• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Making NAT with iptables

hi guys,

   I have two networks:

    Net 1) X.B.X.0/24
    Net 2) X.C.E.0/22
 
   and one linux computer that I want to use iptables to make computers on Net 1 and Net 2 view each others.

   My linux computer has two interfaces:
 
   if 1) eth1  address X.B.X.45
   if 2) eth0 address X.D.E.70 (connected thru router to Net 2).

    For example I need that the computer X.B.X.110 (Net 1) make an ftp connection with computer X.C.E.5 (Net 2).
    Or computer X.C.E.5 make an ssh conection with computern X.B.X.110.

All computers are linux.

Any help will be very appreciated.

Thanks,




 

0
alester
Asked:
alester
  • 5
  • 5
1 Solution
 
wesly_chenCommented:
Hi,

   It seems that all you need is the routing fuction on that Linux box.
   What Linux do you use on that router box?

You need to do
echo "1" > /proc/sys/net/ipv4/ip_forward
to enable the ip forwarding feature.
0
 
rindiCommented:
Download and use shorewall (http://shorewall.sourceforge.net) to configure your iptables setup. It is much simpler than directly configuring iptables. All necessary documentation is on the homepage and the download also includes some example files. Depending on your distribution you might also have a shorewall already prepared for that OS, so check your software installation tool.
0
 
wesly_chenCommented:
From alester's description, I don't see the need for iptables or firewall.
All I see the need is the router function.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
alesterAuthor Commented:
Wesly chen,

  Yes I do know that I need to enable forward, and I already did that.
 
Rindi,

    I realy don´t want to use an interface (shorewall) to do that, just iptables if it is possible.

Wesly chen,

    I think that even enabling the forward function I´ll need some rule to do the routing. Is that right or not?

0
 
wesly_chenCommented:
Which Linux do you have?
RedHat need to have "routed" running to do it.
0
 
alesterAuthor Commented:
Debian 3.1 (sarge) - kernel 2.6
0
 
wesly_chenCommented:
1. Make sure you have routing daemon quagga running.
http://packages.debian.org/testing/net/quagga
or
apt-get --reinstall install quagga quagga-doc

For more details, please check
http://www.ro.quagga.net/docs/docs-info.php

2. Edit /etc/network/options
ip_forward=yes
0
 
alesterAuthor Commented:
wesly_chen,

   Ok, quagga is installed. What I have to do now?
   And, there is a way to do that with iptables?
0
 
alesterAuthor Commented:
wesly_chen,

   With this program is possible to make on computer send commands (like http request, ssh request, etc) needed by other computer. ie:
                         
The computer X.B.X.110 (pc A) needs to make an http request , but it can do directly to computer X.C.F.251 (pc C), then the computer X.C.E.5 (pc B) make the request to X.C.F.2151 and forward the response to X.B.X.110.

Is that possible with quagga?
0
 
alesterAuthor Commented:
wesly_chen
 
    I forgot to say, X.C.F.251 must not know that the request came from X.B.X.110, it must think that the request came from X.C.E.5.

Thanks,
0
 
wesly_chenCommented:
Could you post the routing table on Debian box?
netstat -nr
ifconfig -a

Also, please set the default gateway of PCs in
Net 1  to IP address of Debian NIC address on Net1 (X.B.X.45)
Net2   to IP address of Debian NIC address on Net2 (X.D.E.70)

Then PC in Net1 can ping PC in Net2 since your Debian has the IP forwarding  and router daemon on.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now