* a little help on iptables
@ 2006-09-07 14:40 Luca Ferrari
2006-09-07 15:15 ` André Serralheiro
2006-09-07 16:24 ` urgrue
0 siblings, 2 replies; 3+ messages in thread
From: Luca Ferrari @ 2006-09-07 14:40 UTC (permalink / raw)
To: linux-admin
Hi all,
this is the situation: I've got a firewall double-homed, with a NIC assigned
to a public IP and the other to the LAN network. Until now I've used the
external NIC as default gateway, since my router has a public address too.
Now I'd like to use another router on the lan as default, leaving untouched
the external interface (since the firewall must be accessible from the
outside world). So I've changed the default gw to the lan one, and it works,
but I get the external ip unreachable, and I think it's because it does not
know the gateway interface. So, how can I specify for the external interface
the gateway to use? If I try to do it thru the route command it replies sayng
that the network is unreachable. Any help?
Thanks,
Luca
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: a little help on iptables
2006-09-07 14:40 a little help on iptables Luca Ferrari
@ 2006-09-07 15:15 ` André Serralheiro
2006-09-07 16:24 ` urgrue
1 sibling, 0 replies; 3+ messages in thread
From: André Serralheiro @ 2006-09-07 15:15 UTC (permalink / raw)
To: Luca Ferrari; +Cc: linux-admin
Hi Luca
It could be easier to give you a hand if you provides us with the
output of: ifconfig; route -n and iptables -L (and iptables -L -t nat)
you call always try to execute the following:
route add default gateway x.x.x.x netmask y.y.y.y ethX
for the default gateway and:
route add -net z.z.z.z netmask k.k.k.k dev ethY
for the other route
Hope it helps
Andre Serralheiro
On 9/7/06, Luca Ferrari <fluca1978@infinito.it> wrote:
> Hi all,
> this is the situation: I've got a firewall double-homed, with a NIC assigned
> to a public IP and the other to the LAN network. Until now I've used the
> external NIC as default gateway, since my router has a public address too.
> Now I'd like to use another router on the lan as default, leaving untouched
> the external interface (since the firewall must be accessible from the
> outside world). So I've changed the default gw to the lan one, and it works,
> but I get the external ip unreachable, and I think it's because it does not
> know the gateway interface. So, how can I specify for the external interface
> the gateway to use? If I try to do it thru the route command it replies sayng
> that the network is unreachable. Any help?
> Thanks,
> Luca
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: a little help on iptables
2006-09-07 14:40 a little help on iptables Luca Ferrari
2006-09-07 15:15 ` André Serralheiro
@ 2006-09-07 16:24 ` urgrue
1 sibling, 0 replies; 3+ messages in thread
From: urgrue @ 2006-09-07 16:24 UTC (permalink / raw)
To: Luca Ferrari; +Cc: linux-admin
Its a little hard to understand what you want exactly. Why do you want
to keep both internet connections? Is it not possible to forward a port
from the new gateway to your firewall? Why must your firewall use a
different internet connection (ie why cant you connect the new
connection directly to your firewall)?
If you _really_ must have:
-LAN traffic use your firewall as the default gateway, which then
forwards the traffic to the new router
-Firewall use the old router for its own internet
Then your only option that I can think of is to use policy routing.
Basically on your firewall do something like:
ip rule add from x.x.x.x/z table 100
ip rule add to x.x.x.x/z table 100
ip route add x.x.x.x/z via i.i.i.i table 100
ip route add default via z.z.z.z table 100
Where:
x.x.x.x/z = your LAN
i.i.i.i = your firewall's LAN IP
z.z.z.z = your new router in the LAN
But your situation must be somewhat unusual if you really need to do this.
urgrue
Luca Ferrari wrote:
> Hi all,
> this is the situation: I've got a firewall double-homed, with a NIC assigned
> to a public IP and the other to the LAN network. Until now I've used the
> external NIC as default gateway, since my router has a public address too.
> Now I'd like to use another router on the lan as default, leaving untouched
> the external interface (since the firewall must be accessible from the
> outside world). So I've changed the default gw to the lan one, and it works,
> but I get the external ip unreachable, and I think it's because it does not
> know the gateway interface. So, how can I specify for the external interface
> the gateway to use? If I try to do it thru the route command it replies sayng
> that the network is unreachable. Any help?
> Thanks,
> Luca
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-09-07 16:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-07 14:40 a little help on iptables Luca Ferrari
2006-09-07 15:15 ` André Serralheiro
2006-09-07 16:24 ` urgrue
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).