Hello, I have a routing configuration that I've been working on and seems to be working well for me. I'd like to ask for some peer review. If your interested and can take a moment to consider this I could use some advice on if this correct. I'm still very much learning, sorry if this email is off topic or too long or anything. I want to route a wireless network through my Linux box and out a Broadband gateway. The wireless network is 192.168.3.0/24 The Linux machine has eth0 for the wireless network and eth1 for the Broadband gateway. Here is a text diagram: http://www.informationobject.com/iproute/c_schema.txt Thus a PC can be added to the wireless work and set it's default gateway to 192.168.3.10. I have two scripts to configure the Linux machine to forward/route traffic from eth0 to eth1 and out the Broadband gateway. One script for route config. and one script for firewall/iptables config. They are listed here and also at: http://www.informationobject.com/iproute/a_route.txt http://www.informationobject.com/iproute/b_firewall.txt Would you say this is the correct way to go about doing this routing configuration? Thank you. echo "Route Setup" echo "Flushing NICs" ip addr flush eth0 ip addr flush eth1 ip link set eth0 down ip link set eth1 down ip link set eth0 up ip link set eth1 up echo "Routing Tables:" cat /etc/iproute2/rt_tables ### example rt_tables ### ## reserved values ## #255 local #254 main #253 default #0 unspec ## ## local ## ##1 inr.ruhep #200 wireless #201 internet ### example end ### echo "Setup NIC 0" ip addr add 192.168.3.10/24 dev eth0 brd + echo "Setup NIC 1" ip addr add 192.168.1.1/24 dev eth1 brd + echo "Setup Default Route [ internet table ]" ip route add default via 192.168.1.254 proto static table internet echo "Setup LAN Route [ wireless table ]" ip route add 192.168.3/24 via 192.168.3.10 proto static table wireless echo "Setup Internet ip rule" ip rule add to 0/0 prio 17000 table internet echo "Setup LAN ip rule" ip rule add to 192.168.3/24 prio 16000 table wireless echo "Flushing ip route cache" ip route flush cache echo "Firewall Setup" ################################################################################ # Enable forwarding echo "Enable Kernel Forwarding" echo 1 > /proc/sys/net/ipv4/ip_forward ################################################################################ echo -n "reset " for chain in INPUT FORWARD OUTPUT ; do iptables --policy $chain DROP done for table in filter nat mangle ; do iptables --table $table --flush iptables --table $table --delete-chain done modprobe ip_nat_ftp ################################################################################ echo -n "INPUT " # accept everything from wireless iptables -A INPUT -i eth0 -s 192.168.3.0/24 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth1 -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ################################################################################ echo -n "FORWARD " iptables -A FORWARD -i eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ################################################################################ echo -n "OUTPUT " # allows unrestricted output from this machine iptables -A OUTPUT -o lo -j ACCEPT iptables -A OUTPUT -o eth0 -j ACCEPT iptables -A OUTPUT -o eth1 -j ACCEPT ################################################################################ echo done. Kind regards, Rudi. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
