|
|
|
|
|
|
| Author |
Message |
JKB
*nix forums beginner
Joined: 26 Apr 2005
Posts: 45
|
 Posted: Tue Feb 15, 2005 2:52 pm Post subject:
Two routers, one LAN...
|
|
|
Hello,
I'm trying to add a DSL line on my server.
DSL---ROUTER0---eth2 (192.168.1.1) thibon
DSL---ROUTER1---eth0 (192.168.254.1) kant
ethernet--------eth1 (192.168.0.128) bergson
All services have to be routed by eth0 (http, https, smtp, pop3s,
imaps...) except the source ports 3000 and 3001 when they come
from 192.168.0.130.
When the destination ports are 3000 or 3001 and come from eth2, I
want to forward them at 192.168.0.130.
My configuration is :
Destination Gateway Genmask Flags Metric Ref Use
Iface
wan0 * 255.255.255.0 U 0 0 0 eth2
localnet * 255.255.255.0 U 0 0 0 eth1
wan1 * 255.255.255.0 U 0 0 0 eth0
default 192.168.254.254 0.0.0.0 UG 0 0 0 eth0
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere thibon tcp dpt:3000 to:192.168.0.130
DNAT tcp -- anywhere thibon tcp dpt:3001 to:192.168.0.130
DNAT tcp -- anywhere kant tcp dpt:8000 to:192.168.0.130:8080
DNAT tcp -- alain.astelys.fr anywhere tcp spt:3000 to:192.168.1.254
DNAT tcp -- alain.astelys.fr anywhere tcp spt:3001 to:192.168.1.254
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere (eth0)
MASQUERADE all -- localnet/24 anywhere (eth2)
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
kant:8000 is forwarded on 192.168.0.130:8080 without any trouble.
When I try to initialize a connection to thibon:3000, I can see a
paquet on eth2, but no one on the lan. My server does not forward
this paquet. Why ?
For information, this is my /var/lib/iptables/active :
# Generated by iptables-save v1.2.11 on Mon Feb 14 14:58:07 2005
*mangle
:PREROUTING ACCEPT [7625:1093924]
:INPUT ACCEPT [5993:588052]
:FORWARD ACCEPT [1574:494364]
:OUTPUT ACCEPT [5296:1335062]
:POSTROUTING ACCEPT [6880:1831901]
COMMIT
# Completed on Mon Feb 14 14:58:07 2005
# Generated by iptables-save v1.2.11 on Mon Feb 14 14:58:07 2005
*filter
:INPUT ACCEPT [9878:939309]
:FORWARD ACCEPT [3392:887746]
:OUTPUT ACCEPT [8879:2794234]
COMMIT
# Completed on Mon Feb 14 14:58:07 2005
# Generated by iptables-save v1.2.11 on Mon Feb 14 14:58:07 2005
*nat
:PREROUTING ACCEPT [333:47996]
:POSTROUTING ACCEPT [195:17389]
:OUTPUT ACCEPT [195:17389]
[15:900] -A PREROUTING -d 192.168.1.1 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 192.168.0.130
[0:0] -A PREROUTING -d 192.168.1.1 -p tcp -m tcp --dport 3001 -j DNAT --to-destination 192.168.0.130
[0:0] -A PREROUTING -d 192.168.254.1 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.130:8080
[0:0] -A PREROUTING -s 192.168.0.130 -p tcp -m tcp --sport 3000 -j DNAT --to-destination 192.168.1.254
[0:0] -A PREROUTING -s 192.168.0.130 -p tcp -m tcp --sport 3001 -j DNAT --to-destination 192.168.1.254
[18:1423] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
[18:1423] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth2 -j
MASQUERADE
COMMIT
# Completed on Mon Feb 14 14:58:07 2005
Thanx in advance,
JKB |
|
| Back to top |
|
 |
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Jan 09, 2009 12:56 am | All times are GMT
|
|
Loans | Live mortgage rates | Debt Consolidation | Remortgages | Brazilian Property
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
networking
