Hi,

I want to setup a router on linux PC for testing with NISTNet with the following config:


GW-------SW[lan]-------------[eth0 linux box with redhat 9.0 eth1]--------client pc

Eth0: 192.168.10.40 with 192.165.10.0 network
Router/GW: 192.168.10.1

Eth1: 192.168.20.1 with 192.168.20.0 network

Client PC: 192.168.20.25 with gateway set to 192.168.20.1



I have enabled IP-forwarding using
echo "1" > /proc/sys/net/ipv4/ip_forward

And

FORWARD_IPV4=yes in sysctl.conf file.


At present I am able to ping from linux box towards both sides but not from client pc to GW or clients on lan to client pc.

I want to route any type of traffic between eth0 and eth1 without any filters. What do I need to do?

What is the basic iptables script to achieve this?

anybody, please help me out with this problem.

Thanks,
Thiru

iptables flushing (http://www.linuxguruz.com/iptables/scripts/rc.flush-iptables.txt)
After you flush, please flip your lid (I knew I could make a joke from that statement) :)

Originally posted by hard candy
iptables flushing (http://www.linuxguruz.com/iptables/scripts/rc.flush-iptables.txt)
After you flush, please flip your lid (I knew I could make a joke from that statement) :)

thanks for the reply.

It seems still not working.

If I ping from client PC towards eth0 network, I could see ip address on eth0 working, but not beyond that.

If I ping from client PC towards eth1 network, nothing is working [either eth0 or eth1].

I can ping both the networks and their clients from redhat router.


-Thanks,
Thiru

I thought of this, maybe configure a bridge.
Ethernet Bridge (http://tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO-1.html)

Originally posted by thiru
Hi,

I want to setup a router on linux PC for testing with NISTNet with the following config:


GW-------SW[lan]-------------[eth0 linux box with redhat 9.0 eth1]--------client pc

Eth0: 192.168.10.40 with 192.165.10.0 network
Router/GW: 192.168.10.1

Eth1: 192.168.20.1 with 192.168.20.0 network

Client PC: 192.168.20.25 with gateway set to 192.168.20.1



I have enabled IP-forwarding using
echo "1" > /proc/sys/net/ipv4/ip_forward

And

FORWARD_IPV4=yes in sysctl.conf file.


At present I am able to ping from linux box towards both sides but not from client pc to GW or clients on lan to client pc.

I want to route any type of traffic between eth0 and eth1 without any filters. What do I need to do?

What is the basic iptables script to achieve this?

anybody, please help me out with this problem.

Thanks,
Thiru



Hi,

any help from anybody!

thanks,
Thiru

Originally posted by hard candy
iptables flushing (http://www.linuxguruz.com/iptables/scripts/rc.flush-iptables.txt)
After you flush, please flip your lid (I knew I could make a joke from that statement) :)

Ok..we're waiting:p

[EDIT]
thiru..have you looked at your man route pages?

Originally posted by JohnT
Ok..we're waiting:p

[EDIT]
thiru..have you looked at your man route pages?

thanks for the reply.

here is route command output:

Here is “route” command output:

192.168.20.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eht1
127.0.0.0 * 255.0.0.0 U 0 0 0 l0

I have been working on this problem since long time. I have tried all the options, but no result.

Here is my setup:


[ LAN]<---->[Sw]<---->[ eth0 redhat linux 9.0 with NISTNet eth1]<-->[PC]

PC: 192.168.20.25
gw192.168.20.1
255.255.255.0


Eth0: 192.168.10.40
Nw: 192.168.10.0
Gw:192.168.10.1
Nm: 255.255.255.0


Eth1: 192.168.20.1
Nw: 192.168.20.0
Nm: 255.255.255.0

How to set up a router to allow all traffic in both the directions?
What is the basic iptables script that does allows all traffic in both the directions?


Thanks,
Thiru

you are confusing what iptables is, iptables is for _stopping_ traffic and for manipulating packets (like NAT, etc...)

your iptables should have no rules whatsoever

i'll go through each step for what you want


Eth0: 192.168.10.40 with 192.165.10.0 network
Router/GW: 192.168.10.1

Eth1: 192.168.20.1 with 192.168.20.0 network

Client PC: 192.168.20.25 with gateway set to 192.168.20.1


you've already enabled ipforwarding in the proc file, so i'll skip that

on your router (the box w/ 2 nics) do:

ifconfig eth0 192.168.10.40 netmask 255.255.255.0
ifconfig eth1 192.168.20.1 netmask 255.255.255.0
route add default gw 192.168.10.1


on your client pc do:

ifconfig eth0 192.168.20.1 netmask 255.255.255.0
route add default gw 192.168.20.1


you shouldn't need NAT for this, but if you _wanted_ it then do this

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Originally posted by maccorin
you are confusing what iptables is, iptables is for _stopping_ traffic and for manipulating packets (like NAT, etc...)

your iptables should have no rules whatsoever

i'll go through each step for what you want



you've already enabled ipforwarding in the proc file, so i'll skip that

on your router (the box w/ 2 nics) do:


on your client pc do:


you shouldn't need NAT for this, but if you _wanted_ it then do this



thanks for the reply.

I have been implementd most of the above explained steps long back.
But the problem with this config is I am able to ping from client PC to LAN clients but not from the LAN PCs to client PC. I can ping eth0 NIC from LAN PCs not beyond that (i.e eth1, client PC).

I thought default IPTABLES might doing something. That is the reason I am asking about iptables setup.

Thanks,
Thiru

if you wanna be able to ping the pc from the lan, the _do_not_ use NAT

to flush your iptables so that they are empty (what you want) do:

iptables -F
iptables -t nat F

EDIT:
just in case do this as well
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Originally posted by maccorin
if you wanna be able to ping the pc from the lan, the _do_not_ use NAT

to flush your iptables so that they are empty (what you want) do:

iptables -F
iptables -t nat F

EDIT:
just in case do this as well
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT


Hi,

no use. please have a look at below explanation:

Setup:


LAN-------SW-------------[eth0 linux box with redhat 9.0 eth1]--------client pc

Eth0: 192.168.10.40 with 192.165.10.0 network
Router/GW: 192.168.10.1

Eth1: 192.168.20.1 with 192.168.20.0 network

Client PC: 192.168.20.25 with gateway:192.168.20.1


I want to route any type of traffic between eth0 and eth1.

Here is “route” command output:

192.168.20.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 l0

and

I have enabled IP-forwarding using
< echo "1" > /proc/sys/net/ipv4/ip_forward >

And FORWARD_IPV4=yes in sysctl.conf file.


With the above basic setup, I am able to ping

Ø client PC to eth1, eth0
Ø LAN PC to eth0 only

With the following implementation:

iptables –t nat -A POSTROUTING –o eth0 –j MASQUERADE

I am able to ping:

Ø client PC to eth1, eth0 and LAN PCs
Ø LAN PC to eth0 only

I am not able to ping either eth1 or client PC from LAN PCs. Why?

-Thanks,
Thiru

OMFG, i already told, do _not_ use nat (read: masquerading) if you want to be able to ping "behind" the router from your lan. Go google for masquerade or nat, figure out what it is (i'm not going to explain it to you, it is simple though). And the reasoning will be obvious

EDIT:
btw you also need to set the route on the pc's in the lan (or a router that they use by default) to use your router to get the the client pc.. that is why the first configuration can't ping the client