[WBEL-users] iptables

Jean LEE jean_lee_3@hotmail.com
Fri, 17 Sep 2004 09:54:03 +0200 

Try to modify your iptables rules in order to obtain the following (type
iptables -L -v -n to obtain all the information)

 [root@lw01 root]# iptables -L
 Chain INPUT (policy ACCEPT)
 target             prot opt       in        out        source
destination
ACCEPT       all     --        eth0    *           192.168.0.0/24
0.0.0.0/0 (or perhaps eth0 ipadress)
ACCEPT       all     --        eth1    *           192.168.5.0/24
0.0.0.0/0 (or perhaps eth1 ipadress)

 Chain FORWARD (policy ACCEPT)
 target             prot   opt     in       out       source
destination
 ACCEPT       all      --      eth0    eth1    192.168.0.0/24
192.168.5.0/24
 ACCEPT       all      --      eth1    eth0    192.168.5.0/24
192.168.0.0/24


 Chain OUTPUT (policy ACCEPT)
target            prot   opt       in        out            source
destination
ACCEPT       all     --        *        eth0           192.168.0.0/24 (or
perhaps eth0 ipadress)   192.168.0.0/24
ACCEPT       all     --        *        eth1           192.168.5.0/24 (or
perhaps eth0 ipadress)  192.168.5.0/24

I think it should work but it's not the only solution. You can customize the
source and destination ipadresses to meet your needs. As a general rule, you
have to accept incoming and outcoming packets on a network card and not only
do the forwarding.

Hope this helps,

Jean


----- Original Message ----- 
From: "Nayana Hettiarachchi" <nayanah@gmail.com>
To: <whitebox-users@beau.org>
Sent: Friday, September 17, 2004 6:24 AM
Subject: [WBEL-users] iptables


> Hey guys,
>
> i am just playing around with a box with 2 NICs and trying to setup a
router
>
> eth0 on 192.168.0.0/24 and eth1 on 192.168.5.0/24
>
> i setup Ipforwarding and setup a chain in iptables to forward to both
sides,
>
>
> [root@lw01 root]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  192.168.0.0/24       192.168.5.0/24
> ACCEPT     all  --  192.168.5.0/24       192.168.0.0/24
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> i am trying to ping from 192.168.0.2 to 192.168.5.201 and i am not
> getting a ping reply,
>
> when i do a tcpdump on the router box i can see the requests being
forwarded
>
> [root@lw01 root]# tcpdump
> tcpdump: listening on eth0
> 20:21:02.407612 192.168.0.2 > 192.168.5.201: icmp: echo request
> 20:21:07.413741 192.168.0.2 > 192.168.5.201: icmp: echo request
>
>
> and if i do a tcpdump on 5.201 i see the requests comming and a reply
> is being sent, but i dont see that reply on the router any idea ?
>
> Thanks in advance
>
> Nayana
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users
>