|
Hi guys,
I am trying to set up 2 IPtables based
Firewall/NAT with UDP and IPIP forwarding function as listed below:
1) Forward UDP (port 434) package to an internal
host;
2) Forward IPIP package to a host in the same subnet as the Firewall's, where the outer IP head of the IPIP package has a destination to a special IP address. Here is an illustration of the
scenario:
package from
192.168.0.1
to
192.168.0.10 (UDP 434)
|
v
--------------192.168.0.10-----------------
10.3.10.10
| forward to 10.3.10.201
v
--------------10.3.10.201----------------------------------------
10.3.10.13----------------
to 172.3.10.5
(IPIP) 172.3.10.13
from
10.3.10.201
|
|
forward to 172.3.10.5
v
172.3.10.5
(get IPIP package and reply to 192.168.0.1)
The IPIP reply from 172.3.10.5 to 192.168.0.1
needs to be forwarded by 10.3.10.13 to 10.3.10.201.
I used IPtable and Linux 8 on 192.168.0.10 and
10.3.10.13 and encountered both problems:
1) Only one UDP package (the 1st one?) is forwarded to 10.3.10.201, others are dropped. And once a while (every 12 minutes), there is one package forwarded. That's it. 2) I can Ping the 10.3.10.201 in the Firewall's subnet, but IPIP package is not forwarded at all. They are still sent to 192.168.0.1 and dropped... Can any expert give me some idea what may be wrong?
I followed the instruction of the IPtables. But it just doesn't work well.
Please help.
Thanks!
Wey |
