From: Edmundo Carmona <eantoranz@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Fwd: Route packets from an interface to another
Date: Sun, 11 Sep 2005 17:32:12 -0400 [thread overview]
Message-ID: <65aa6af90509111432525f4bd6@mail.gmail.com> (raw)
In-Reply-To: <65aa6af905091114314108597e@mail.gmail.com>
What is it you want to achieve? I don't see any firewall configuration
at all.... your route is wide open... so to speak.
In case you want to enable forwarding from the lan boxes to internet,
just enable forward, masquerade output and that's it. Creating two
separate routing tables is not a must. Once the network interfaces
come up, they set the route.... just make sure the default gateway is
set as well.
On 9/12/05, Rudi Starcevic <tech@wildcash.com> wrote:
> Hi,
>
> I do something like this with the script below.
>
> Please let me know if you see a better way to do this
> than I am using below.
>
> Thanks.
> Kind regards,
> Rudi.
>
>
> #!/bin/sh
>
> echo "Network Setup Start"
>
> echo "Flushing NICs"
> ip addr flush eth0
> ip addr flush eth1
>
> ip link set eth0 down
> ip link set eth1 down
>
> ip link set eth0 up
> ip link set eth1 up
>
> echo "Flushing NetFilter"
> iptables -F
> iptables -t nat -F
>
> echo "Routing Tables:"
> cat /etc/iproute2/rt_tables
>
> echo "Setup NIC 0"
> ip addr add 192.168.2.7/24 dev eth0 brd +
>
> echo "Setup NIC 1"
> ip addr add 192.168.3.7/24 dev eth1 brd +
>
> ip addr list
> ip route list
>
> echo "Setup Default Route [ inet table ]"
> ip route add default via 192.168.2.1 proto static table inet
>
> echo "Setup LAN Route [ implan table ]"
> ip route add 192.168.3/24 via 192.168.3.7 proto static table implan
>
> ip route list
>
> echo "Setup LAN ip rule"
> ip rule add to 192.168.3/24 prio 16000 table implan
>
> echo "Setup Internet ip rule"
> ip rule add to 0/0 prio 17000 table inet
>
> echo "Enable Kernel Forwarding"
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> echo "Enable NetFilter Forwarding"
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> echo "Flushing ip route cache"
> ip route flush cache
>
> #iptables -vL
> #iptables -t nat -vL
>
> exit 0
>
>
>
>
next prev parent reply other threads:[~2005-09-11 21:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-09 19:51 Route packets from an interface to another Jonathan
2005-09-09 21:36 ` /dev/rob0
2005-09-09 21:18 ` Jonathan
2005-09-10 4:45 ` /dev/rob0
2005-09-10 7:54 ` /dev/rob0
2005-09-12 7:56 ` Jonathan
2005-09-13 1:45 ` /dev/rob0
2005-09-12 13:36 ` Rudi Starcevic
[not found] ` <65aa6af905091114314108597e@mail.gmail.com>
2005-09-11 21:32 ` Edmundo Carmona [this message]
2005-09-12 14:39 ` Fwd: " Rudi Starcevic
[not found] ` <65aa6af9050911145833fa12fd@mail.gmail.com>
2005-09-11 21:58 ` Edmundo Carmona
2005-09-12 15:06 ` Fwd: " Rudi Starcevic
[not found] ` <65aa6af9050911151962bc24a2@mail.gmail.com>
2005-09-11 22:20 ` Edmundo Carmona
2005-09-12 15:19 ` Rudi Starcevic
2005-09-11 21:34 ` /dev/rob0
2005-09-12 14:47 ` Rudi Starcevic
2005-09-12 14:51 ` Rudi Starcevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65aa6af90509111432525f4bd6@mail.gmail.com \
--to=eantoranz@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox