Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 10-15-2013 #1
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3

    iptables FORWARD rule

    Hello.

    I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C.

    The machine A IP is set to 192.168.1.1 and machine C IP is set to 172.16.1.1. On machine B I have one adapter with IP 192.168.1.254 and another adapter with IP 172.16.1.254.

    I've created this rule in machine B (it's working as a router):

    Code:
    iptables -P INPUT DROP

iptables -A INPUT -p icmp -j ACCEPT
    And so, no connections between the machines are made unless the PING that allows the communication between machine A and B.

    Now I want to create a rule in the router that allows the communication of HTTPS between the external network (machine C) and the internal network (machine A)

    I've added this rule in machine B:

    Code:
    iptables -A FORWARD -o p7p1 -p tcp --dport 443 -d 192.168.1.1 -j ACCEPT
    Where p7p1 is the interface on machine B that connects to machine A. I've also tried:

    Code:
    iptables -A FORWARD -i p8p1 -o p7p1 -p tcp --dport 443 -d 192.168.1.1 -j ACCEPT
    Where p8p1 is the interface on machine B that connects to machine C.

    Now, on machine A I do nc -l 443 and on machine C nc 192.168.1.1 443 but I'm getting Ncat: Connection timed out
    Whats wrong with my rule?


    Many thanks,

    favolas
    Reply With Quote Reply With Quote
  2. 10-16-2013 #2
    zbilic
    zbilic is offline
    Just Joined!
    Join Date
    Nov 2011
    Posts
    16

    Routing

    Hi favolas,

    did you setup proper routing on hosts A and C,
    or is it host B default GW for both hosts?
    Reply With Quote Reply With Quote
  3. 10-16-2013 #3
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3
    Hello.

    Thanks for your answer.

    Here is the "router" (machine B) routing table:
    G72XmuP.jpg

    Machine A routing table
    goxI6OY.jpg

    And machine C routing table:
    5PiLq4C.jpg

    Is anything wrong?

    favolas
    Reply With Quote Reply With Quote
    4. $spacer_open
    $spacer_close
  4. 10-17-2013 #4
    zbilic
    zbilic is offline
    Just Joined!
    Join Date
    Nov 2011
    Posts
    16
    Hi favolas,

    According to Figure for the router "C", you do not have the proper route set for network 192.168.1.0/24.

    GW for network 192.168.1.0/24 is not 172.16.1.1, should be 172.16.1.254.

    Packet from the host "A" will be returned over the default gateway.

    Traffic path you can check with tcpdump on each host (interface).

    Also, I do not know why host "C" has two default gateways.

    Regards
    Reply With Quote Reply With Quote
  5. 10-17-2013 #5
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3
    Thanks.

    That was the problem..

    Regards
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules