Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Route, Route problems
soldier
post Jan 24 2006, 10:30 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 24-January 06
Member No.: 5,999



Let me explain what is my problem exactly. I`m using Slackware 10.0 and I have this network


internet |--eth1: 192.168.0.0/24
eth0: 192.168.1.0/24-| local
|--eth2: 10.10.0.0/24

This which I want to do is:
1) The two internel networks (eth1 and eth2) to connect to the INTERNET with VPN server (the VPN server is on the eth0 adapter).

2) The network eth1 to see eth2 (because eth2 is a local cabel operator with free servers and etc.), and I want my local users from eth1 to use the resources of eth2, but network eth2 must not see my users on eth1

Can somebody explain this to me how can i make it smile.gif
Go to the top of the page
 
+Quote Post
Robert83
post Jan 27 2006, 08:30 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

CODE
###########################
# DEFAULT RULES / DROP EVERYTHING
###########################

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

############################
# FORWARD RULES
############################

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT

# DROP ALL FROM ETH2 to ETH1

iptables -A FORWARD -i eth2 -o eth1 -j DROP

# IDENT REJECT
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 113 -j REJECT --reject-with tcp-reset

############################
# INPUT RULES
############################

iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# IDENT REJECT
iptables -A INPUT -i eth0 -p tcp --dport 113 -j REJECT --reject-with tcp-reset

# ECHO ICMP PING ALLOW
iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

##############################
# POSTROUTING
##############################

iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xxx.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -s 10.10.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xxx.xxx.xxx.xxx


xxx.xxx.xxx.xxx ip address assigned to eth0

I do make mistakes smile.gif

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Jan 27 2006, 08:32 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

also you might wanna consider

putting this into /etc/rc.d/rc.local

echo "1" > /proc/sys/net/ipv4/ip_forward


and get youreself to read a few of em pages at tldp.org ok? smile.gif

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th October 2017 - 12:46 AM