Find the answer to your Linux question:
Results 1 to 3 of 3
Hi all, I am doing some call admission control work and want to make a basic router using a linux machine. I had it working last year but am running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 08-31-2007 #1
    richgood2005
    richgood2005 is offline
    Just Joined!
    Join Date
    Apr 2006
    Posts
    6

    Linux Software router

    Hi all,

    I am doing some call admission control work and want to make a basic router using a linux machine. I had it working last year but am running into some niggling hassles this time round.

    What I have is two isolated subnets 10.129.2.0/24 and 10.129.3.0/24 and a Linux machine with two NICs - 10.129.2.1 and 10.129.3.1. I have 2 machines 10.129.2.2 and 10.129.3.2 that I want to communicate via the router. I plan to use iptables to set my rules etc. But here is my first problem:

    I set both client machines addresses to 10.129.2.2 and 10.129.3.2 and I connect via cross over cables through the router (with its IP addresses set). the routing table of the router is default

    i.e.
    Destination
    10.129.3.0 *
    10.129.2.0 *

    Now what I imagined is that I would not be able to ping through the router until I had specified iptable rules allowing this (i.e. by default all packets are blocked) but the second I enable IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) I can ping through the router even though the iptables are empty.

    This is a problem for me as I want to allow only certain flows - any ideas why all packets are by default forwarded when I enable IP forwarding? I could've sworn that this approach worked last year.

    I'm using ubuntu feisty fawn 2.6.20-16-386 and my iptables version is 1.3.6

    Any help would be much appreciated.

    thanks,
    richard
    Reply With Quote Reply With Quote
  2. 08-31-2007 #2
    cyberinstru
    cyberinstru is offline
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    To enable routing, simply enabling ip_forward (with policies of all iptable chains set as ACCEPT) is enuf.

    with iptables, you can control NATting, and access control.
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------
    Reply With Quote Reply With Quote
  3. 08-31-2007 #3
    anomie
    anomie is offline
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by richgood2005
    Now what I imagined is that I would not be able to ping through the router until I had specified iptable rules allowing this (i.e. by default all packets are blocked) but the second I enable IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) I can ping through the router even though the iptables are empty.

    This is a problem for me as I want to allow only certain flows...
    Not a direct answer to your question, but if you have some flexibility in how to set this up you might check out IPCop.

    IPCop.org :: The bad packets stop here!

    This may be solvable with IPCop + some port forwarding rules.

    If no flexibility, you can add the filtering rules yourself via iptables.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules