iptables forwarding vs ip route...

[Keeper75]

Well here it goes a noob q:

What is the difference between doing a forwarding with iptables and routing with ip route ?

e.g.: iptables:

• iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
• iptables -A FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT

e.g. iproute:

• ip route add -net 192.168.1.0/24 gw 192.168.2.254
• ip route add -net 192.168.2.0/24 gw 192.168.1.254

Does or does not the above produce the same result? , i mean, if i can "route" with iptables why would i need to use iproute2?

..or is it that what iptables only does is, allow/disallow the forwarding of the route(s) that were previously set on the routing table with ip route?

[zombykillah]

What's the basic difference ...

I would say iptables is a filter or firewall.
iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
Tells that forwards from 192.168.1.0/24 to 192.168.2.0/24 are allowed.
It doesn't tell anything where these network are located.

route tells where a network is located
route add -net 192.168.1.0/24 gw 192.168.2.254
Tells that the network 192.168.1.0/24 can be accessed through the Router/Computer 192.168.2.254

If your computer has two interfaces like:
eth0: 192.168.1.1/24
eth1: 192.168.2.1/24
The iptalbes rule:
iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
will allow traffic from eth0 to eth1 ... if forwarding is global enabled

The other situation is that your computer has one interface:
eth0: 192.168.1.10/24
The command:
ip route add -net 192.168.2.0/24 gw 192.168.1.254
would tell your computer that it can access the network: 192.168.2.0/24 through 192.168.1.254