Lot of new things for me :) On Fri, 2 Jul 2004 09:52:41 +0100, Antony Stone <antony@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Friday 02 July 2004 6:35 am, Askar Ali Khan wrote: > > > Im learning lot of new things here specially from Mr. Antony Stone he > > is master :) > > Please - I do not necessarily know more than other people who are here - I > just happen to answer more of the questions, and possibly answer them a > little sooner than others. > Ofcourse your contribution to this mailing list is greattt, no one but your there with solution to lot of ours problem :) heh i don't wana make your fly with all this sorta praises ;) /anthony blueshes ;) > > Alright here with another very beginner question :) > > my linux box is part of LAN where net is connected via windowz system. > > my linux box uses windows box as gateway to Internet. > > Sounds like the wrong way round to me - what protects (firewalls) your Windows > machine from all the bad stuff out there on the Internet? security is not a concern here to me, but windowz working fine with my dialup modem. > > > There is another windowz client (1) now I want to make my this linux > > box "gateway/firewall" for that window client. > > > > first thing I did to enbble forwarding on my linux box with.. > > net.ipv4.ip_forward = 1 > > > > my only interface on this linux box is eth0 i also created another > > vitual interface eth0:1, now i want to accept LAN tarffic from windows > > client on eth0 and forward it "outbound" on eth0:1 > > howto? :) > > So, you have a Linux machine with only one interface, and you want to make it > a router for a machine on your network, with its upstream gateway being > another machine on the same network? > > This sounds like a horribly complicated routing setup to me (this *is* a > routing question, by the way - not a netfilter question), and I really > wouldn't advise doing it. > > From a security point of view, if you do not physically separate two networks > by plugging them into different network cards on a router (firewall), then > the security can be so easily bypassed that it is pointless. > > From a network management point of view, trying to route packets between > different machines, all on the same physical LAN (and, I suspect, also all on > the same logical subnet), is a very difficult thing to make work (and in my > opinion not something you should even try to make work). > > However, to answer your netfilter-specific questions, and educate you about > virtual interfaces: > > > I will appreciate if someone teach me for both cases > > 1) to use the interface etho0 to foward packets > > 2) also to use the other virtual interface eth0:1 for fowarding > > > > It means I need to separate scripts one for eth0 and another for eth0:1 > > Routing is a separate matter from netfilter - you have to get the routing > working first, and then you can use netfilter to block certain packets so > that they don't get routed. > > Secondly, netfilter doesn't allow things like eth0:1 (it won't accept the > colon), so all you do is use the normal interface name (eth0). It's the heh yeah that why iptables aways complains whanever i include eth0:1 in a rule, okay i get rid of this virtual interface :) > asme physical interface anyway, and this will do what you want - you can use > -i eth0 and -o eth0 to match packets coming in or going out on eth0:1 > > If you *really* want some help getting that weird setup your described earlier > working, you'll need to provide a network diagram with some IP addresses, and > a clear description of what you want routed where and how you think replies > should get routes back again. > > I really do not advise it though :) hmm I dunoo how to create diagram, however im trying to give you and idea, 1) windows machine IP 192168.0.1 (connected to Internet dialup modem) ------>A 2)linux machine IP 192.168.0.2---->B 3)Another windows machine 192.168.0.3----->C its a very simple LAN :) what i want to do is instead of traffic for Internet goes from C------->A, A--------->C its travel from C----->B------->A, A---->B----->C that only C uses the linux box as router/firewall, all the traffic from C first travel to B and then to A . :) Regards Askar > > Regards, > > Antony. > > -- > Having been asked for a reference for this man, > I can confirm that you will be very lucky indeed if you can get him to work > for you. > > Please reply to the list; > please don't CC me. > >
