From: Greg Olszewski <noop@nwonknu.org>
To: Nicolas Patik <nicolas.patik@gmail.com>
Cc: linux-newbie@vger.kernel.org
Subject: Re: how to route
Date: Fri, 24 Dec 2004 00:02:49 -0800 [thread overview]
Message-ID: <41CBCD29.5010709@nwonknu.org> (raw)
In-Reply-To: <7539d99f041223195924d905d3@mail.gmail.com>
Nicolas Patik wrote:
> I have 2 linux boxes connected to a switch:
3, no?
>
> box1:
> eth0 192.168.0.200/255.255.255.0
> eth1 public address from ISP dhcp
>
> box2:
> eth0 192.168.0.35/255.255.255.0
>
> box3:
> eth0 192.168.1.3/255.255.255.0
>
> I want box1 to act as a gateway to the internet
> (it is doing this now for box2),
> but also want to communicate from box2 to box3 through box1,
> and that box3 can use the internet through box1.
>
> how can I do this?
>
You could create an alias for eth0 on box1 which is on the same subnet
as box 3, like so:
box1# ifconfig eth0:0 192.168.1.200 netmask 255.255.255.0
now, from box1 you should be able to ping box3 and vice-versa:
box1# ping 192.168.1.3 -c 1
PING 192.168.1.3 (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: icmp_seq=0 ttl=127 time=3.0 ms
--- 192.168.1.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.0/3.0/3.0 ms
and
box3$ ping 192.168.1.200 -c 1
...
now you'll need to make sure box3 is using box1 as it's gateway
box3# route del default
box3# route add default gw 192.168.1.200
provided that this works, you ought to be able to ping box2 from box3
and vice versa, although this depends on box1's ipchains/iptables rules
(some must be set up if box1 is acting as a gateway). If you posted the
output of 'iptables -L -n' and 'iptables -t nat -L -n', I could be sure,
but the iptables rules you'll want are something like so:
#first flush the tables
iptables -t nat -F
iptables -F
#drop FORWARD packets by default
iptables -P FORWARD DROP
# unless there is a connection established
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
# or it came in on eth0(or :0), and is leaving the same way,
# and is addressed to a local address
iptables -A FORWARD -i eth0+ -o eth0+ -d 192.168.0.0/23 -s
192.168.0.0/23 -j ACCEPT
# Or it is an internal packet heading for the world
iptables -A FORWARD -i eth0+ -o eth1 -s 192.168.0.0/23 -d \! 192.168.0.0/23
# now masquerade all outgoing packets
iptables -t nat -A POSTROUTING -s 192.168.0.0/23 -d \! 192.168.0.0/23 -j
MASQUERADE
have fun,
greg
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
next prev parent reply other threads:[~2004-12-24 8:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-24 3:59 how to route Nicolas Patik
2004-12-24 8:02 ` Greg Olszewski [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-12-24 4:43 Rajat Jain, Noida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41CBCD29.5010709@nwonknu.org \
--to=noop@nwonknu.org \
--cc=linux-newbie@vger.kernel.org \
--cc=nicolas.patik@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox