Re: FORWARD chain and Interfaces

[netfilter@buglecreek.com]

On Sat, 21 May 2011 22:51 +0200, "Pascal Hambourg"
<pascal.mail@plouf.fr.eu.org> wrote:
> netfilter@buglecreek.com a écrit :
> > 
> > As far as the virtual machines.  All three test systems are virtual. 
> > They run RH5 using Mac with parallels.  The routing tables are below. 
> 
> [Nothing unexpected in the routing tables]
> 
> How are the virtual machine network interfaces connected together ?
> Did you create two separate virtual links ?
> One explanation could be that all interfaces are connected to the same
> virtual link, so traffic coming to the router could arrive at any of its
> two interfaces.
> 

That's an interesting idea.  I'm not sure how Parallels sets up the
interfaces.  When I created the virtual machines I selected "Host Only"
networking so I could make distinct systems and I didn't use shared
since I did not need the machines to connect to the Internet via the
physical host interface.   When I do a ifconfig on the firewall/router
it lists eth0 and eth1 like you see on a normal system.  I'm not sure
what is going on. I'll look into how the interfaces are created.

Right now I'm writing the FORWARD rules assuming that when the real
hardware is in place it will function as I expect.  I'm using -i eth0
and -o eth1 for new traffic originating from Network A going to B  and
-i eth1 and -o eth0 for new traffic originating from Network B to A.  
Based on my original diagram below.  Does that sound reasonable?

Network A Machine Eth0 <-------> Eth0 Firewall/Router Eth1 <------->
Eth0 Network B Machine