter" = in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >