Find the answer to your Linux question:
Results 1 to 4 of 4
Dear user , I must solve a routing problem of my linux firewall . The problem appear without any particular configuration (like drop reject etc ...) My configuration is : ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2009
    Posts
    7

    iptables firewall and routing problem


    Dear user ,

    I must solve a routing problem of my linux firewall .

    The problem appear without any particular configuration (like drop reject etc ...)

    My configuration is : :

    Firewall :
    Internal Interface : 192.168.0.1
    External Interface : 10.10.10.1

    PC1 :
    Ethernet Interface : 192.168.0.2
    Gateway : 192.168.0.1 (firewall)

    PC2:
    Ethernet Interface : 10.10.10.2
    Gateway : 10.10.10.1 (firewall)

    I can ping the external and intenal interface of firewall from PC1 without any problem .

    But I cant ping other pc's on the subnet 10.10.10.* .

    I can solve it by using a masquerading , but in this mode when I connect from PC1 (192.168.0.2) to PC2 (10.10.10.2) the connection appear from firewall ip 10.10.10.1 and not from original PC1 ip 192.168.0.2 .

    How I can solve it and enable connection from my pc1 to pc2 "trasparently" ?.


    Example scenario :

    [pc1] 192.168.0.2 --> 192.169.0.1 [firewall] 10.10.10.1 -> [pc2] 10.10.10.2

    [pc2] connection from 192.168.0.2 (and not from 10.10.10.1)


    thanks

  2. #2
    Linux Newbie Ziplock's Avatar
    Join Date
    Jan 2009
    Location
    Adelaide
    Posts
    169
    Hi there, sounds like you don't have routing/forwarding working on the router properly. Your firewall on the router needs to (1) allow the ICMP (ping) traffic through the firewall, and (2) needs to allow the traffic to be forwarded.

    Sounds like a routing issue to me. What software is running on your firewall device?

  3. #3
    Just Joined!
    Join Date
    Mar 2009
    Posts
    7
    It's a Linux (CentOS) firewall .
    /proc/sys/net/ipv4/ip_forward is set to 1 .
    For testing , iptables is stopped (I dont know what rules I need) .

    From PC1 I can ping 192.168.0.1 (FW eth0) and 10.10.10.1 (FW eth1) , but I cant ping 10.10.10.2 (PC2) .

    If I configure iptables on FW for masquerade I can connect from PC1 to PC2 , but the connection appear from FW ip (10.10.10.1) and not from PC1 ip (192.168.0.2) .

    I need that :

    [pc1] 192.168.0.2 --> 192.169.0.1 [firewall] 10.10.10.1 -> [pc2] 10.10.10.2

    [pc2] connection from 192.168.0.2 (and not from 10.10.10.1)

    But I dont know how to setup it .

  4. #4
    Linux Newbie Ziplock's Avatar
    Join Date
    Jan 2009
    Location
    Adelaide
    Posts
    169
    Right, you need to at least forward traffic through the firewall.

    iptables -A FORWARD -j ACCEPT

    will test if you are forwarding traffic correctly. This is of course not secure, but should allow you to test forwarding between the networks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •