Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Internet sharing and everything else works on eth1 & eth2
(this is done with a iptable script)
Now I Want the 2 win2k to be connected like if the linux pc hade been a switch (or hub). I can see each win2k computer in the others network workgroup but i cant connect. I cant ping either (192.168.0.10 to 192.168.70, vice versa).
[Old problem was that I couldnt ping (etc.) 192.168.0.70 from linux.]
How does the 'route' result from the Linux machine look like? I guess you need to use a command similar to 'route add -host target interface', but I'd like to be sure.
It is a routing problem - all 192 trafic will be being sent out of eth1. The "route" command will let you see the routing table. You can then use "route add -host 192.168.0.10 dev eth1".
Note: this will be lost on reboot - you may want to put it in a startup script.
Tihs is my firewall script.. should i enter something to allow everything betveen eth1 & eth2 (lan)
Code:
echo -e "\n\nLoading simple rc.firewall...\n"
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
EXTIF="eth0"
INTIF="eth1"
INTIF2="eth2"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " Internal Interface: $INTIF2"
echo -en " loading modules: "
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
echo -en "ip_tables, "
$INSMOD ip_tables
echo -en "ip_conntrack, "
$INSMOD ip_conntrack
echo -en "ip_conntrack_ftp, "
$INSMOD ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
$INSMOD ip_conntrack_irc
echo -en "iptable_nat, "
$INSMOD iptable_nat
echo -en "ip_nat_ftp, "
$INSMOD ip_nat_ftp
echo -e "ip_nat_irc"
$INSMOD ip_nat_irc
echo "----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#-----------------------------------------------------------------
#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#------------------------------------------------------------------
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
#-----------------------------------------------------------------
#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#------------------------------------------------------------------
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#$IPTABLES -t nat -A PREROUTING -p tcp -i eth2 --dport 80 -j DNAT --to-destination 192.168.0.10:80
#$IPTABLES -A FORWARD -i eth2 -p tcp -d 192.168.0.10 --dport 80 -j ACCEPT
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-2.4 v$FWVER done.\n"
Suggestions???
I am a Noob so if u see something in there u feel I should change, dont hesitate. Post!
I would also want to know what im doing wrong, not geting the forwarding of port 80 to my http server (192.168.0.10) (about line 20 from the bottom in the script)
Code:
Here are my route table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.10 * 255.255.255.255 UH 0 0 0 eth2
192.168.0.70 * 255.255.255.255 UH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth2
192.168.0.0 * 255.255.255.0 U 0 0 0 eth2
130.239.145.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 130.239.145.1 0.0.0.0 UG 0 0 0 eth0
In that case use eth0
In the routing table you are saying to access 192.168.0.10 use eth2 but 192.168.0.10 is attached to eth0. You will need to do this for both green NICs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.