I am doing some call admission control work and want to make a basic router using a linux machine. I had it working last year but am running into some niggling hassles this time round.
What I have is two isolated subnets 10.129.2.0/24 and 10.129.3.0/24 and a Linux machine with two NICs - 10.129.2.1 and 10.129.3.1. I have 2 machines 10.129.2.2 and 10.129.3.2 that I want to communicate via the router. I plan to use iptables to set my rules etc. But here is my first problem:
I set both client machines addresses to 10.129.2.2 and 10.129.3.2 and I connect via cross over cables through the router (with its IP addresses set). the routing table of the router is default
Now what I imagined is that I would not be able to ping through the router until I had specified iptable rules allowing this (i.e. by default all packets are blocked) but the second I enable IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) I can ping through the router even though the iptables are empty.
This is a problem for me as I want to allow only certain flows - any ideas why all packets are by default forwarded when I enable IP forwarding? I could've sworn that this approach worked last year.
I'm using ubuntu feisty fawn 2.6.20-16-386 and my iptables version is 1.3.6
Any help would be much appreciated.