Re: iptables routing help

William Knop <w_knop@xxxxxxxxxxx> · Sun, 25 Jan 2004 00:31:02 -0500

<x-tad-bigger>Say I want to transfer a file from one computer to another in my house. Since they are on different subnets, the data is routed out my modem to the gateway at my isp, and then back in my modem and to the other computer in my house. Ideally (in any reasonable setup), the data should not leave the house and flood my dsl modem with local traffic.

So, I want to grab packets destined for the gateway (via a firewall/iptables), check if the packet is destined for one of the three local subnets, and make the packet go directly to it's destination. I'm not sure if this has to do with ethernet frames, tcp/ip, or arp or something like that, but I've tried lots of things with minimal success.

</x-tad-bigger>

<x-tad-bigger>im not shure if i can understand the schema, could be more specific?

thanks

----- Original Message ----- 

From: "William Knop" <</x-tad-bigger><x-tad-bigger>w_knop@xxxxxxxxxxx</x-tad-bigger><x-tad-bigger>>

To: <</x-tad-bigger><x-tad-bigger>netfilter@xxxxxxxxxxxxxxxxxxx</x-tad-bigger><x-tad-bigger>>

Sent: Saturday, January 24, 2004 6:25 PM

Subject: iptables routing help

></x-tad-bigger><x-tad-bigger> Hello,

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> My dsl provider has my house on several subnets (ips obtained via dhcp, 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> along with a netmask of 255.255.255.0), so I have had to screw around 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> with each machine to make sure local traffic doesn't flood the dsl 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> modem. To remedy this, I've been trying to set up a firewall box to 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> basically reroute those three subnets as local, but I'm finding it very 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> difficult. It seems like every doc out there only addresses nat, which 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> is definitely not what we want. I'd greatly appreciate some help 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> accomplishing this.

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> Thanks much,

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> William

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> 

</x-tad-bigger><x-tad-bigger>></x-tad-bigger><x-tad-bigger> 

</x-tad-bigger>
<x-tad-bigger>

</x-tad-bigger>