What is it you want to achieve? I don't see any firewall configuration at all.... your route is wide open... so to speak. In case you want to enable forwarding from the lan boxes to internet, just enable forward, masquerade output and that's it. Creating two separate routing tables is not a must. Once the network interfaces come up, they set the route.... just make sure the default gateway is set as well. On 9/12/05, Rudi Starcevic <tech@xxxxxxxxxxxx> wrote: > Hi, > > I do something like this with the script below. > > Please let me know if you see a better way to do this > than I am using below. > > Thanks. > Kind regards, > Rudi. > > > #!/bin/sh > > echo "Network Setup Start" > > echo "Flushing NICs" > ip addr flush eth0 > ip addr flush eth1 > > ip link set eth0 down > ip link set eth1 down > > ip link set eth0 up > ip link set eth1 up > > echo "Flushing NetFilter" > iptables -F > iptables -t nat -F > > echo "Routing Tables:" > cat /etc/iproute2/rt_tables > > echo "Setup NIC 0" > ip addr add 192.168.2.7/24 dev eth0 brd + > > echo "Setup NIC 1" > ip addr add 192.168.3.7/24 dev eth1 brd + > > ip addr list > ip route list > > echo "Setup Default Route [ inet table ]" > ip route add default via 192.168.2.1 proto static table inet > > echo "Setup LAN Route [ implan table ]" > ip route add 192.168.3/24 via 192.168.3.7 proto static table implan > > ip route list > > echo "Setup LAN ip rule" > ip rule add to 192.168.3/24 prio 16000 table implan > > echo "Setup Internet ip rule" > ip rule add to 0/0 prio 17000 table inet > > echo "Enable Kernel Forwarding" > echo "1" > /proc/sys/net/ipv4/ip_forward > > echo "Enable NetFilter Forwarding" > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > echo "Flushing ip route cache" > ip route flush cache > > #iptables -vL > #iptables -t nat -vL > > exit 0 > > > >
