Hi, it seems it is a simple task, but can't get it going.
I want have a couple of private machines accessing a public one (and other way around) through a router/gateway
At the moment I do not care about ports (one to one is enough for me), just try to get a ping through in both directions including a change of source and destination ip
The default gateways address of the public machine I did set to OUTIP respectively INIP for internal machine.
Here is my setup:
echo #rc.my.iptables
####network######
#given IP (not yet DHCP)
PUP_IP="192.168.10.99"
#internal devices (might be a range)
NET_IP1="192.168.9.1"
####router#######
OUT_INFC="eth0"
IN_INFC="eth2"
INIP="192.168.9.200"
OUTIP="192.168.10.200"
### iptables #####
##for incoming from puplic ###
iptables -t nat -A PREROUTING -i $IN_INFC -s $PUP_IP -d $INIP -j DNAT --to $NET_IP1
iptables -t filter -A FORWARD -s $PUP_IP -d $NET_IP1 -j ACCEPT
###return way ###
iptables -t nat -A POSTROUTING -d $PUP_IP -s $NET_IP1 -j SNAT --to $INIP
#(have tried without next line)
iptables -t filter -A FORWARD -s $NET_IP1 -d $PUP_IP -j ACCEPT
## keep things going, (have tried without)###
iptables -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
It does not work in any direction. I am wondering it may have something to do with my route settings:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.10.1 255.255.255.0 UG 0 0 0 eth0
default 192.168.9.1 255.255.255.0 UG 0 0 0 eth2
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.9.0 * 255.255.255.0 U 0 0 0 eth2
default 127.0.0.0 0.0.0.0 UG 0 0 0 lo
Cheers
Klaus
_______________________________________________________________________
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220
I want have a couple of private machines accessing a public one (and other way around) through a router/gateway
At the moment I do not care about ports (one to one is enough for me), just try to get a ping through in both directions including a change of source and destination ip
The default gateways address of the public machine I did set to OUTIP respectively INIP for internal machine.
Here is my setup:
echo #rc.my.iptables
####network######
#given IP (not yet DHCP)
PUP_IP="192.168.10.99"
#internal devices (might be a range)
NET_IP1="192.168.9.1"
####router#######
OUT_INFC="eth0"
IN_INFC="eth2"
INIP="192.168.9.200"
OUTIP="192.168.10.200"
### iptables #####
##for incoming from puplic ###
iptables -t nat -A PREROUTING -i $IN_INFC -s $PUP_IP -d $INIP -j DNAT --to $NET_IP1
iptables -t filter -A FORWARD -s $PUP_IP -d $NET_IP1 -j ACCEPT
###return way ###
iptables -t nat -A POSTROUTING -d $PUP_IP -s $NET_IP1 -j SNAT --to $INIP
#(have tried without next line)
iptables -t filter -A FORWARD -s $NET_IP1 -d $PUP_IP -j ACCEPT
## keep things going, (have tried without)###
iptables -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
It does not work in any direction. I am wondering it may have something to do with my route settings:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.10.1 255.255.255.0 UG 0 0 0 eth0
default 192.168.9.1 255.255.255.0 UG 0 0 0 eth2
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.9.0 * 255.255.255.0 U 0 0 0 eth2
default 127.0.0.0 0.0.0.0 UG 0 0 0 lo
Cheers
Klaus
_______________________________________________________________________
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220