Find the answer to your Linux question:
Results 1 to 5 of 5
Hello. I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C. The ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 10-15-2013 #1
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3

    iptables FORWARD rule

    Hello.

    I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C.

    The machine A IP is set to 192.168.1.1 and machine C IP is set to 172.16.1.1. On machine B I have one adapter with IP 192.168.1.254 and another adapter with IP 172.16.1.254.

    I've created this rule in machine B (it's working as a router):

    Code:
    iptables -P INPUT DROP

iptables -A INPUT -p icmp -j ACCEPT
    And so, no connections between the machines are made unless the PING that allows the communication between machine A and B.

    Now I want to create a rule in the router that allows the communication of HTTPS between the external network (machine C) and the internal network (machine A)

    I've added this rule in machine B:

    Code:
    iptables -A FORWARD -o p7p1 -p tcp --dport 443 -d 192.168.1.1 -j ACCEPT
    Where p7p1 is the interface on machine B that connects to machine A. I've also tried:

    Code:
    iptables -A FORWARD -i p8p1 -o p7p1 -p tcp --dport 443 -d 192.168.1.1 -j ACCEPT
    Where p8p1 is the interface on machine B that connects to machine C.

    Now, on machine A I do nc -l 443 and on machine C nc 192.168.1.1 443 but I'm getting Ncat: Connection timed out
    Whats wrong with my rule?


    Many thanks,

    favolas
    Reply With Quote Reply With Quote
  2. 10-16-2013 #2
    zbilic
    zbilic is offline
    Just Joined!
    Join Date
    Nov 2011
    Posts
    8

    Routing

    Hi favolas,

    did you setup proper routing on hosts A and C,
    or is it host B default GW for both hosts?
    Reply With Quote Reply With Quote
  3. 10-16-2013 #3
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3
    Hello.

    Thanks for your answer.

    Here is the "router" (machine B) routing table:
    G72XmuP.jpg

    Machine A routing table
    goxI6OY.jpg

    And machine C routing table:
    5PiLq4C.jpg

    Is anything wrong?

    favolas
    Reply With Quote Reply With Quote
  4. 10-17-2013 #4
    zbilic
    zbilic is offline
    Just Joined!
    Join Date
    Nov 2011
    Posts
    8
    Hi favolas,

    According to Figure for the router "C", you do not have the proper route set for network 192.168.1.0/24.

    GW for network 192.168.1.0/24 is not 172.16.1.1, should be 172.16.1.254.

    Packet from the host "A" will be returned over the default gateway.

    Traffic path you can check with tcpdump on each host (interface).

    Also, I do not know why host "C" has two default gateways.

    Regards
    Reply With Quote Reply With Quote
  5. 10-17-2013 #5
    favolas
    favolas is offline
    Just Joined!
    Join Date
    Oct 2013
    Posts
    3
    Thanks.

    That was the problem..

    Regards
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules