Help - Search - Members - Calendar
Full Version: Route
Linuxhelp > Support > Technical Support
soldier
Let me explain what is my problem exactly. I`m using Slackware 10.0 and I have this network


internet |--eth1: 192.168.0.0/24
eth0: 192.168.1.0/24-| local
|--eth2: 10.10.0.0/24

This which I want to do is:
1) The two internel networks (eth1 and eth2) to connect to the INTERNET with VPN server (the VPN server is on the eth0 adapter).

2) The network eth1 to see eth2 (because eth2 is a local cabel operator with free servers and etc.), and I want my local users from eth1 to use the resources of eth2, but network eth2 must not see my users on eth1

Can somebody explain this to me how can i make it smile.gif
Robert83
Hi,

CODE
###########################
# DEFAULT RULES / DROP EVERYTHING
###########################

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

############################
# FORWARD RULES
############################

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT

# DROP ALL FROM ETH2 to ETH1

iptables -A FORWARD -i eth2 -o eth1 -j DROP

# IDENT REJECT
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 113 -j REJECT --reject-with tcp-reset

############################
# INPUT RULES
############################

iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# IDENT REJECT
iptables -A INPUT -i eth0 -p tcp --dport 113 -j REJECT --reject-with tcp-reset

# ECHO ICMP PING ALLOW
iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

##############################
# POSTROUTING
##############################

iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xxx.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -s 10.10.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xxx.xxx.xxx.xxx


xxx.xxx.xxx.xxx ip address assigned to eth0

I do make mistakes smile.gif

Sincerely
Robert B
Robert83
Hi,

also you might wanna consider

putting this into /etc/rc.d/rc.local

echo "1" > /proc/sys/net/ipv4/ip_forward


and get youreself to read a few of em pages at tldp.org ok? smile.gif

Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.