Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

routing and firewall

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users routing and firewall
# 1  
Old 05-21-2009
routing and firewall
I have a PC with KUBUNTU installed on it and with 2NIC's on it (two PCI network 100Mbit cards). I want to use it as a server packet router and firewall between two computers with windows installed on them, each of this computer being connected to one different card on the KUBUNTU server. The computers are connected to the network cards using a switch.
I tried to configure the server to route the packets from one IP address rank to another and with different masks, but I hadn't managed to do this. Instead I did the following:
1. I've set net.ipv4.ip_forward = 1 in sysctl.conf
2. I configured eth0 as follows:
ifconfig eth0 192.168.2.1 netmask 255.255.255.0 up
3. I configured eth1 as follows:
ifconfig eth1 192.168.1.2 netmask 255.255.255.0 up

After this I managed to ping say a computer with Windows with 192.168.1.5 from a computer connected to another card with the IP address 192.168.2.5.

(But initially I wanted to ping say a computer with the IP with 81.180.75.70(mask 255.255.255.192) from a computer with the IP of 192.168.2.5(mask 255.255.255.0) -> I didn't managed to do that)

NEXT, I want to configure the server to act as a firewall. Let say he will allow ping from one PC connected to the server to another one but not viceversa. At the same time I want that ping(or say packets) from the PCs will reach the server and viceversa. (So finally to deny ping from one PC to another, but another will be able to ping the one whose packets will be rejected).

I tried to do something like this:

iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.5 -o eth1 -j REJECT

but this isn't working.
If I do this, on one PC ping will result in Request timed out,
and on another will result in some specific reject message. If I
remove this by typing iptables -F FORWARD, everything goes back
to normal and ping is allowed.

WHAT'S THE PROBLEM? CAN SOMEONE EXPLAIN STEP BY STEP WHAT I NEED TO DO?
THANKS IN ADVANCE TO EVERYONE WHO'LL TRY TO HELP ME!

PLEASE DON'T ASK WHY I NEED THAT AND WHY THIS VERSION OF LINUX(UBUNTU)
BECAUSE THE TASK IS SUPPOSED TO BE RESOLVED WITH THIS CONFIGURATION
AND NO MORE!
# 2  
Old 05-25-2009
The problem is that your rule blocks both the ping request AND ping replies to 192.168.1.5. You might need to use the conntrack module:
Code:
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.5 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.5 -o eth1 -j REJECT

Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

HELP me please. UNIX Routing

Hello everybody, I need help: I have to make routing between two different LAN. I have the IP for first network 81.180.75.70 and the mask is 255.255.255.192 and for the second network: 192.168.1.1 and the mask 255.255.255.0 So, each network has only one PC with windows (this is for test),... (0 Replies)
Discussion started by: meorfi
0 Replies

2. UNIX for Dummies Questions & Answers

Routing tables

Hey guys, I needed to add a route to my routing table and I got it to work but on reboot it gets removed. Anyone know what file I can add this route to so it stays on the machine after a reboot? (9 Replies)
Discussion started by: kingdbag
9 Replies

3. IP Networking

IP Routing

I am using RedHat Linux 9, In this box their are two lan intefaces. eth0 ====> LAN 192.168.100.100 255.255.255.0 eth1 ====> Internet Static IP 255.255.255.0 59.144.168.226 (Gateway) I want to define a gateway 59.144.168.226 for my LAN... (2 Replies)
Discussion started by: jaibw
2 Replies

4. Linux

Routing

Hello Friends I have two network cards eth0 192.168.100.1 eth1 10.0.0.1 There NIC connect with diff. LAN I want to make my Linux machine as a Router, Please tell me using IPTABLES command ROUTE command :) (2 Replies)
Discussion started by: jaibw
2 Replies

5. UNIX for Advanced & Expert Users

routing

Hi, in which file and how shuold be decalred a gateway and its IP adresse ? Where and how add a gateway ? Many thanks before. (4 Replies)
Discussion started by: big123456
4 Replies

6. UNIX for Advanced & Expert Users

Firewall - 2 Internet accesses - routing rules from source

Hello, I would like to modify my firewall configuration for being able to handle 2 internet connections in my Red zone. I would then like to configure some selecting routing rules depending on the internal source. Actual configuration: ===================== 1 router A (ISP)... (1 Reply)
Discussion started by: el70
1 Replies

7. UNIX for Dummies Questions & Answers

routing

Can anyone help with the following; I am working on a unix server (Apple OS X Server). We have two network cards in the server. Both cards are on different subnets i.e en1 is on 192.168.10.10/24 and the built in ethernet is on 10.10.150.10/24. From a computer plugged into en1 (and set to ip... (5 Replies)
Discussion started by: mrthrt
5 Replies

8. IP Networking

Routing

ok i configured my gateway and IP address(es) using ifconfig and route.. but how can i bind unique IPs to users ? (im using FreeBSD 4.2 RELEASE #3) (9 Replies)
Discussion started by: DevilGREEN
9 Replies

9. IP Networking

Routing

I have SCO Unix. I have 2 routers. as it is now, when someone telnets to UNIX and goes through router #1 everything is fine. The users who go through router #2 can not connect at all. I talked to CISCO and they said I need to set up a second Gateway on UNIX. They said what is happening is that... (1 Reply)
Discussion started by: john fli
1 Replies
Login or Register to Ask a Question