nayen99
asked on
Routing multiple networks with iptables
I have my Intranet web (192.168.10.2) server on a 192.168.10.x network. I have a Linux router setup with 2 NIC's and IPTABLES with addresses eth0 192.168.10.1 and eth1 192.168.20.1. I have the router setup where any PC on the 192.168.20.x network can browse to 192.168.20.1 and access my web browser.
My question is....How do I setup another IPTABLES Linux router so that I can connect a third LAN (192.168.30.x) to have access to my web server by routing into the 192.168.20.x LAN? For example, I would setup a Linux router box with 2 NIC's with eth0 192.168.20.2 and eth1 192.168.30.1. I want users on the 192.168.30.x LAN to browse to 192.168.30.1 and get access to my web browser. Any ideas?
My question is....How do I setup another IPTABLES Linux router so that I can connect a third LAN (192.168.30.x) to have access to my web server by routing into the 192.168.20.x LAN? For example, I would setup a Linux router box with 2 NIC's with eth0 192.168.20.2 and eth1 192.168.30.1. I want users on the 192.168.30.x LAN to browse to 192.168.30.1 and get access to my web browser. Any ideas?
Mihai Barbos
Exactly the same way the first router was setup, but you forward 192.168.30.1 to 192.168.20.1 instead of forwarding 192.168.20.1 to 192.168.10.1. Or am I misunderstanding the question ?
One way is to add another rule to your first router that allows 192.168.30.x to browse, and add a rule to router2 to do DNAT on the incoming web requests to forward them on to your web server.
On router1, add:
iptable -t filter -A FORWARD -s 192.168.30.0/24 -d 192.168.10.2 -j ACCEPT
and on router2, add:
iptables -t nat -A PREROUTING -s 192.168.30.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.2
Then clients on 192.168.30.x can browse to 192.168.30.1 and be silently redirected to 192.168.10.2
On router1, add:
iptable -t filter -A FORWARD -s 192.168.30.0/24 -d 192.168.10.2 -j ACCEPT
and on router2, add:
iptables -t nat -A PREROUTING -s 192.168.30.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.2
Then clients on 192.168.30.x can browse to 192.168.30.1 and be silently redirected to 192.168.10.2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops ... correction for rules
Then you add the same IP tables rules
iptables -t nat -A PREROUTING -s 192.168.30.0/24 -d 192.168.30.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.2
iptable -A FORWARD -s 192.168.30.0/24 -d 192.168.10.2 -j ACCEPT
Then you add the same IP tables rules
iptables -t nat -A PREROUTING -s 192.168.30.0/24 -d 192.168.30.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.2
iptable -A FORWARD -s 192.168.30.0/24 -d 192.168.10.2 -j ACCEPT
ASKER
I thought about this problem constantly for the last few days and that is the same solution I came up with. You just confirmed it. I simply need to add another NIC to the first router and use the same basic IPTABLES rules to route into the third network. Thanks.