* Help cofiguring new (private) subnet
@ 2003-04-15 21:54 Ashley M. Kirchner
0 siblings, 0 replies; 2+ messages in thread
From: Ashley M. Kirchner @ 2003-04-15 21:54 UTC (permalink / raw)
To: Net Filter Mailing List
I'm needing some help on configuring of my current iptables script
to expand onto a second subnet. But before I posted the whole script
(from iptables-save) and a map layout of the network, I thought I'd ask
if there's anyone in specific that would like to help me out, or whether
I should just go ahead and post the whole shebang.
The short gist of it is this: I've used Oskar Andreasson's
rc.firewall script at http://iptables-tutorial.frozentux.net/ (linked
from www.iptables.com) to generate my initial firewall script between
our public internet address and the internal network. However, I've now
added a third nic to the machine and configured it with a different
(private) network. With the current firewall rules, I can not see
anyone on that new subnet...only those on the old one. That's what I
need fixing. That new subnet does NOT need forwarding like the first
one does, so I'm not worried about it...I do however need to see the
other systems on that subnet.
There you go. Anyone willing to help?
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: Help cofiguring new (private) subnet
@ 2003-04-15 22:18 Daniel Chemko
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Chemko @ 2003-04-15 22:18 UTC (permalink / raw)
To: Net Filter Mailing List
Unless I am mistaken, a proper routing table entry should suffice for
your two private networks to talk to each other.
Gateway for Subnet1:
route add -net <SN2NetAddr>/<SN2NetMask> gw <iptablesmachine_SN1_side>
Gateway for Subnet2:
route add -net <SN1NetAddr>/<SN1NetMask> gw <iptablesmachine_SN2_side>
I don't think you have to do anything at all as long as the firewall is
the gateway for both subnets.
If you have iptables FORWARD table drop by default, add:
iptables -a FORWARD -i <sn1_if> -o <sn2_if>
iptables -a FORWARD -i <sn2_if> -o <sn1_if>
No filtering, no problems.
-----Original Message-----
From: Ashley M. Kirchner [mailto:ashley@pcraft.com]
Sent: Tuesday, April 15, 2003 2:54 PM
To: Net Filter Mailing List
Subject: Help cofiguring new (private) subnet
I'm needing some help on configuring of my current iptables script
to expand onto a second subnet. But before I posted the whole script
(from iptables-save) and a map layout of the network, I thought I'd ask
if there's anyone in specific that would like to help me out, or whether
I should just go ahead and post the whole shebang.
The short gist of it is this: I've used Oskar Andreasson's
rc.firewall script at http://iptables-tutorial.frozentux.net/ (linked
from www.iptables.com) to generate my initial firewall script between
our public internet address and the internal network. However, I've now
added a third nic to the machine and configured it with a different
(private) network. With the current firewall rules, I can not see
anyone on that new subnet...only those on the old one. That's what I
need fixing. That new subnet does NOT need forwarding like the first
one does, so I'm not worried about it...I do however need to see the
other systems on that subnet.
There you go. Anyone willing to help?
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-04-15 22:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-15 21:54 Help cofiguring new (private) subnet Ashley M. Kirchner
-- strict thread matches above, loose matches on Subject: below --
2003-04-15 22:18 Daniel Chemko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox