How forward packets from network interface to another
You'll need some sort of masquerading statement. The reason behind this is that, currently, packets arriving from eth2 to eth1 are identified by 10.101.0.0/16 addresses. Those 10.101.0.0/16 packets then attempt to traverse the network via eth1 (192.168.3.0/24). This fails because those packets haven't yet been masqueraded as packets from 192.168.3.1.
A little script like this below should help. Modify as necessary:
#! /bin/bash IPTABLES=/sbin/iptables WANIF='eth1' LANIF='eth2' # enable ip forwarding in the kernel echo 'Enabling Kernel IP forwarding...' /bin/echo 1 > /proc/sys/net/ipv4/ip_forward # flush rules and delete chains echo 'Flushing rules and deleting existing chains...' $IPTABLES -F $IPTABLES -X # enable masquerading to allow LAN internet access echo 'Enabling IP Masquerading and other rules...' $IPTABLES -t nat -A POSTROUTING -o $LANIF -j MASQUERADE $IPTABLES -A FORWARD -i $LANIF -o $WANIF -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $WANIF -o $LANIF -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $WANIF -j MASQUERADE $IPTABLES -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $LANIF -o $WANIF -j ACCEPT echo 'Done.'
Related videos on Youtube
Ghilander
Updated on September 18, 2022Comments
-
Ghilander over 1 year
My problem is forward packets from eth2 that is my LAN to eth1 that has access to internet, to allow eth2 to access to internet, here my configuration:
auto eth1 iface eth1 inet static address 192.168.3.1 netmask 255.255.255.0 network 192.168.3.0 broadcast 192.168.3.255 gateway 192.168.3.254 auto eth2 iface eth2 inet static address 10.101.26.1 netmask 255.255.0.0 network 10.101.0.0 broadcast 10.101.255.255
iptables configuration:
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
Already uncomment net.ipv4.ip forward=1 in /etc/sysctl.conf and write 1 in /proc/sys/net/ipv4/ip_forward.
If i test with a PC connected on LAN that have as gateway 10.101.26.1 I can't reach internet, so how I can solve this?
Thank you for any help! Regards
-
Ghilander almost 9 years192.168.3.1 can reach internet, I need to forward any packets from 10.101.0.0/16 to 192.168.3.1 and vice versa. How i can create this static rule? I've already tried with this: > route add -net 10.101.0.0 netmask 255.255.0.0 gw 192.168.3.254
-
Ghilander almost 9 yearscan you show me an example please?
-
Larssend almost 9 years@Ghilander: Create a static route that's equivalent to
route add -net 10.101.0.0/16 gw 192.168.3.1
on the router (i.e.192.168.3.254). -
Larssend almost 9 years@Ghilander: Or just use the router's admin page. Consult the user's manual on how to add static routing entry.
-
Ghilander almost 9 yearsI don't understand why this route add -net 10.101.0.0 netmask 255.255.0.0 gw 192.168.3.254 didn't work!
-
Larssend almost 9 years@Ghilander: Just to be clear, which one is the gateway router (i.e. the router that connects directly to a modem), 192.168.3.1 or 192.168.3.254?
-
Ghilander almost 9 yearsthe 192.168.3.254
-
Larssend almost 9 years@Ghilander: then read the fourth comment from the top.
-
Ghilander almost 9 yearsOk, but the result is the same, now I can't access ssh to the other PC to test the connection.
-
Larssend almost 9 years@Ghilander is 192.168.3.254 a dedicated router or a general purpose computer?
-
Ghilander almost 9 yearsIs a dedicated router
-
Larssend almost 9 years@Ghilander: do
traceroute 208.67.220.220
andping 208.67.220.220
from a computer on the 10.101.0.0/16 network. What do the outputs say? -
Ghilander almost 9 yearstraceroute: ` 1 192.168.3.254 (192.168.3.254) 0.149 ms 0.361 ms 0.345 ms 2 10.151.158.130 (10.151.158.130) 1.317 ms 1.306 ms 1.292 ms 3 10.3.7.105 (10.3.7.105) 2.010 ms 1.960 ms 1.944 ms 4 10.3.12.161 (10.3.12.161) 2.418 ms 2.650 ms 2.635 ms 5 * * * 6 * * * 7 62-101-124-94.fastres.net (62.101.124.94) 6.813 ms 62-101-124-98.fastres.net (62.101.124.98) 7.308 ms 7.023 ms `
-
DKebler about 4 yearsWith a usb to ethernet adapter on a sbc this made for a simple isolated network I needed inside my LAN. Allows machines therein to access resources on the LAN and even internet. If the WAN is to be internet facing then you should be using a full firewall like firehol. I made a little repo with systemd service file to make this easy to deploy, persist and turn on and off. github.com/dkebler/masquerade