From: Mike <1100100@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Subnets: Make Static Route or Iptables Rules
Date: Wed, 25 May 2005 13:20:11 -0400 [thread overview]
Message-ID: <8ca4228205052510204f725724@mail.gmail.com> (raw)
In-Reply-To: <42948ED3.7090407@novadevices.com>
I have a linux routerbox with 3 nics.:
ppp0 goes to the internet service provider
eth1 serves as gateway to a subnet
eth2 serves as gateway to another subnet
I want LAN clients from subnet eth2 to be able to access a Samba
Server box located on subnet eth1
I have tried making a static route using --- route -n add
<destination> <gateway> but all I get no matter what I try is:
SIOCADDRT: No such device
Here's my route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0
As a result of trying out a few extra iptables rules, I can now ping
the eth1 gateway from the eth2 subnet clients, but I still cannot
ping/reach the Samba server box on the eth1 subnet.
Here's the rules I've added in hopes of making a proper path from
subnet eth2 to eth1:
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --source
192.168.170.0/24 -j DNAT --to-destination 192.168.169.2
$IPTABLES -t nat -A PREROUTING -p udp -i eth1 --source
192.168.170.0/24 -j DNAT --to-destination 192.168.169.2
and
$IPTABLES -t filter -A INPUT -i eth1 --source 192.168.170.0/24 -j ACCEPT
and
$IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT
Again, to be clear, clients on subnet eth2 can ping the gateway nic
(eth1), but cannot ping the samba box located on subnet eth1.
If I can just ping that box, I can config Samba the rest of the way.
So I'm not sure if what I need for this is to create a static route,
or whether iptables rules are all I need.
Thank you for your time and patience in reading this post.
Regards,
Mike
next prev parent reply other threads:[~2005-05-25 17:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-25 14:42 Problem using transparent proxy and iptables 1.3.1 Rafael Vallejo
2005-05-25 17:20 ` Mike [this message]
2005-05-26 12:09 ` Subnets: Make Static Route or Iptables Rules Eduardo Spremolla
2005-05-26 16:25 ` Mike
[not found] ` <1117133286.4318.5.camel@fly.in.iantel.com.uy>
2005-05-26 19:38 ` Mike
2005-05-25 20:33 ` Problem using transparent proxy and iptables 1.3.1 Ron Peterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8ca4228205052510204f725724@mail.gmail.com \
--to=1100100@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.