Results 1 to 3 of 3
Hi all, I am doing some call admission control work and want to make a basic router using a linux machine. I had it working last year but am running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-31-2007 #1
- Join Date
- Apr 2006
Linux Software router
I am doing some call admission control work and want to make a basic router using a linux machine. I had it working last year but am running into some niggling hassles this time round.
What I have is two isolated subnets 10.129.2.0/24 and 10.129.3.0/24 and a Linux machine with two NICs - 10.129.2.1 and 10.129.3.1. I have 2 machines 10.129.2.2 and 10.129.3.2 that I want to communicate via the router. I plan to use iptables to set my rules etc. But here is my first problem:
I set both client machines addresses to 10.129.2.2 and 10.129.3.2 and I connect via cross over cables through the router (with its IP addresses set). the routing table of the router is default
Now what I imagined is that I would not be able to ping through the router until I had specified iptable rules allowing this (i.e. by default all packets are blocked) but the second I enable IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) I can ping through the router even though the iptables are empty.
This is a problem for me as I want to allow only certain flows - any ideas why all packets are by default forwarded when I enable IP forwarding? I could've sworn that this approach worked last year.
I'm using ubuntu feisty fawn 2.6.20-16-386 and my iptables version is 1.3.6
Any help would be much appreciated.
- 08-31-2007 #2
To enable routing, simply enabling ip_forward (with policies of all iptable chains set as ACCEPT) is enuf.
with iptables, you can control NATting, and access control.---------------------------------
Registered Linux User #440311
HI2ARUN _AT_ GMAIL _DOT_ COM
- 08-31-2007 #3Originally Posted by richgood2005
IPCop.org :: The bad packets stop here!
This may be solvable with IPCop + some port forwarding rules.
If no flexibility, you can add the filtering rules yourself via iptables.